Proceedings of the 15th ACM conference on Computer and communications security最新文献

Dependent link padding algorithms for low latency anonymity systems 低延迟匿名系统的相关链路填充算法

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455812

Wen Wang, M. Motani, V. Srinivasan

引用次数: 62

Code injection attacks on harvard-architecture devices 针对哈佛架构设备的代码注入攻击

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455775

Aurélien Francillon, C. Castelluccia

{"title":"Code injection attacks on harvard-architecture devices","authors":"Aurélien Francillon, C. Castelluccia","doi":"10.1145/1455770.1455775","DOIUrl":"https://doi.org/10.1145/1455770.1455775","url":null,"abstract":"Harvard architecture CPU design is common in the embedded world. Examples of Harvard-based architecture devices are the Mica family of wireless sensors. Mica motes have limited memory and can process only very small packets. Stack-based buffer overflow techniques that inject code into the stack and then execute it are therefore not applicable. It has been a common belief that code injection is impossible on Harvard architectures. This paper presents a remote code injection attack for Mica sensors. We show how to exploit program vulnerabilities to permanently inject any piece of code into the program memory of an Atmel AVR-based sensor. To our knowledge, this is the first result that presents a code injection technique for such devices. Previous work only succeeded in injecting data or performing transient attacks. Injecting permanent code is more powerful since the attacker can gain full control of the target sensor. We also show that this attack can be used to inject a worm that can propagate through the wireless sensor network and possibly create a sensor botnet. Our attack combines different techniques such as return oriented programming and fake stack injection. We present implementation details and suggest some counter-measures.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125885593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 305

Session details: Attacks 1 会话详细信息:攻击类型1

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/3260801

M. Reiter

引用次数: 0

When good instructions go bad: generalizing return-oriented programming to RISC 当好的指令变坏时:将面向返回的编程推广到RISC

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455776

E. Buchanan, Ryan Roemer, H. Shacham, S. Savage

{"title":"When good instructions go bad: generalizing return-oriented programming to RISC","authors":"E. Buchanan, Ryan Roemer, H. Shacham, S. Savage","doi":"10.1145/1455770.1455776","DOIUrl":"https://doi.org/10.1145/1455770.1455776","url":null,"abstract":"This paper reconsiders the threat posed by Shacham's \"return-oriented programming\" -- a technique by which W-xor-X-style hardware protections are evaded via carefully crafted stack frames that divert control flow into the middle of existing variable-length x86 instructions -- creating short new instructions streams that then return. We believe this attack is both more general and a greater threat than the author appreciated. In fact, the vulnerability is not limited to the x86 architecture or any particular operating system, is readily exploitable, and bypasses an entire category of malware protections. In this paper we demonstrate general return-oriented programming on the SPARC, a fixed instruction length RISC architecture with structured control flow. We construct a Turing-complete library of code gadgets using snippets of the Solaris libc, a general purpose programming language, and a compiler for constructing return-oriented exploits. Finally, we argue that the threat posed by return-oriented programming, across all architectures and systems, has negative implications for an entire class of security mechanisms: those that seek to prevent malicious computation by preventing the execution of malicious code.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114761138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 419

Session details: Formal methods 1 会话详细信息

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/3260804

Anupam Datta

引用次数: 0

Mitigating DNS DoS attacks 缓解DNS DoS攻击

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455796

Hitesh Ballani, P. Francis

{"title":"Mitigating DNS DoS attacks","authors":"Hitesh Ballani, P. Francis","doi":"10.1145/1455770.1455796","DOIUrl":"https://doi.org/10.1145/1455770.1455796","url":null,"abstract":"This paper considers DoS attacks on DNS wherein attackers flood the nameservers of a zone to disrupt resolution of resource records belonging to the zone and consequently, any of its sub-zones. We propose a minor change in the caching behavior of DNS resolvers that can significantly alleviate the impact of such attacks. In our proposal, DNS resolvers do not completely evict cached resource records whose TTL has expired; rather, such resource records are stored in a separate \"stale cache\". If, during the resolution of a query, a resolver does not receive any response from the nameservers that are responsible for authoritatively answering the query, it can use the information stored in the stale cache to answer the query. In effect, the stale cache is the part of the global DNS database that has been accessed by the resolver and represents an insurance policy that the resolver uses only when the relevant DNS servers are unavailable. We analyze a 65-day DNS trace to quantify the benefits of a stale cache under different attack scenarios. Further, while the proposed change to DNS resolvers also changes DNS semantics, we argue that it does not adversely impact any of the fundamental DNS characteristics such as the autonomy of zone operators and hence, is a very simple and practical candidate for mitigating the impact of DoS attacks on DNS.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131041798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 46

