发布求助
文献互助 智能选刊 最新文献

Proceedings of the 14th European Workshop on Systems Security最新文献

筛选
英文 中文
Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis 谈论我们这一代人:使用动态数据流分析生成基于dom的XSS漏洞
Proceedings of the 14th European Workshop on Systems Security Pub Date : 2021-04-26 DOI: 10.1145/3447852.3458718
Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns
{"title":"Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis","authors":"Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns","doi":"10.1145/3447852.3458718","DOIUrl":"https://doi.org/10.1145/3447852.3458718","url":null,"abstract":"Since the invention of JavaScript 25 years ago, website functionality has been continuously shifting from the server-side to the client-side. Web browsers have evolved into an application platform, and HTML5 emerged as a first-class environment for building rich cross-platform applications. This additional functionality on the client-side comes with the added risk of new security issues with increasingly severe consequences. In this work, we investigate the prevalence of DOM-based Cross-Site Scripting (DOM-based XSS) in the top 100,000 most popular websites using a novel targeted exploit generation technique based on dynamic data-flow tracking. In total, this work finds 15,710 potentially insecure dataflows where information from the URL is injected into the HTML of the Web page. Using large-scale exploit generation and validation services, 7199 of these flows lead to JavaScript execution, across 711 different domains. This represents a successful exploit rate of 45.82%, improving on previous methods by factors of 1.8 and 1.9 respectively.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134376817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Fine-grained Program Partitioning for Security 细粒度的安全程序分区
Proceedings of the 14th European Workshop on Systems Security Pub Date : 2021-04-26 DOI: 10.1145/3447852.3458717
Zhen Huang, T. Jaeger, Gang Tan
{"title":"Fine-grained Program Partitioning for Security","authors":"Zhen Huang, T. Jaeger, Gang Tan","doi":"10.1145/3447852.3458717","DOIUrl":"https://doi.org/10.1145/3447852.3458717","url":null,"abstract":"Complex software systems are often not designed with the principle of least privilege, which requires each component be given the minimum amount of privileges to function. As a result, software vulnerabilities in less privileged code can lead to privilege escalation, defeating security and privacy. Privilege separation is the process of automatically partitioning a software system into least privileged components, and we argue that it is effective at reducing the attack surface. However, previous privilege-separation systems do not provide fine-grained separation of privileged code and non-privileged code co-existing in the same function for C/C++ applications. We propose a fine-grained partitioning technique for supporting fine-grained separation in automatic program partitioning. The technique has been applied to a set of security-sensitive networking and interactive programs. Results show that it can automatically generate executable partitions for C applications; further, partitioned programs incur acceptable runtime overheads.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115279712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
SGXoMeter: Open and Modular Benchmarking for Intel SGX SGXoMeter:英特尔SGX的开放和模块化基准测试
Proceedings of the 14th European Workshop on Systems Security Pub Date : 2021-04-26 DOI: 10.1145/3447852.3458722
Mohammad Mahhouk, Nico Weichbrodt, R. Kapitza
{"title":"SGXoMeter: Open and Modular Benchmarking for Intel SGX","authors":"Mohammad Mahhouk, Nico Weichbrodt, R. Kapitza","doi":"10.1145/3447852.3458722","DOIUrl":"https://doi.org/10.1145/3447852.3458722","url":null,"abstract":"Intel's Software Guard Extensions (SGX) are currently the most wide-spread commodity trusted execution environment, which provides integrity and confidentiality of sensitive code and data. Thereby, it offers protection even against privileged attackers and various forms of physical attacks. As a technology that only became available in late 2015, it has received massive interest and undergone a rapid evolution. Despite first ad-hoc attempts, there is so far no standardised approach to benchmark the SGX hardware, its associated environment, and techniques that were designed to harden SGX-based applications. In this paper, we present SGXoMeter, an open and modular framework designed to benchmark different SGX-aware CPUs, &mgr;code revisions, SDK versions and extensions to mitigate side-channel attacks. SGXoMeter provides a set of practical SGX test case scenarios and eases the development of custom benchmarks. Furthermore, we compare it to sgx-nbench, the only other SGX application benchmark tool we are aware of, and evaluate their differences. Through our benchmark results, we identified a performance overhead of up to ã10 times induced between two different SGX-SDK versions for certain workload scenarios.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"174 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133656506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
