发布求助
文献互助 智能选刊 最新文献

Proceedings of the 4th Program Protection and Reverse Engineering Workshop最新文献

筛选
英文 中文
SILK: high level of abstraction leakage simulator for side channel analysis SILK:用于侧通道分析的高抽象泄漏模拟器
Proceedings of the 4th Program Protection and Reverse Engineering Workshop Pub Date : 2014-12-09 DOI: 10.1145/2689702.2689706
Nikita Veshchikov
{"title":"SILK: high level of abstraction leakage simulator for side channel analysis","authors":"Nikita Veshchikov","doi":"10.1145/2689702.2689706","DOIUrl":"https://doi.org/10.1145/2689702.2689706","url":null,"abstract":"This paper proposes a new way of simulating leakage traces using high level of abstraction models and presents a proof of concept implementation simulator called SILK -- a tool for leakage simulation for side channel analysis of microcontrollers and microprocessors. SILK is a high level of abstraction simulator that builds a leakage trace based on a source code of an algorithm and several user-defined parameters. One of the main purposes of SILK is data generation for quick analysis of new attacks, countermeasures or preprocessing methods. SILK might also be used to compare different types of attacks, analysis techniques or software countermeasures. This paper presents general structure and parameters of SILK and a typical example of use case. Our experiments were done with two algorithms that run on a microcontroller in order to compare our simulations with real power traces. We compared simulated traces with real power traces using Dynamic Time Warping technique with two different distance metrics. We also compared our simulations with real power traces using Correlation Power Analysis (CPA). We were also able to show that using a high level of abstraction simulation we are able to produce datasets that might be used for side channel analysis.","PeriodicalId":308663,"journal":{"name":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115865367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Proceedings of the 4th Program Protection and Reverse Engineering Workshop 第四届程序保护与逆向工程研讨会论文集
Proceedings of the 4th Program Protection and Reverse Engineering Workshop Pub Date : 2014-12-09 DOI: 10.1145/2689702
M. Preda, J. McDonald
{"title":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","authors":"M. Preda, J. McDonald","doi":"10.1145/2689702","DOIUrl":"https://doi.org/10.1145/2689702","url":null,"abstract":"","PeriodicalId":308663,"journal":{"name":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134352816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A Framework for Understanding Dynamic Anti-Analysis Defenses 理解动态反分析防御的框架
Proceedings of the 4th Program Protection and Reverse Engineering Workshop Pub Date : 2014-12-09 DOI: 10.1145/2689702.2689704
Jing Qiu, B. Yadegari, Brian Johannesmeyer, S. Debray, Xiaohong Su
{"title":"A Framework for Understanding Dynamic Anti-Analysis Defenses","authors":"Jing Qiu, B. Yadegari, Brian Johannesmeyer, S. Debray, Xiaohong Su","doi":"10.1145/2689702.2689704","DOIUrl":"https://doi.org/10.1145/2689702.2689704","url":null,"abstract":"Malicious code often use a variety of anti-analysis and anti-tampering defenses to hinder analysis. Researchers trying to understand the internal logic of the malware have to penetrate these defenses. Existing research on such anti-analysis defenses tend to study them in isolation, thereby failing to see underlying conceptual similarities between different kinds of anti-analysis defenses. This paper proposes an information-flow-based framework that encompasses a wide variety of anti-analysis defenses. We illustrate the utility of our approach using two different instances of this framework: self-checksumming-based anti-tampering defenses and timing-based emulator detection. Our approach can provide insights into the underlying structure of various anti-analysis defenses and thereby help devise techniques for neutralizing them.","PeriodicalId":308663,"journal":{"name":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128571298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Multi-App Security Analysis with FUSE: Statically Detecting Android App Collusion 基于FUSE的多应用安全分析:静态检测Android应用合谋
Proceedings of the 4th Program Protection and Reverse Engineering Workshop Pub Date : 2014-12-09 DOI: 10.1145/2689702.2689705
Tristan Ravitch, E. Creswick, Aaron Tomb, Adam Foltzer, Trevor Elliott, L. Casburn
{"title":"Multi-App Security Analysis with FUSE: Statically Detecting Android App Collusion","authors":"Tristan Ravitch, E. Creswick, Aaron Tomb, Adam Foltzer, Trevor Elliott, L. Casburn","doi":"10.1145/2689702.2689705","DOIUrl":"https://doi.org/10.1145/2689702.2689705","url":null,"abstract":"Android's popularity has given rise to myriad application analysis techniques to improve the security and robustness of mobile applications, motivated by the evolving adversarial landscape. These techniques have focused on identifying undesirable behaviors in individual applications, either due to malicious intent or programmer error. We present a collection of tools that provide a static information flow analysis across a set of applications, showing a holistic view of all the applications destined for a particular device. The techniques we present include a static binary single-app analysis, a security lint tool to mitigate the limits of static binary analysis, a multi-app information flow analysis, and an evaluation engine to detect information flows that violate specified security policies. We show that our single-app analysis is comparable with the leading approaches on the DroidBench benchmark suite; we present a brief listing of lint-like heuristics used to show the limits of the single-app analysis in the context of an application; we present a multi-app analysis, and demonstrate information flows that cannot be detected by single-app analyses; and we present a policy evaluation engine to automatically detect violations in collections of Android apps.","PeriodicalId":308663,"journal":{"name":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125256322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
Mixed-Mode Malware and Its Analysis 混合模式恶意软件及其分析
Proceedings of the 4th Program Protection and Reverse Engineering Workshop Pub Date : 2014-12-09 DOI: 10.1145/2689702.2689703
Shabnam Aboughadareh, Christoph Csallner, M. Azarmi
