发布求助
文献互助 智能选刊 最新文献

Reversing and Offensive-Oriented Trends Symposium最新文献

筛选
英文 中文
WAFL: Binary-Only WebAssembly Fuzzing with Fast Snapshots 带快速快照的纯二进制WebAssembly模糊测试
Reversing and Offensive-Oriented Trends Symposium Pub Date : 2021-11-18 DOI: 10.1145/3503921.3503924
Keno Hassler, D. Maier
{"title":"WAFL: Binary-Only WebAssembly Fuzzing with Fast Snapshots","authors":"Keno Hassler, D. Maier","doi":"10.1145/3503921.3503924","DOIUrl":"https://doi.org/10.1145/3503921.3503924","url":null,"abstract":"WebAssembly, the open standard for binary code, is quickly gaining adoption on the web and beyond. As the binaries are often written in low-level languages, like C and C++, they are riddled with the same bugs as their traditional counterparts. Minimal tooling to uncover these bugs on WebAssembly binaries exists. In this paper we present WAFL, a fuzzer for WebAssembly binaries. WAFL adds a set of patches to the WAVM WebAssembly runtime to generate coverage data for the popular AFL++ fuzzer. Thanks to the underlying ahead-of-time (AOT) compiling WAVM, WAFL is already very performant. WAFL adds lightweight VM snapshots. By replacing forks, traditionally used in AFL++ harnesses, with WAFL’s snapshots, WAFL harnesses can even outperform native harnesses with compile-time instrumentation in raw fuzzing performance. To the best of our knowledge, WAFL is the first coverage-guided fuzzer for binary-only WebAssembly, without the need for source.","PeriodicalId":379610,"journal":{"name":"Reversing and Offensive-Oriented Trends Symposium","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129453067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Reversing and Offensive-oriented Trends Symposium 逆转和进攻性趋势研讨会
Reversing and Offensive-Oriented Trends Symposium Pub Date : 2021-11-18 DOI: 10.1145/3503921
{"title":"Reversing and Offensive-oriented Trends Symposium","authors":"","doi":"10.1145/3503921","DOIUrl":"https://doi.org/10.1145/3503921","url":null,"abstract":"","PeriodicalId":379610,"journal":{"name":"Reversing and Offensive-Oriented Trends Symposium","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127434308","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Uncovering Smart Contract VM Bugs Via Differential Fuzzing 通过差分模糊测试发现智能合约虚拟机漏洞
Reversing and Offensive-Oriented Trends Symposium Pub Date : 2021-11-18 DOI: 10.1145/3503921.3503923
D. Maier, F. Fäßler, Jean-Pierre Seifert
{"title":"Uncovering Smart Contract VM Bugs Via Differential Fuzzing","authors":"D. Maier, F. Fäßler, Jean-Pierre Seifert","doi":"10.1145/3503921.3503923","DOIUrl":"https://doi.org/10.1145/3503921.3503923","url":null,"abstract":"The ongoing public interest in blockchains and smart contracts has brought a rise to a magnitude of different blockchain implementations. The rate at which new concepts are envisioned and implemented makes it hard to vet their impact on security. Especially smart contract platforms, executing untrusted code, are very complex by design. Still, people put their trust and money into chains that may lack proper testing. A behavior deviation for edge cases of single op-codes is a critical bug class in this brave new world. It can be abused for Denial of Service against the blockchain, chain splits, double-spending, or direct attacks on applications operating on the blockchain. In this paper, we propose an automated methodology to uncover such differences. Through coverage-guided and state-guided fuzzing, we explore smart contract virtual machine behavior against multiple VMs in parallel. We develop NeoDiff, the first framework for feedback-guided differential fuzzing of smart contract VMs. We discuss real, monetary consequences our tool prevents. NeoDiff can be ported to new smart contract platforms with ease. Apart from fuzzing Ethereum VMs, NeoDiff found a range of critical differentials in VMs for the Neo blockchain. Moreover, through a higher-layer semantics mutator, we uncovered semantic discrepancies between Neo smart contracts written in Python when executed on the blockchain vs. classic CPython. Along the way, NeoDiff uncovered memory corruptions in the C# Neo VM.","PeriodicalId":379610,"journal":{"name":"Reversing and Offensive-Oriented Trends Symposium","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116049584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Reversing and Fuzzing the Google Titan M Chip 逆转和模糊谷歌泰坦M芯片
Reversing and Offensive-Oriented Trends Symposium Pub Date : 2021-11-18 DOI: 10.1145/3503921.3503922
Damiano Melotti, Maxime Rossi-Bellom, Andrea Continella
{"title":"Reversing and Fuzzing the Google Titan M Chip","authors":"Damiano Melotti, Maxime Rossi-Bellom, Andrea Continella","doi":"10.1145/3503921.3503922","DOIUrl":"https://doi.org/10.1145/3503921.3503922","url":null,"abstract":"Google recently introduced a secure chip called Titan M in its Pixel smartphones, enabling the implementation of a Trusted Execution Environment (TEE) in Tamper Resistant Hardware. TEEs have been proven effective in reducing the attack surface exposed by smartphones, by protecting specific security-sensitive operations. However, studies have shown that TEE code and execution can also be targeted and exploited by attackers, therefore, studying their security lays the basis of the trust we have in their features. In this paper, we provide the first security analysis of Titan M. First, we reverse engineer the firmware and we review the open source code in the Android OS that is responsible for the communication with the chip. By exploiting a known vulnerability, we then dynamically examine the memory layout and the internals of the chip. Finally, leveraging the acquired knowledge, we design and implement a structure-aware black-box fuzzer. Using our fuzzer, we rediscover several known vulnerabilities after a few seconds of testing, proving the effectiveness of our solution. In addition, we identify and report a new vulnerability in the latest version of the firmware.","PeriodicalId":379610,"journal":{"name":"Reversing and Offensive-Oriented Trends Symposium","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130029986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Reversing and Offensive-oriented Trends Symposium 逆转和进攻性趋势研讨会