The Price of Meltdown and Spectre: Energy Overhead of Mitigations at Operating System Level 熔毁和幽灵的代价:操作系统级别缓解的能量开销
Proceedings of the 14th European Workshop on Systems Security Pub Date : 2021-04-26 DOI: 10.1145/3447852.3458721
Benedict Herzog, S. Reif, Julian Preis, Wolfgang Schröder-Preikschat, Timo Hönig
{"title":"The Price of Meltdown and Spectre: Energy Overhead of Mitigations at Operating System Level","authors":"Benedict Herzog, S. Reif, Julian Preis, Wolfgang Schröder-Preikschat, Timo Hönig","doi":"10.1145/3447852.3458721","DOIUrl":"https://doi.org/10.1145/3447852.3458721","url":null,"abstract":"The Meltdown and Spectre hardware vulnerabilities shocked hardware manufacturers and system users upon discovery. Numerous attack vectors and mitigations have been developed and deployed. However, due to the deep entanglement in core CPU components they will be an important topic for years. Although the performance overhead of software mitigations has been examined closely, the energy overhead has experienced little attention---even though the energy demand is a critical cost factor in data centres. This work contributes a fine-grained energy-overhead analysis of Meltdown/Spectre software mitigations, which reveals application-specific energy overheads of up to 72 %. We further compare energy overheads to execution time overheads. Additionally, we examine subsystem-specific effects (i.e., CPU, memory, I/O, network/interprocess communication) and develop a model that predicts energy overheads for applications.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130587690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Reproducing Spectre Attack with gem5: How To Do It Right? 用gem5复制幽灵攻击:如何做到正确?
Proceedings of the 14th European Workshop on Systems Security Pub Date : 2021-04-26 DOI: 10.1145/3447852.3458715
Pierre Ayoub, Clémentine Maurice
{"title":"Reproducing Spectre Attack with gem5: How To Do It Right?","authors":"Pierre Ayoub, Clémentine Maurice","doi":"10.1145/3447852.3458715","DOIUrl":"https://doi.org/10.1145/3447852.3458715","url":null,"abstract":"As processors become more and more complex due to performance optimizations and energy savings, new attack surfaces raise. We know that the micro-architecture of a processor leaks some information into the architectural domain. Moreover, some mechanisms like speculative execution can be exploited to execute malicious instructions. As a consequence, it allows a process to spy another process or to steal data. These attacks are consequences of fundamental design issues, thus they are complicated to fix and reproduce. Simulation would be of a great help for scientific research for microarchitectural security, but it also leads to new challenges. We try to address the first challenges to demonstrate that simulation could be useful in research and an interesting technique to develop in the future.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"65 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127654584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting dMVX:分布式环境下安全高效的多变量执行
Proceedings of the 14th European Workshop on Systems Security Pub Date : 2020-11-04 DOI: 10.1145/3447852.3458714
Alexios Voulimeneas, Dokyung Song, Per Larsen, M. Franz, Stijn Volckaert
{"title":"dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting","authors":"Alexios Voulimeneas, Dokyung Song, Per Larsen, M. Franz, Stijn Volckaert","doi":"10.1145/3447852.3458714","DOIUrl":"https://doi.org/10.1145/3447852.3458714","url":null,"abstract":"Multi-variant execution (MVX) systems amplify the effectiveness of software diversity techniques. The key idea is to run multiple diversified program variants in lockstep while providing them with the same input and monitoring their run-time behavior for divergences. Thus, adversaries have to compromise all program variants simultaneously to mount an attack successfully. Recent work proposed distributed, heterogeneous MVX systems that leverage different ABIs and ISAs to increase the diversity between program variants further. However, existing distributed MVX system designs suffer from high performance overhead due to time-consuming network transactions required for the MVX operations. This paper presents dMVX, a novel hybrid distributed MVX design, which incorporates new techniques that significantly reduce the overhead of MVX systems in a distributed setting. Our key insight is that we can intelligently reduce the MVX operations that use expensive network transfers. First, we can limit the monitoring of system calls that are not security-critical. Second, we observe that, in many circumstances, we can also safely avoid replication operations needed for I/O related system calls. Our evaluation shows that dMVX reduces the performance degradation from over 50% to 3.1% for realistic server benchmarks.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117164152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
CollabFuzz CollabFuzz
Proceedings of the 14th European Workshop on Systems Security Pub Date : 1900-01-01 DOI: 10.1145/3447852.3458720
