发布求助
文献互助 智能选刊 最新文献

2020 IEEE Security and Privacy Workshops (SPW)最新文献

筛选
英文 中文
On-Chip Randomization for Memory Protection Against Hardware Supply Chain Attacks to DRAM 针对DRAM硬件供应链攻击的存储器保护的片上随机化
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00044
Brett Meadows, Nathan J. Edwards, Sang-Yoon Chang
{"title":"On-Chip Randomization for Memory Protection Against Hardware Supply Chain Attacks to DRAM","authors":"Brett Meadows, Nathan J. Edwards, Sang-Yoon Chang","doi":"10.1109/SPW50608.2020.00044","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00044","url":null,"abstract":"Dynamic Random Access Memory (DRAM) is widely used for data storage and, when a computer system is in operation, the DRAM can contain sensitive information such as passwords and cryptographic keys. Therefore, the DRAM is a prime target for hardware-based cryptanalytic attacks. These attacks can be performed in the supply chain to capture default key mechanisms enabling a later cyber attack or predisposition the system to remote effects. Two prominent attack classes against memory are the Cold Boot attack which recovers the data from the DRAM even after a supposed power-down and Rowhammer attack which violates memory integrity by influencing the stored bits to flip. In this paper, we propose an on-chip technique that obfuscates the memory addresses and data and provides a fast detect-response to defend against these hardware-based security attacks on DRAM. We advance the prior hardware security research by making two contributions. First, the key material is detected and erased before the Cold Boot attacker can extract the memory data. Second, our solution is on-chip and does not require nor depend on additional hardware or software which are open to additional supply chain attack vectors. We analyze the efficacy of our scheme through circuit simulation and compare the results to the previous mitigation approaches based on DRAM write operations. Our simulation and analysis results show that purging key information used for address and data randomization can be achieved much faster and with lower power than with typical DRAM write techniques used for sanitizing memory content. We demonstrate through circuit simulation of the key register design a technique that clears key information within 2.4ns which is faster by more than two orders magnitude compared to typical DRAM write operations for 180nm technology, and with a power consumption of 0.15 picoWatts.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115221841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Research Report: The Parsley Data Format Definition Language 研究报告:欧芹数据格式定义语言
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00064
Prashanth Mundkur, L. Briesemeister, N. Shankar, Prashant Anantharaman, Sameed Ali, Zephyr Lucas, Sean W. Smith
{"title":"Research Report: The Parsley Data Format Definition Language","authors":"Prashanth Mundkur, L. Briesemeister, N. Shankar, Prashant Anantharaman, Sameed Ali, Zephyr Lucas, Sean W. Smith","doi":"10.1109/SPW50608.2020.00064","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00064","url":null,"abstract":"Any program that reads formatted input relies on parsing software to check the input for validity and transform it into a representation suitable for further processing. Many security vulnerabilities can be attributed to poorly defined grammars, incorrect parsing, and sloppy input validation. In contrast to programming languages, grammars for even common data formats such as ELF and PDF are typically context-sensitive and heterogenous. However, as in programming languages, a standard notation or language to express these data format grammars can address poor or ambiguous definitions, and the automated generation of correct-by-construction parsers from such grammar specifications can yield correct and type- and memory-safe data parsing routines. We present our ongoing work on developing such a data format description language. Parsley is a declarative data format definition language that combines grammars and constraints in a modular way. We show how it can be used to capture data formats such as MAVLink, PDF and ELF. We briefly describe the processing pipeline we are designing to generate verified parsers from these specifications.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116433675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
ELF Analyzer Demo: Online Identification for IoT Malwares with Multiple Hardware Architectures ELF分析仪演示:多硬件架构物联网恶意软件的在线识别
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00036
Shin-Ming Cheng, Tao Ban, Jr-Wei Huang, Bing-Kai Hong, D. Inoue
{"title":"ELF Analyzer Demo: Online Identification for IoT Malwares with Multiple Hardware Architectures","authors":"Shin-Ming Cheng, Tao Ban, Jr-Wei Huang, Bing-Kai Hong, D. Inoue","doi":"10.1109/SPW50608.2020.00036","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00036","url":null,"abstract":"This demonstration presents an automatic IoT runtime platform with a web interface, ELF Analyzer, where suspicious ELF files uploaded by users could be executed and dynamically analyzed for malicious behavior identification. The key component of our platform is a crafted IoT sandbox, where multiple hardware architectures are emulated using QEMU. With the introduction of strace functionality, we demonstrate that system call and traffic logs of an uploaded ELF file with different hardware architectures can be generated successfully. After proper analysis, malicious ELF files can be identified.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116532517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Towards an AI-Based After-Collision Forensic Analysis Protocol for Autonomous Vehicles 基于人工智能的自动驾驶汽车碰撞后取证分析协议研究
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00055
Prinkle Sharma, Umesh Siddanagaiah, Gökhan Kul
{"title":"Towards an AI-Based After-Collision Forensic Analysis Protocol for Autonomous Vehicles","authors":"Prinkle Sharma, Umesh Siddanagaiah, Gökhan Kul","doi":"10.1109/SPW50608.2020.00055","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00055","url":null,"abstract":"Safety-critical applications in the cooperative vehicular networks are built to improve safety, traffic efficiency and handle emergencies by communicating the road condition captured using data from sensors (camera, LiDAR, RADAR, etc.). These cyber-physical systems maintain records of the data received from its sensors to make decisions while driving on road. Such proliferation of data opens possibilities of scenarios where attackers can forge into the system with unrestricted access to the internal network of the vehicle and perform malicious acts. Due to the possibility of such acts, it is crucial how forensic analysis should be carried out in case of traffic accidents that include autonomous vehicles (AV). In this paper, we propose a forensic investigation protocol on autonomous vehicles, specifically to investigate if there was an attack that targeted the vehicle sensors. The proposed process consists of three main phases: data curation, analysis and decision making. We argue that, by using supervised deep neural network-based architecture YOLO trained in the Darknet framework and tested with SORT, an effective model to detect traffic data can be built to perform forensic investigations.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122197468","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
