发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks最新文献

筛选
英文 中文
Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone Tarnhelm:在ARM的TrustZone中隔离、透明和保密地执行任意代码
Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks Pub Date : 2021-11-15 DOI: 10.1145/3465413.3488571
Davide Quarta, M. Ianni, Aravind Machiry, Y. Fratantonio, Eric Gustafson, D. Balzarotti, Martina Lindorfer, G. Vigna, Christopher Kruegel
{"title":"Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone","authors":"Davide Quarta, M. Ianni, Aravind Machiry, Y. Fratantonio, Eric Gustafson, D. Balzarotti, Martina Lindorfer, G. Vigna, Christopher Kruegel","doi":"10.1145/3465413.3488571","DOIUrl":"https://doi.org/10.1145/3465413.3488571","url":null,"abstract":"Protecting the confidentiality of applications on commodity operating systems, both on desktop and mobile devices, is challenging: attackers have unrestricted control over an application's processes and thus direct access to any of the application's assets. However, the application's code itself can be of great commercial value, for example in the case of proprietary code or additional functionality obtained as downloadable content and via in-app purchases, which are widely used to monetize free applications through premium content. Developers still rely heavily on obfuscation to protect their own code from unauthorized tampering or copying, providing an obstacle for an attacker, but not preventing compromise. In this paper, we present Tarnhelm, an approach to offer a practical and transparent primitive to implement code confidentiality by extending ARM's TrustZone, a TEE that so far provides limited functionality to application developers. Tarnhelm allows developers to easily designate part of their code as confidential through source code annotations. At compile time, Tarnhelm automatically partitions the application into regular application code, executed in the \"normal world,\" and the invisible code, transparently executed in the \"secure world.\" Tarnhelm tightly couples and secures the execution in both worlds without exposing any additional attack surface by combining a number of different techniques, such as secure code loading, system call forwarding, transparent world switching, and the enforcement of inter-world control-flow integrity. We im- plemented a proof of concept of Tarnhelm and demonstrate its feasibility in a mobile computing setting.","PeriodicalId":400156,"journal":{"name":"Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127498622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Framework for Automatic Exploit Generation for JIT Compilers 用于JIT编译器的自动漏洞生成框架
Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks Pub Date : 2021-11-15 DOI: 10.1145/3465413.3488573
Xiyu Kang, S. Debray
{"title":"A Framework for Automatic Exploit Generation for JIT Compilers","authors":"Xiyu Kang, S. Debray","doi":"10.1145/3465413.3488573","DOIUrl":"https://doi.org/10.1145/3465413.3488573","url":null,"abstract":"This paper proposes a framework for automatic exploit generation in JIT compilers, focusing in particular on heap corruption vulnerabilities triggered by dynamic code, i.e., code generated at runtime by the JIT compiler. The purpose is to help assess the severity of vulnerabilities and thereby assist with vulnerability triage. The framework consists of two components: the first extracts high-level representations of exploitation primitives from existing exploits, and the second uses the primitives so extracted to construct exploits for new bugs. We are currently building a prototype implementation of the framework focusing on JavaScript JIT compilers. To the best of our knowledge, this is the first proposal to consider automatic exploit generation for code generated dynamically by JIT compilers.","PeriodicalId":400156,"journal":{"name":"Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115560376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
PERFUME 香水
Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks Pub Date : 2021-11-15 DOI: 10.1145/3465413.3488575
Nicolaas Weideman, Virginia K. Felkner, Wei-Cheng Wu, Jonathan May, Christophe Hauser, Luis Garcia
{"title":"PERFUME","authors":"Nicolaas Weideman, Virginia K. Felkner, Wei-Cheng Wu, Jonathan May, Christophe Hauser, Luis Garcia","doi":"10.1145/3465413.3488575","DOIUrl":"https://doi.org/10.1145/3465413.3488575","url":null,"abstract":"Algorithmic identification is the crux for several binary analysis applications, including malware analysis, vulnerability discovery, and embedded firmware reverse engineering. However, data-driven and signature-based approaches often break down when encountering outlier realizations of a particular algorithm. Moreover, reverse engineering of domain-specific binaries often requires collaborative analysis between reverse engineers and domain experts. Communicating the behavior of an unidentified binary program to non-reverse engineers necessitates the recovery of algorithmic semantics in a human-digestible form. This paper presents PERFUME, a framework that extracts symbolic math expressions from low-level binary representations of an algorithm. PERFUME works by translating a symbolic output representation of a binary function to a high-level mathematical expression. In particular, we detail how source and target representations are generated for training a machine translation model. We integrate PERFUME as a plug-in for Ghidra--an open-source reverse engineering framework. We present our preliminary findings for domain-specific use cases and formalize open challenges in mathematical expression extraction from algorithmic implementations.","PeriodicalId":400156,"journal":{"name":"Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126492974","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