Constructions of truly practical secure protocols using standardsmartcards 使用标准智能卡构建真正实用的安全协议

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455832

Carmit Hazay, Yehuda Lindell

引用次数: 72

RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications rfid和秘密握手:通过上下文感知通信防御幽灵和水蛭攻击和未经授权的读取

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455831

Alexei Czeskis, Karl Koscher, Joshua R. Smith, Tadayoshi Kohno

{"title":"RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications","authors":"Alexei Czeskis, Karl Koscher, Joshua R. Smith, Tadayoshi Kohno","doi":"10.1145/1455770.1455831","DOIUrl":"https://doi.org/10.1145/1455770.1455831","url":null,"abstract":"We tackle the problem of defending against ghost-and-leech (a.k.a. proxying, relay, or man-in-the-middle) attacks against RFID tags and other contactless cards. The approach we take -- which we dub secret handshakes -- is to incorporate gesture recognition techniques directly on the RFID tags or contactless cards. These cards will only engage in wireless communications when they internally detect these secret handshakes. We demonstrate the effectiveness of this approach by implementing our secret handshake recognition system on a passive WISP RFID tag with a built-in accelerometer. Our secret handshakes approach is backward compatible with existing deployments of RFID tag and contactless card readers. Our approach was also designed to minimize the changes to the existing usage model of certain classes of RFID and contactless cards, like access cards kept in billfold and purse wallets, allowing the execution of secret handshakes without removing the card from one's wallet. Our techniques could extend to improving the security and privacy properties of other uses of RFID tags, like contactless payment cards.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132835858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 118

Ether: malware analysis via hardware virtualization extensions 以太:恶意软件分析通过硬件虚拟化扩展

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455779

Artem Dinaburg, P. Royal, Monirul I. Sharif, Wenke Lee

{"title":"Ether: malware analysis via hardware virtualization extensions","authors":"Artem Dinaburg, P. Royal, Monirul I. Sharif, Wenke Lee","doi":"10.1145/1455770.1455779","DOIUrl":"https://doi.org/10.1145/1455770.1455779","url":null,"abstract":"Malware has become the centerpiece of most security threats on the Internet. Malware analysis is an essential technology that extracts the runtime behavior of malware, and supplies signatures to detection systems and provides evidence for recovery and cleanup. The focal point in the malware analysis battle is how to detect versus how to hide a malware analyzer from malware during runtime. State-of-the-art analyzers reside in or emulate part of the guest operating system and its underlying hardware, making them easy to detect and evade. In this paper, we propose a transparent and external approach to malware analysis, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any side-effects that are unconditionally detectable by malware. Our analyzer, Ether, is based on a novel application of hardware virtualization extensions such as Intel VT, and resides completely outside of the target OS environment. Thus, there are no in-guest software components vulnerable to detection, and there are no shortcomings that arise from incomplete or inaccurate system emulation. Our experiments are based on our study of obfuscation techniques used to create 25,000 recent malware samples. The results show that Ether remains transparent and defeats the obfuscation tools that evade existing approaches.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125510266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 755

Machine learning attacks against the Asirra CAPTCHA 机器学习攻击Asirra CAPTCHA

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455838

P. Golle

{"title":"Machine learning attacks against the Asirra CAPTCHA","authors":"P. Golle","doi":"10.1145/1455770.1455838","DOIUrl":"https://doi.org/10.1145/1455770.1455838","url":null,"abstract":"The Asirra CAPTCHA [EDHS2007], proposed at ACM CCS 2007, relies on the problem of distinguishing images of cats and dogs (a task that humans are very good at). The security of Asirra is based on the presumed difficulty of classifying these images automatically. In this paper, we describe a classifier which is 82.7% accurate in telling apart the images of cats and dogs used in Asirra. This classifier is a combination of support-vector machine classifiers trained on color and texture features extracted from images. Our classifier allows us to solve a 12-image Asirra challenge automatically with probability 10.3%. This probability of success is significantly higher than the estimate of 0.2% given in [EDHS2007] for machine vision attacks. Our results suggest caution against deploying Asirra without safeguards. We also investigate the impact of our attacks on the partial credit and token bucket algorithms proposed in [EDHS2007]. The partial credit algorithm weakens Asirra considerably and we recommend against its use. The token bucket algorithm helps mitigate the impact of our attacks and allows Asirra to be deployed in a way that maintains an appealing balance between usability and security. One contribution of our work is to inform the choice of safeguard parameters in Asirra deployments.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121312299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 61