{"title":"Mixed-Mode Malware and Its Analysis","authors":"Shabnam Aboughadareh, Christoph Csallner, M. Azarmi","doi":"10.1145/2689702.2689703","DOIUrl":"https://doi.org/10.1145/2689702.2689703","url":null,"abstract":"Mixed-mode malware contains user-mode and kernel-mode components that are interdependent. Such malware exhibits its main malicious payload only after it succeeds at corrupting the OS kernel. Such malware may further actively attack or subvert malware analysis components. Current malware analysis techniques are not effective against mixed-mode malware. To overcome the limitations of current techniques, we present an approach that combines whole-system analysis with outside-the-guest virtual machine introspection. We implement this approach in the SEMU tool for Windows. In our experiments SEMU could successfully analyze several mixed-mode malware samples that evade current analysis approaches. The runtime overhead of SEMU is in line with the most closely related dynamic analysis tools TEMU and Ether.","PeriodicalId":308663,"journal":{"name":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128558932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Intellectual Property Protection in Additive Layer Manufacturing: Requirements for Secure Outsourcing 增材制造中的知识产权保护:安全外包的要求
Proceedings of the 4th Program Protection and Reverse Engineering Workshop Pub Date : 2014-12-09 DOI: 10.1145/2689702.2689709
M. Yampolskiy, T. Andel, J. McDonald, W. Glisson, Alec Yasinsac
{"title":"Intellectual Property Protection in Additive Layer Manufacturing: Requirements for Secure Outsourcing","authors":"M. Yampolskiy, T. Andel, J. McDonald, W. Glisson, Alec Yasinsac","doi":"10.1145/2689702.2689709","DOIUrl":"https://doi.org/10.1145/2689702.2689709","url":null,"abstract":"Additive Layer Manufacturing (ALM) is a new technology to produce 3D objects adding layer by layer. Agencies and companies like NASA, ESA, and SpaceX are exploring a broad range of application areas of ALM, which includes printing of device components, replacement parts, houses, and even food. They expect that this technology will greatly reduce production costs, manufacturing time, and necessary storage space. The broad variety of application areas and the high grade of computerization of this manufacturing process will inevitably make ALM an attractive target of various attacks. This research examines the problem of Intellectual Property (IP) protection in the case of outsourcing the ALM manufacturing process. We discuss the existing process and introduce a new model for the outsourcing of ALM-based production. For the proposed outsourcing model, focusing on IP protection, we present a risk assessment, specify requirements addressing mitigation of the identified risks, and outline approaches to implement the specified requirements. The fulfillment of the specified requirements will enable secure outsourcing of ALM production.","PeriodicalId":308663,"journal":{"name":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122130182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 75
HCODE: Hardware-Enhanced Real-Time CFI HCODE:硬件增强实时CFI
Proceedings of the 4th Program Protection and Reverse Engineering Workshop Pub Date : 2014-12-09 DOI: 10.1145/2689702.2689708
J. Danger, S. Guilley, Thibault Porteboeuf, Florian Praden, Michaël Timbert
{"title":"HCODE: Hardware-Enhanced Real-Time CFI","authors":"J. Danger, S. Guilley, Thibault Porteboeuf, Florian Praden, Michaël Timbert","doi":"10.1145/2689702.2689708","DOIUrl":"https://doi.org/10.1145/2689702.2689708","url":null,"abstract":"Cyber-attacks are widely known to be a major threat on computing devices. Many attacks exploit a latent problem in the host program. This can be a misconfiguration or a real programming error (e.g., lack of user-provided input verification or untested corner cases). Once such a bug is identified, attack programs can be devised, which will for instance install a payload on the victim host. Many features have been developed to protect from these infection vectors. In this paper we present a simple hardware/software solution able to check good execution of one program by checking that each basic block is correctly executed and that the Control Flow Graph (CFG) is respected. We call this control-flow integrity (CFI). We are able to do so in real time without adding new opcodes in the processor, but by modifying slightly the executed code. Moreover, we also aim at verifying that the sequence of instructions is correctly executed within each basic block. In this respect, we implement a hardware module called HCODE, (short for Hashing CODE), into the processor which reads each instruction executed by the processor and computes some signature to check against a genuine copy of precomputed signatures.","PeriodicalId":308663,"journal":{"name":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133439462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Probing the Limits of Virtualized Software Protection 探讨虚拟化软件保护的极限
Proceedings of the 4th Program Protection and Reverse Engineering Workshop Pub Date : 2014-12-09 DOI: 10.1145/2689702.2689707
Joshua Cazalas, J. McDonald, T. Andel, Natalia Stakhanova
{"title":"Probing the Limits of Virtualized Software Protection","authors":"Joshua Cazalas, J. McDonald, T. Andel, Natalia Stakhanova","doi":"10.1145/2689702.2689707","DOIUrl":"https://doi.org/10.1145/2689702.2689707","url":null,"abstract":"Virtualization is becoming a prominent field of research not only in distributed systems, but also in software protection and obfuscation. Software virtualization has given rise to advanced techniques that may provide intellectual property protection and anti-cloning resilience. We present results of an empirical study that answers whether integrity of execution can be preserved for process-level virtualization protection schemes in the face of adversarial analysis. Our particular approach considers exploits that target the virtual execution environment itself and how it interacts with the underlying host operating system and hardware. We give initial results that indicate such protection mechanisms may be vulnerable at the level where the virtualized code interacts with the underlying operating system. The resolution of whether such attacks can undermine security will help create better detection and analysis methods for malware that also employ software virtualization. Our findings help frame research for additional mitigation techniques using hardware-based integration or hybrid virtualization techniques that can better defend legitimate uses of virtualized software protection.","PeriodicalId":308663,"journal":{"name":"Proceedings of the 4th Program Protection and Reverse Engineering Workshop","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126700606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信