LLWM & IR-Mark: Integrating Software Watermarks into an LLVM-based Framework LLWM & IR-Mark:将软件水印集成到基于llvm的框架中
Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks Pub Date : 2021-11-15 DOI: 10.1145/3465413.3488576
D. Novac, Christian Eichler, M. Philippsen
{"title":"LLWM & IR-Mark: Integrating Software Watermarks into an LLVM-based Framework","authors":"D. Novac, Christian Eichler, M. Philippsen","doi":"10.1145/3465413.3488576","DOIUrl":"https://doi.org/10.1145/3465413.3488576","url":null,"abstract":"While software protection mechanisms, such as DRM and online services, hinder the unrestrained duplication of games and applications, these mechanisms fail at protecting individual software components from reuse by intellectual property thieves. While conceptually watermarking can discourage software misuse and allows proof of ownership, embedding watermarks requires expert knowledge. This is why software watermarks are barely used. This paper presents LLWM, an LLVM-based watermarking framework that automates the embedding of watermarks and thus enables the widespread use of watermarking. LLWM incorporates several (adapted) implementations of existing watermarking techniques and provides the foundation for IR-Mark, a new watermarking technique based on a modified register allocation. With LLWM, built upon LLVM and its compiler Clang, developers can use a watermark simply by compiling their codes, without the obstacle of having to understand and run existing methods and standalone tools. With the methods included in LLWM, we offer a variety of choices for embedding techniques and evaluate and discuss their characteristics and resilience against common attacks.","PeriodicalId":400156,"journal":{"name":"Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114543707","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A DCA-resistant Implementation of SM4 for the White-box Context 用于白盒上下文的SM4的抗dca实现
Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks Pub Date : 2021-11-15 DOI: 10.1145/3465413.3488572
Tingting Lin, Manfred von Willich, Dafu Lou, Philip A. Eisen
{"title":"A DCA-resistant Implementation of SM4 for the White-box Context","authors":"Tingting Lin, Manfred von Willich, Dafu Lou, Philip A. Eisen","doi":"10.1145/3465413.3488572","DOIUrl":"https://doi.org/10.1145/3465413.3488572","url":null,"abstract":"SM4 [ISO.IEC.18033-3.AMD2] is a cryptographic standard issued by the Organization of State Commercial Administration of China as an authorized block cipher for the use within China. Based on threshold implementations and operations in composite fields, we propose and implement a fixed-key white-box SM4, where all intermediate values (inputs and outputs of the lookup tables) are masked. We express the SM4 S-box in term of operations in composite fields, thus reducing the total size of the lookup tables. The threshold implementation makes the distribution of the masked values uniform and independent of the original values being represented. The white-box SM4 implementation provides resistance against traditional white-box attacks, such as the affine equivalence attack, the BGE-like attack. For DCA-like attacks, our test shows that for aggregating 2048 single-bit correlations, an identified DCA leakage requires billions of microseconds of processor time to extract the secret key, which increases 1st order DCA resistance by at least thousands of times compared with resistance against a single-bit correlation used in a classical DCA attack.","PeriodicalId":400156,"journal":{"name":"Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132012344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Optimization to the Rescue: Evading Binary Code Stylometry with Adversarial Use of Code Optimizations 拯救的优化:用代码优化的对抗性使用逃避二进制代码风格
Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks Pub Date : 2021-11-15 DOI: 10.1145/3465413.3488574
Ben Jacobsen, Sazzadur Rahaman, S. Debray
{"title":"Optimization to the Rescue: Evading Binary Code Stylometry with Adversarial Use of Code Optimizations","authors":"Ben Jacobsen, Sazzadur Rahaman, S. Debray","doi":"10.1145/3465413.3488574","DOIUrl":"https://doi.org/10.1145/3465413.3488574","url":null,"abstract":"Recent work suggests that it may be possible to determine the author of a binary program simply by analyzing stylistic features preserved within it. As this poses a threat to the privacy of programmers who wish to distribute their work anonymously, we consider steps that can be taken to mislead such analysis. We begin by exploring the effect of compiler optimizations on the features used for stylistic analysis. Building on these findings, we propose a gray-box attack on a state-of-the-art classifier using compiler optimizations. Finally, we discuss our results, as well as implications for the field of binary stylometry.","PeriodicalId":400156,"journal":{"name":"Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130918041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信