发布求助
文献互助 智能选刊 最新文献

2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)最新文献

筛选
英文 中文
ReFace: Adversarial Transformation Networks for Real-time Attacks on Face Recognition Systems ReFace:用于人脸识别系统实时攻击的对抗性转换网络
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-06-01 DOI: 10.1109/DSN58367.2023.00038
Shehzeen Samarah Hussain, Todd P. Huster, Chris Mesterharm, Paarth Neekhara, F. Koushanfar
{"title":"ReFace: Adversarial Transformation Networks for Real-time Attacks on Face Recognition Systems","authors":"Shehzeen Samarah Hussain, Todd P. Huster, Chris Mesterharm, Paarth Neekhara, F. Koushanfar","doi":"10.1109/DSN58367.2023.00038","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00038","url":null,"abstract":"In this work, we propose ReFace, a real-time, highly-transferable attack on face recognition models based on Adversarial Transformation Networks (ATNs). Past attacks on face recognition models require the adversary to solve an input-dependent optimization problem using gradient descent making the attack impractical in real-time. Such adversarial examples are also tightly coupled to the victim model and are not as successful in transferring to different models. We find that the white-box attack success rate of a pure U-Net ATN falls substantially short of gradient-based attacks like PGD on large face recognition datasets. We therefore propose a new architecture for ATNs that closes this gap while maintaining a 10000X speedup over PGD. Furthermore, we find that at a given perturbation magnitude, our ATN adversarial perturbations are more effective in transferring to new face recognition models than PGD. We demonstrate that our attacks transfer effectively to models with different architectures, loss functions, and training procedures. ReFace attacks can successfully deceive commercial face recognition services via transfer attack and reduce face identification accuracy from 82% to 16.4% for AWS SearchFaces API and Azure face verification accuracy from 91% to 50.1%.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121475317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DARPA: Combating Asymmetric Dark UI Patterns on Android with Run-time View Decorator DARPA:用运行时视图装饰器对抗Android上的不对称暗UI模式
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-06-01 DOI: 10.1109/DSN58367.2023.00052
Zhaoxin Cai, Yuhong Nan, Xueqiang Wang, Mengyi Long, Qihua Ou, Min Yang, Zibin Zheng
{"title":"DARPA: Combating Asymmetric Dark UI Patterns on Android with Run-time View Decorator","authors":"Zhaoxin Cai, Yuhong Nan, Xueqiang Wang, Mengyi Long, Qihua Ou, Min Yang, Zibin Zheng","doi":"10.1109/DSN58367.2023.00052","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00052","url":null,"abstract":"It has been extensively discussed that online services, such as shopping websites, may exploit dark user interface (UI) patterns to mislead users into performing unwanted and even harmful activities on the UI, e.g., subscribing to recurring purchases unknowingly. Most recently, the growing popularity of mobile platforms has led to an ever-extending reach of dark UI patterns in mobile apps, leading to security and privacy risks to end users. A systematic study of such patterns, including how to detect and mitigate them on mobile platforms, unfortunately, has not been conducted. In this paper, we fill the research gap by investigating the dark UI patterns in mobile apps. Specifically, we show the prevalence of the asymmetric dark UI patterns (AUI) in real-world apps, and reveal their risks by characterizing the AUI (e.g., subjects, hosts, and patterns). Then, through user studies, we demonstrate the demand for effective solutions to mitigate the potential risks of AUI. To meet the needs, we propose DARPA - an end-to-end and generic CV-based solution to identify AUIs at run-time and mitigate the risks by highlighting the AUIs with run-time UI decoration. Our evaluation shows that DARPA is highly accurate and introduces negligible overhead. Additionally, running DARPA does not require any modifications to the apps being analyzed and to the operating system.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128047583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Compiler-Implemented Differential Checksums: Effective Detection and Correction of Transient and Permanent Memory Errors 编译器实现的差分校验和:瞬时和永久内存错误的有效检测和纠正
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-06-01 DOI: 10.1109/DSN58367.2023.00021
C. Borchert, Horst Schirmeier, O. Spinczyk