Sebastian Österlund, Elia Geretto, Andrea Jemmett, Emre Güler, Philipp Görz, Thorsten Holz, Cristiano Giuffrida, H. Bos
{"title":"CollabFuzz","authors":"Sebastian Österlund, Elia Geretto, Andrea Jemmett, Emre Güler, Philipp Görz, Thorsten Holz, Cristiano Giuffrida, H. Bos","doi":"10.1145/3447852.3458720","DOIUrl":"https://doi.org/10.1145/3447852.3458720","url":null,"abstract":"In the recent past, there has been lots of work on improving fuzz testing. In prior work, EnFuzz showed that by sharing progress among different fuzzers, they can perform better than the sum of their parts. In this paper, we continue this line of work and present CollabFuzz, a collaborative fuzzing framework allowing multiple different fuzzers to collaborate under an informed scheduling policy based on a number of central analyses. More specifically, CollabFuzz is a generic framework that allows a user to express different test case scheduling policies, such as the collaborative approach presented by EnFuzz. CollabFuzz can control which tests cases are handed out to what fuzzer and allows the orchestration of different fuzzers across the network. Furthermore, it allows the centralized analysis of the test cases generated by the various fuzzers under its control, allowing to implement scheduling policies based on the results of arbitrary program (e.g., data-flow) analysis.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"314 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124457675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
TagVet
Proceedings of the 14th European Workshop on Systems Security Pub Date : 1900-01-01 DOI: 10.1145/3447852.3458719
Lukas Pirch, Alexander Warnecke, Christian Wressnegger, Konrad Rieck
{"title":"TagVet","authors":"Lukas Pirch, Alexander Warnecke, Christian Wressnegger, Konrad Rieck","doi":"10.1145/3447852.3458719","DOIUrl":"https://doi.org/10.1145/3447852.3458719","url":null,"abstract":"When managing large malware collections, it is common practice to use short tags for grouping and organizing samples. For example, collected malware is often tagged according to its origin, family, functionality, or clustering. While these simple tags are essential for keeping abreast of the rapid malware development, they can become disconnected from the actual behavior of the samples and, in the worst case, mislead the analyst. In particular, if tags are automatically assigned, it is often unclear whether they indeed align with the malware functionality. In this paper, we propose a method for vetting tags in malware collections. Our method builds on recent techniques of explainable machine learning, which enable us to automatically link tags to behavioral patterns observed during dynamic analysis. To this end, we train a neural network to classify different tags and trace back its decision to individual system calls and arguments. We empirically evaluate our method on tags for malware functionality, families, and clusterings. Our results demonstrate the utility of this approach and pinpoint interesting relations of malware tags in practice.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"161 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125904448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
SGXPecial
Proceedings of the 14th European Workshop on Systems Security Pub Date : 1900-01-01 DOI: 10.1145/3447852.3458716
Shachee Mishra, M. Polychronakis
{"title":"SGXPecial","authors":"Shachee Mishra, M. Polychronakis","doi":"10.1145/3447852.3458716","DOIUrl":"https://doi.org/10.1145/3447852.3458716","url":null,"abstract":"Intel SGX is a hardware-based trusted execution technology that partitions an application into trusted and untrusted parts. The trusted part, known as an enclave, executes within an encrypted memory environment, preventing the host application and the OS from being able to access its memory. The enclave, however, has the ability to access the host's memory. When considering malicious code running in an enclave, the strong memory isolation and encryption properties offered may aid the stealthiness of malware, since malware detection tools cannot inspect the enclave. The enclave and the host communicate over bi-directional interfaces that the Intel SGX SDK generates. In this work, we present SGXPecial, a best-effort interface specialization tool that statically analyzes both the host and the enclave to generate interfaces tailored only to their needs. SGXPecial is implemented as an extension to the Edger8r tool of the SGX SDK, and performs API specialization at build time. In particular, SGXPecial performs function, argument, and type-based specialization to restrict the valid control flows across the host-to-enclave boundary. We evaluate SGXPecial's security impact by testing it on SGX SDK sample applications and four open-source SGX applications. SGXPecial effectively prevents five proof-of-concept code reuse attacks in all tested applications.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114811748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信