发布求助
文献互助 智能选刊 最新文献

2020 IEEE Security and Privacy Workshops (SPW)最新文献

筛选
英文 中文
Binary Analysis with Architecture and Code Section Detection using Supervised Machine Learning 二元分析与结构和代码段检测使用监督机器学习
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00041
Bryan Beckman, Jedediah Haile
{"title":"Binary Analysis with Architecture and Code Section Detection using Supervised Machine Learning","authors":"Bryan Beckman, Jedediah Haile","doi":"10.1109/SPW50608.2020.00041","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00041","url":null,"abstract":"When presented with an unknown binary, which may or may not be complete, having the ability to determine information about it is critical to future reverse engineering, particularly in discovering the binary's intended use and potential malicious nature. This paper details techniques to both identify the machine architecture of the binary, as well as to locate the important code segments within the file. This identification of unknown binaries makes use of a technique called byte histogram in addition to various machine learning (ML) techniques, which we call “What is it Binary” or WiiBin. Benefits of byte histograms reflect the simplicity of calculation and do not rely on file headers or metadata, allowing for acceptable results when only a small portion of the original file is available; e.g., when encrypted and/or compressed sections are present in a binary. Utilizing WiiBin, we were able to accurately (>80%) determine the architecture of test binaries with as little as a 20% contagious portion of the file present. We were also able to determine the location of code sections within a binary by utilizing the WiiBin framework. Ultimately, the more information that can be gleaned from a binary file, the easier it is to successfully reverse engineer.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127273704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Fooling A Deep-Learning Based Gait Behavioral Biometric System 愚弄基于深度学习的步态行为生物识别系统
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00052
Honghao Guo, Zuo Wang, Benfang Wang, Xiangyang Li, D. Shila
{"title":"Fooling A Deep-Learning Based Gait Behavioral Biometric System","authors":"Honghao Guo, Zuo Wang, Benfang Wang, Xiangyang Li, D. Shila","doi":"10.1109/SPW50608.2020.00052","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00052","url":null,"abstract":"We leverage deep learning algorithms on various user behavioral information gathered from end-user devices to classify a subject of interest. In spite of the ability of these techniques to counter spoofing threats, they are vulnerable to adversarial learning attacks, where an attacker adds adversarial noise to the input samples to fool the classifier into false acceptance. Recently, a handful of mature techniques like Fast Gradient Sign Method (FGSM) have been proposed to aid white-box attacks, where an attacker has a complete knowledge of the machine learning model. On the contrary, we exploit a black-box attack to a behavioral biometric system based on gait patterns, by using FGSM and training a shadow model that mimics the target system. The attacker has limited knowledge on the target model and no knowledge of the real user being authenticated, but induces a false acceptance in authentication. Our goal is to understand the feasibility of a black-box attack and to what extent FGSM on shadow models would contribute to its success. Our results manifest that the performance of FGSM highly depends on the quality of the shadow model, which is in turn impacted by key factors including the number of queries allowed by the target system in order to train the shadow model. Our experimentation results have revealed strong relationships between the shadow model and FGSM performance, as well as the effect of the number of FGSM iterations used to create an attack instance. These insights also shed light on deep-learning algorithms' model shareability that can be exploited to launch a successful attack.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116695128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Research Report: Formally-Verified ASN.1 Protocol C-language Stack 研究报告:正式验证的ASN.1协议c语言堆栈
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00065
Nika Pona, V. Zaliva
{"title":"Research Report: Formally-Verified ASN.1 Protocol C-language Stack","authors":"Nika Pona, V. Zaliva","doi":"10.1109/SPW50608.2020.00065","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00065","url":null,"abstract":"We describe our approach and progress in verification of a mature open-source ASN.1 compiler, ASN1C, using the Coq proof assistant. Once completed, our project will provide state-of-the-art high assurance suitable for mission-critical systems. Furthermore, since formal verification will be layered atop a well-tested ASN.1 stack, it will combine the benefits of high-performance portable stack implementation with formal correctness guarantees. As an essential step in our approach, the project will also provide a formalization of a key part of the ASN.1 standard. Such formal specification could subsequently be used by others to analyze ASN.1 properties and validate other implementations.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131134526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Privacy Filter Framework for Internet of Robotic Things Applications 机器人物联网应用的隐私过滤框架
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00059
Zahir Alsulaimawi