{"title":"Compiler-Implemented Differential Checksums: Effective Detection and Correction of Transient and Permanent Memory Errors","authors":"C. Borchert, Horst Schirmeier, O. Spinczyk","doi":"10.1109/DSN58367.2023.00021","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00021","url":null,"abstract":"The detection of memory errors is common practice in safety-critical software, for example in the automotive and avionics industry. International safety standards recommend using checksums for protecting critical data in computer memories. Typical implementations verify the checksum before data access and recompute it after modification using the same algorithm. However, we show that this approach can sometimes dramatically worsen the reliability of computer systems with regard to transient memory faults, and also permanent faults remain undetected. A solution with significant conceptual advantages is constituted by differential checksum algorithms, which update the respective checksum without full recomputation on data modification. We present a compiler-based solution that inserts differential checksums into C/C++ data structures automatically to cope with their increased complexity. An extensive fault-injection campaign with the TACLeBench benchmark collection shows that differential checksums reduce silent data corruptions by 95% on average whereas non-differential checksums turn out to be mostly ineffective because they introduce a window of vulnerability.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128894112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs 没有免费的午餐:关于混淆程序的代码重用攻击面
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-06-01 DOI: 10.1109/DSN58367.2023.00039
Naiqian Zhang, Daroc Alden, Dongpeng Xu, Shuai Wang, T. Jaeger, Wheeler Ruml
{"title":"No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs","authors":"Naiqian Zhang, Daroc Alden, Dongpeng Xu, Shuai Wang, T. Jaeger, Wheeler Ruml","doi":"10.1109/DSN58367.2023.00039","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00039","url":null,"abstract":"Obfuscation has been widely employed to protect software from the malicious reverse analysis. However, its security risks have not previously been studied in detail. For example, most obfuscation methods introduce large blocks of opaque code that are black boxes to normal users. In this paper, we show that, indeed, obfuscation can increase the attack risk. Existing gadget search tools, while able to find more gadgets in obfuscated code, do not succeed in assembling them into more exploits. However, these tools use strict pattern matching, greedy searching strategies, and only very simple gadgets. We develop Gadget-Planner, a more flexible approach to building code-reuse attacks that overcomes previous limitations via symbolic execution and automated planning. In a study across both benchmark and real-world programs, this approach finds many more exploit payloads on obfuscated programs, both in terms of number and diversity.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"146 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123331537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DSN 2023 Organizing Committee dsn2023组委会
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-06-01 DOI: 10.1109/dsn58367.2023.00007
{"title":"DSN 2023 Organizing Committee","authors":"","doi":"10.1109/dsn58367.2023.00007","DOIUrl":"https://doi.org/10.1109/dsn58367.2023.00007","url":null,"abstract":"","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127110522","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Creating a Large-scale Memory Error IoT Botnet Using NS3DockerEmulator 使用NS3DockerEmulator创建大规模内存错误物联网僵尸网络
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-06-01 DOI: 10.1109/DSN58367.2023.00051
Islam Obaidat, Bennett Kahn, Fatemeh Tavakoli, Meera Sridhar
{"title":"Creating a Large-scale Memory Error IoT Botnet Using NS3DockerEmulator","authors":"Islam Obaidat, Bennett Kahn, Fatemeh Tavakoli, Meera Sridhar","doi":"10.1109/DSN58367.2023.00051","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00051","url":null,"abstract":"DDoSim, a simulation testbed for mimicking real-world, large-scale botnet DDoS attacks, is presented. DDoSim offers various capabilities, including running user-specified software, testing botnet-recruitment exploits, and measuring the severity of resulting DDoS attacks. DDoSim leverages NS3DockerEmulator's Docker and NS-3 integration to load Docker containers with actual binaries and connect them over a simulated NS-3 network. DDoSim is validated through a comparison with results from real hardware experiments. This paper focuses on the results of an experiment series concerning deploying a memory error botnet on IoT devices. Unlike the Mirai attack, which relies on default credentials, these experiments exploit memory error vulnerabilities to access IoT devices. DDoSim also implements realistic IoT churn, reflecting dynamic network conditions in real-world IoT environments. The results reveal that memory error vulnerabilities enable botnet recruitment, while network conditions, attack size, and duration all have a proportional impact on target servers. DDoSim is publicly available for researchers' use.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126131440","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
SGX Switchless Calls Made Configless SGX无交换机呼叫无配置
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-05-01 DOI: 10.1109/DSN58367.2023.00032
Peterson Yuhala, Mic Paper, Timoth'ee Zerbib, P. Felber, V. Schiavoni, A. Tchana