Reversing and Offensive-Oriented Trends Symposium Pub Date : 2020-11-19 DOI: 10.1145/3433667
{"title":"Reversing and Offensive-oriented Trends Symposium","authors":"","doi":"10.1145/3433667","DOIUrl":"https://doi.org/10.1145/3433667","url":null,"abstract":"","PeriodicalId":379610,"journal":{"name":"Reversing and Offensive-Oriented Trends Symposium","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129855665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial Samples 无需教旧恶意软件的新技巧:用基于xor的对抗性样本赢得逃避挑战
Reversing and Offensive-Oriented Trends Symposium Pub Date : 2020-11-19 DOI: 10.1145/3433667.3433669
Fabrício Ceschin, Marcus Botacin, Gabriel Lüders, Heitor Murilo Gomes, Luiz Oliveira, A. Grégio
{"title":"No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial Samples","authors":"Fabrício Ceschin, Marcus Botacin, Gabriel Lüders, Heitor Murilo Gomes, Luiz Oliveira, A. Grégio","doi":"10.1145/3433667.3433669","DOIUrl":"https://doi.org/10.1145/3433667.3433669","url":null,"abstract":"Adversarial attacks to Machine Learning (ML) models became such a concern that tech companies (Microsoft and CUJO AI’s Vulnerability Research Lab) decided to launch contests to better understand their impact on practice. During the contest’s first edition (2019), participating teams were challenged to bypass three ML models in a white box manner. Our team bypassed all the three of them and reported interesting insights about models’ weaknesses. In the second edition (2020), the challenge evolved to an attack-and-defense model: the teams should either propose defensive models and attack other teams’ models in a black box manner. Despite the difficulty increase, our team was able to bypass all models again. In this paper, we describe our insights for this year’s contest regarding on attacking models, as well defending them from adversarial attacks. In particular, we show how frequency-based models (e.g., TF-IDF) are vulnerable to the addition of dead function imports, and how models based on raw bytes are vulnerable to payload-embedding obfuscation (e.g., XOR and base64 encoding).","PeriodicalId":379610,"journal":{"name":"Reversing and Offensive-Oriented Trends Symposium","volume":"750 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122969393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
A survey on practical adversarial examples for malware classifiers 恶意软件分类器的实际对抗性实例综述
Reversing and Offensive-Oriented Trends Symposium Pub Date : 2020-11-06 DOI: 10.1145/3433667.3433670
Daniel Park, B. Yener
{"title":"A survey on practical adversarial examples for malware classifiers","authors":"Daniel Park, B. Yener","doi":"10.1145/3433667.3433670","DOIUrl":"https://doi.org/10.1145/3433667.3433670","url":null,"abstract":"Machine learning based solutions have been very helpful in solving problems that deal with immense amounts of data, such as malware detection and classification. However, deep neural networks have been found to be vulnerable to adversarial examples, or inputs that have been purposefully perturbed to result in an incorrect label. Researchers have shown that this vulnerability can be exploited to create evasive malware samples. However, many proposed attacks do not generate an executable and instead generate a feature vector. To fully understand the impact of adversarial examples on malware detection, we review practical attacks against malware classifiers that generate executable adversarial malware examples. We also discuss current challenges in this area of research, as well as suggestions for improvement and future research directions.","PeriodicalId":379610,"journal":{"name":"Reversing and Offensive-Oriented Trends Symposium","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131543511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Exploiting Interfaces of Secure Encrypted Virtual Machines 利用安全加密虚拟机接口
Reversing and Offensive-Oriented Trends Symposium Pub Date : 2020-10-14 DOI: 10.1145/3433667.3433668
M. Radev, M. Morbitzer
{"title":"Exploiting Interfaces of Secure Encrypted Virtual Machines","authors":"M. Radev, M. Morbitzer","doi":"10.1145/3433667.3433668","DOIUrl":"https://doi.org/10.1145/3433667.3433668","url":null,"abstract":"Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual machine still depends on the hypervisor for performing certain activities, such as the emulation of special CPU instructions, or the emulation of devices. Yet, most code that runs in virtual machines was not written with an attacker model which considers the hypervisor as malicious. In this work, we introduce a new class of attacks in which a malicious hypervisor manipulates external interfaces of an SEV or SEV-ES virtual machine to make it act against its own interests. We start by showing how we can make use of virtual devices to extract encryption keys and secret data of a virtual machine. We then show how we can reduce the entropy of probabilistic kernel defenses in the virtual machine by carefully manipulating the results of the CPUID and RDTSC instructions. We continue by showing an approach for secret data exfiltration and code injection based on the forgery of MMIO regions over the VM’s address space. Finally, we show another attack which forces decryption of the VM’s stack and uses Return Oriented Programming to execute arbitrary code inside the VM. While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES, which aims to protect a virtual machine from a benign but vulnerable hypervisor.","PeriodicalId":379610,"journal":{"name":"Reversing and Offensive-Oriented Trends Symposium","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121962205","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信