{"title":"A Privacy Filter Framework for Internet of Robotic Things Applications","authors":"Zahir Alsulaimawi","doi":"10.1109/SPW50608.2020.00059","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00059","url":null,"abstract":"Traditionally robots have been stand-alone systems. In recent years, however, they have increasingly been connected to external knowledge resources through the Internet of Things (IoT). These robots are thus becoming part of IoT and can realistically allocate Internet of Robotic Things (IoRT) technologies. IoRT can facilitate Human-Robot Interaction (HRI) at functional (commanding and programming) and social levels, as well as a means for remote-interaction. IoRT-HRI can cause privacy issues for humans, in part because robots can collect data using IoT and move in the real world, partly because robots can learn to read human social cues and adapt or correct their behavior accordingly. In this paper, we address the topic of privacy-preserving for IoRT- Hri applications. The objective is to design a data release framework called a Privacy Filter (PF) that can prevent an adversary from private mining information from the released data while keeping utility data. In the experiments, we test our framework on two accessible datasets: MNIST (hand-written digits) and UCI-HAR (activity recognition from motion). Our experimental results on these datasets show that PF is highly effective in removing private information from the dataset while allowing utility data to be mined effectively.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128403947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Toward Automated Grammar Extraction via Semantic Labeling of Parser Implementations 通过解析器实现的语义标记实现自动语法提取
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00061
Carson Harmon, Bradford Larsen, E. Sultanik
{"title":"Toward Automated Grammar Extraction via Semantic Labeling of Parser Implementations","authors":"Carson Harmon, Bradford Larsen, E. Sultanik","doi":"10.1109/SPW50608.2020.00061","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00061","url":null,"abstract":"This paper introduces a new approach for labeling the semantic purpose of the functions in a parser. An input file with a known syntax tree is passed to a copy of the target parser that has been instrumented for universal taint tracking. A novel algorithm is used to merge that syntax tree ground truth with the observed taint and control-flow information from the parser's execution, producing a mapping from types in the file format to the set of functions most specialized in operating on that type. The resulting mapping has applications in mutational fuzzing, reverse engineering, differential analysis, as well as automated grammar extraction. We demonstrate that even a single execution of an instrumented parser with a single input file can lead to a mapping that a human would identify as intuitively correct. We hope that this approach will lead to both safer subsets of file formats and safer parsers.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133804458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Assessment of Cyber Security Implications of New Technology Integrations into Military Supply Chains 新技术集成到军事供应链的网络安全影响评估
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00038
Theresa Sobb, B. Turnbull
{"title":"Assessment of Cyber Security Implications of New Technology Integrations into Military Supply Chains","authors":"Theresa Sobb, B. Turnbull","doi":"10.1109/SPW50608.2020.00038","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00038","url":null,"abstract":"Military supply chains play a critical role in the acquisition and movement of goods for defence purposes. The disruption of these supply chain processes can have potentially devastating affects to the operational capability of military forces. The introduction and integration of new technologies into defence supply chains can serve to increase their effectiveness. However, the benefits posed by these technologies may be outweighed by significant consequences to the cyber security of the entire defence supply chain. Supply chains are complex Systems of Systems, and the introduction of an insecure technology into such a complex ecosystem may induce cascading system-wide failure, and have catastrophic consequences to military mission assurance. Subsequently, there is a need for an evaluative process to determine the extent to which a new technology will affect the cyber security of military supply chains. This work proposes a new model, the Military Supply Chain Cyber Implications Model (M-SCCIM), that serves to aid military decision makers in understanding the potential cyber security impact of introducing new technologies to supply chains. M-SCCIM is a multiphase model that enables understanding of cyber security and supply chain implications through the lenses of theoretical examinations, pilot applications and system wide implementations.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124589336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
On Using Camera-based Visible Light Communication for Security Protocols 基于摄像机的可见光通信安全协议研究
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00034
Wenjing Chu, Ting-Guang Yu, Yu-Kai Lin, Shao-Chuan Lee, H. Hsiao
{"title":"On Using Camera-based Visible Light Communication for Security Protocols","authors":"Wenjing Chu, Ting-Guang Yu, Yu-Kai Lin, Shao-Chuan Lee, H. Hsiao","doi":"10.1109/SPW50608.2020.00034","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00034","url":null,"abstract":"In security protocol design, Visible Light Communication (VLC) has often been abstracted as an ideal channel that is resilient to eavesdropping, manipulation, and jamming. Camera Communication (CamCom), a subcategory of VLC, further strengthens the level of security by providing a visually verifiable association between the transmitter and the extracted information. However, the ideal security guarantees of visible light channels may not hold in practice due to limitations and tradeoffs introduced by hardware, software, configuration, environment, etc. This paper presents our experience and lessons learned from implementing CamCom for security protocols. We highlight CamCom's security-enhancing properties and security applications that it enables. Backed by real implementation and experiments, we also systematize the practical considerations of CamCom-based security protocols.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"2015 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127785373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