{"title":"SGX Switchless Calls Made Configless","authors":"Peterson Yuhala, Mic Paper, Timoth'ee Zerbib, P. Felber, V. Schiavoni, A. Tchana","doi":"10.1109/DSN58367.2023.00032","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00032","url":null,"abstract":"Intel's software guard extensions (SGX) provide hardware enclaves to guarantee confidentiality and integrity for sensitive code and data. However, systems leveraging such security mechanisms must often pay high performance overheads. A major source of this overhead is SGX enclave transitions which induce expensive cross-enclave context switches. The Intel SGX SDK mitigates this with a switchless call mechanism for transitionless cross-enclave calls using worker threads. Intel's SGX switchless call implementation improves performance but provides limited flexibility: developers need to statically fix the system configuration at build time, which is error-prone and misconfigurations lead to performance degradations and waste of CPU resources. ZC-Switchless is a configless and efficient technique to drive the execution of SGX switchless calls. Its dynamic approach optimises the total switchless worker threads at runtime to minimise CPU waste. The experimental evaluation shows that ZC-Switchless obviates the performance penalty of misconfigured switchless systems while minimising CPU waste.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"398 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132150896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SHATTER: Control and Defense-Aware Attack Analytics for Activity-Driven Smart Home Systems 针对活动驱动的智能家居系统的控制和防御感知攻击分析
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-04-27 DOI: 10.1109/DSN58367.2023.00015
Nur Imtiazul Haque, Maurice Ngouen, M. Rahman, Selcuk Uluagac, L. Njilla
{"title":"SHATTER: Control and Defense-Aware Attack Analytics for Activity-Driven Smart Home Systems","authors":"Nur Imtiazul Haque, Maurice Ngouen, M. Rahman, Selcuk Uluagac, L. Njilla","doi":"10.1109/DSN58367.2023.00015","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00015","url":null,"abstract":"Modern smart home control systems utilize realtime occupancy and activity monitoring to ensure control efficiency, occupants' comfort, and optimal energy consumption. Moreover, adopting machine learning-based anomaly detection models (ADMs) enhances security and reliability. However, sufficient system knowledge allows adversaries/attackers to alter sensor measurements through stealthy false data injection (FDI) attacks. Although ADMs limit attack scopes, the availability of information like occupants' location, conducted activities, and alteration capability of smart appliances increase the attack surface. Therefore, performing an attack space analysis of modern home control systems is crucial to design robust defense solutions. However, state-of-the-art analyzers do not consider contemporary control and defense solutions and generate trivial attack vectors. To address this, we propose a control and defense-aware novel attack analysis framework for a modern smart home control system, efficiently extracting ADM rules. We verify and validate our framework using a state-of-the-art dataset and a prototype testbed.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130537301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cost-Damage Analysis of Attack Trees 攻击树的成本损害分析
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-04-12 DOI: 10.1109/DSN58367.2023.00057
Milan Lopuhaä-Zwakenberg, M. Stoelinga
{"title":"Cost-Damage Analysis of Attack Trees","authors":"Milan Lopuhaä-Zwakenberg, M. Stoelinga","doi":"10.1109/DSN58367.2023.00057","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00057","url":null,"abstract":"Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"141 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-04-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116762684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing IRIS:一个记录和重播框架,支持硬件辅助的虚拟化模糊测试
2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-03-22 DOI: 10.1109/DSN58367.2023.00045
Carmine Cesarano, M. Cinque, Domenico Cotroneo, L. Simone, Giorgio Farina
{"title":"IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing","authors":"Carmine Cesarano, M. Cinque, Domenico Cotroneo, L. Simone, Giorgio Farina","doi":"10.1109/DSN58367.2023.00045","DOIUrl":"https://doi.org/10.1109/DSN58367.2023.00045","url":null,"abstract":"Nowadays, industries are looking into virtualization as an effective means to build safe applications, thanks to the isolation it can provide among virtual machines (VMs) running on the same hardware. In this context, a fundamental issue is understanding to what extent the isolation is guaranteed, despite possible (or induced) problems in the virtualization mechanisms. Uncovering such isolation issues is still an open challenge, especially for hardware-assisted virtualization, since the search space should include all the possible VM states (and the linked hypervisor state), which is prohibitive. In this paper, we propose IRIS, a framework to record (learn) sequences of inputs (i.e., VM seeds) from the real guest execution (e.g., OS boot), replay them as-is to reach valid and complex VM states, and finally use them as valid seed to be mutated for enabling fuzzing solutions for hardware-assisted hypervisors. We demonstrate the accuracy and efficiency of IRIS in automatically reproducing valid VM behaviors, with no need to execute guest workloads. We also provide a proof-of-concept fuzzer, based on the proposed architecture, showing its potential on the Xen hypervisor.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124155541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信