LangSec 2020 Organization LangSec 2020组织
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/spw50608.2020.00017
{"title":"LangSec 2020 Organization","authors":"","doi":"10.1109/spw50608.2020.00017","DOIUrl":"https://doi.org/10.1109/spw50608.2020.00017","url":null,"abstract":"","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129961283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Deep Learning and Security Workshop (DLS 2020) 深度学习与安全研讨会(DLS 2020)
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/spw50608.2020.00008
N. Vasiloglou, B. Biggio, Nicholas Carlini
{"title":"Deep Learning and Security Workshop (DLS 2020)","authors":"N. Vasiloglou, B. Biggio, Nicholas Carlini","doi":"10.1109/spw50608.2020.00008","DOIUrl":"https://doi.org/10.1109/spw50608.2020.00008","url":null,"abstract":"","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130310616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Workshop on Assured Autonomous Systems 2020 2020年安全自主系统研讨会
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/spw50608.2020.00014
H. Shrobe, C. Rouff, R. Ghanadan
{"title":"Workshop on Assured Autonomous Systems 2020","authors":"H. Shrobe, C. Rouff, R. Ghanadan","doi":"10.1109/spw50608.2020.00014","DOIUrl":"https://doi.org/10.1109/spw50608.2020.00014","url":null,"abstract":"Greetings, on behalf of the IEEE Workshop on Assured Autonomous Systems (WAAS) program committee, we are pleased to present to you the proceedings of our inaugural workshop. WAAS is focused on bringing together researchers and practitioners from all aspects of AI safety, security, and privacy in autonomous systems. The goal of the workshop is to discuss research on the gap that exists between theory-heavy autonomous systems and algorithms, and the privacy, security, and safety of their real-world implementations.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131773902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Research Report: Building a Wide Reach Corpus for Secure Parser Development 研究报告:为安全解析器开发构建一个广泛的语料库
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00066
Timothy B. Allison, Wayne Burke, V. Constantinou, Edwin Goh, C. Mattmann, Anastasija Mensikova, Philip Southam, R. Stonebraker, Virisha Timmaraju
{"title":"Research Report: Building a Wide Reach Corpus for Secure Parser Development","authors":"Timothy B. Allison, Wayne Burke, V. Constantinou, Edwin Goh, C. Mattmann, Anastasija Mensikova, Philip Southam, R. Stonebraker, Virisha Timmaraju","doi":"10.1109/SPW50608.2020.00066","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00066","url":null,"abstract":"Computer software that parses electronic files is often vulnerable to maliciously crafted input data. Rather than relying on developers to implement ad hoc defenses against such data, the Language-theoretic security (LangSec) philosophy offers formally correct and verifiable input handling throughout the software development lifecycle. Whether developing from a specification or deriving parsers from samples, LangSec parser developers require wide-reach corpora of their target file format in order to identify key edge cases or common deviations from the format's specification. In this research report, we provide the details of several methods we have used to gather approximately 30 million files, extract features and make these features amenable to search and use in analytics. Additionally, we provide documentation on opportunities and limitations of some popular open-source datasets and annotation tools that will benefit researchers which need to efficiently gather a large file corpus for the purposes of LangSec parser development.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"38 10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123436529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Case Study of the Security Vetting Process of Smart-home Assistant Applications 智能家居助理应用程序的安全审查过程案例研究
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00029
Hang Hu, Limin Yang, Shihan Lin, Gang Wang
{"title":"A Case Study of the Security Vetting Process of Smart-home Assistant Applications","authors":"Hang Hu, Limin Yang, Shihan Lin, Gang Wang","doi":"10.1109/SPW50608.2020.00029","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00029","url":null,"abstract":"The popularity of smart-home assistant systems such as Amazon Alexa and Google Home leads to a booming third-party application market (over 70,000 applications across the two stores). While existing works have revealed security issues in these systems, it is not well understood how to help application developers to enforce security requirements. In this paper, we perform a preliminary case study to examine the security vetting mechanisms adopted by Amazon Alexa and Google Home app stores. With a focus on the authentication mechanisms between Alexa/Google cloud and third-party application servers (i.e. endpoints), we show the current security vetting is insufficient as developers' mistakes cannot be effectively detected and notified. A weak authentication would allow attackers to spoof the cloud to insert/retrieve data into/from the application endpoints. We validate the attack through ethical proof-of-concept experiments. To confirm vulnerable applications have indeed passed the security vetting and entered the markets, we develop a heuristic-based searching method. We find 219 real-world Alexa endpoints that carry the vulnerability, many of which are related to critical applications that control smart home devices and electronic cars. We have notified Amazon and Google about our findings and offered our suggestions to mitigate the issue.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130162198","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Poster: Radiometric Signatures for Wireless Device Identification over Dynamic Channels 海报:动态信道无线设备识别的辐射特征
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00037
Wenqing Yan, T. Voigt, C. Rohner
{"title":"Poster: Radiometric Signatures for Wireless Device Identification over Dynamic Channels","authors":"Wenqing Yan, T. Voigt, C. Rohner","doi":"10.1109/SPW50608.2020.00037","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00037","url":null,"abstract":"Radiometric signatures have been shown effective in identifying wireless devices based on imperfections in their electronics, also known as fingerprinting. Previous work mainly considered static channel conditions. In this work, we experimentally study the impact of movement and dynamic channel conditions on the radiometric signatures. We demonstrate the feasibility of fingerprinting when channels are dynamic.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131031287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信