EM Fingerprints: Towards Identifying Unauthorized Hardware Substitutions in the Supply Chain Jungle EM指纹:在供应链丛林中识别未经授权的硬件替代
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00040
C. Kolias, Daniel Barbará, C. Rieger, J. Ulrich
{"title":"EM Fingerprints: Towards Identifying Unauthorized Hardware Substitutions in the Supply Chain Jungle","authors":"C. Kolias, Daniel Barbará, C. Rieger, J. Ulrich","doi":"10.1109/SPW50608.2020.00040","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00040","url":null,"abstract":"This paper proposes a system capable of branding digital device components based on the EM signals typically emitted during their normal operational cycles. Such signals contain digital artifacts that are unique, which may act as an identifier of a particular device component e.g., its CPU, or the entire device if one chooses to take into account a combination of multiple such components. In real-life scenarios, this “bio-metrical” fingerprinting of hardware has to be conducted only once, possibly as part of an initial device configuration process with minimum additional maintenance time and cost, by the network administrators. At a subsequent stage, devices can get “authenticated” by comparing their newly emitted signals against the preexisting database during routine checks. The experimental results attest that the proposed approach can effectively protect a network against unrecognized potentially rogue devices posing as benign or malicious substitutions of hardware components at the chip level with near-perfect accuracy. One may view the proposed system as a technical solution to verify the trustworthiness of digital parts as well as the actors involved in certain stages of the supply chain.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126451317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Using Taint Analysis and Reinforcement Learning (TARL) to Repair Autonomous Robot Software 利用污点分析和强化学习(TARL)修复自主机器人软件
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00045
D. Lyons, Saba B. Zahra
{"title":"Using Taint Analysis and Reinforcement Learning (TARL) to Repair Autonomous Robot Software","authors":"D. Lyons, Saba B. Zahra","doi":"10.1109/SPW50608.2020.00045","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00045","url":null,"abstract":"It is important to be able to establish formal performance bounds for autonomous systems. However, formal verification techniques require a model of the environment in which the system operates; a challenge for autonomous systems, especially those expected to operate over longer timescales. This paper describes work in progress to automate the monitor and repair of ROS-based autonomous robot software written for an apriori partially known and possibly incorrect environment model. A taint analysis method is used to automatically extract the dataflow sequence from input topic to publish topic, and instrument that code. A unique reinforcement learning approximation of MDP utility is calculated, an empirical and non-invasive characterization of the inherent objectives of the software designers. By comparing design (a-priori) utility with deploy (deployed system) utility, we show, using a small but real ROS example, that it's possible to monitor a performance criterion and relate violations of the criterion to parts of the software. The software is then patched using automated software repair techniques and evaluated against the original off-line utility.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131012804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Case Study: Safety Verification of an Unmanned Underwater Vehicle 案例研究:无人水下航行器的安全验证
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00047
Diego Manzanas Lopez, Patrick Musau, Nathaniel P. Hamilton, Hoang-Dung Tran, Taylor T. Jonhson
{"title":"Case Study: Safety Verification of an Unmanned Underwater Vehicle","authors":"Diego Manzanas Lopez, Patrick Musau, Nathaniel P. Hamilton, Hoang-Dung Tran, Taylor T. Jonhson","doi":"10.1109/SPW50608.2020.00047","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00047","url":null,"abstract":"This manuscript evaluates the safety of a neural network controller that seeks to ensure that an Unmanned Underwater Vehicle (UUV) does not collide with a static object in its path. To achieve this, we utilize methods that can determine the exact output reachable set of all the UUV's components through the use of star-sets. The star-set is a computationally efficient set representation adept at characterizing large input spaces. It supports cheap and efficient computation of affine mapping operations and intersections with half-spaces. The system under consideration in this work represents a more complex system than Neural Network Control Systems (NNCS) previously considered in other works, and consists of a total of four components. Our experimental evaluation uses four different scenarios to show that our star-set based methods are scalable and can be efficiently used to analyze the safety of real-world cyber-physical systems (CPS).","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132627355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信