发布求助
文献互助 智能选刊 最新文献

中国安防产品信息最新文献

筛选
英文 中文
Differential Fault Analysis Using Symbolic Execution 使用符号执行的微分故障分析
中国安防产品信息 Pub Date : 2017-12-05 DOI: 10.1145/3151137.3151141
Jasper van Woudenberg, Cees-Bart Breunesse, Rajesh Velegalati, P. Yalla, Sergio Gonzalez
{"title":"Differential Fault Analysis Using Symbolic Execution","authors":"Jasper van Woudenberg, Cees-Bart Breunesse, Rajesh Velegalati, P. Yalla, Sergio Gonzalez","doi":"10.1145/3151137.3151141","DOIUrl":"https://doi.org/10.1145/3151137.3151141","url":null,"abstract":"Differential fault analysis (DFA) is a cryptanalytic attack that uses corrupted cipher executions to extract secret/private keys. Traditionally applied in hardware-based systems, it is now being actively used in extracting keys from (whiteboxed) software cipher implementations. Extensive research is published which aims at increasing the efficiency of DFA on symmetric ciphers using fewer number of faulty cipher texts. However, such DFA attacks require manual analysis as a pre-processing step, a fixed guess at the fault model, and can be non-trivial to implement. Algebraic Fault Analysis (AFA) is a class of DFA which overcomes these difficulties by using a combination of algebraic cryptanalysis and DFA to retrieve the secret key. In this paper, we present a methodology which decreases the complexity of performing AFA, by using a symbolic execution engine on a software implementation of the cipher to create constraints which are then fed into a SAT solver. We test our proposed methodology against the AES and DES ciphers using different fault models, and show that under a given fault model, the keys can be extracted with as little as ~2 and ~5 faults respectively.","PeriodicalId":68286,"journal":{"name":"中国安防产品信息","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87356245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Lightweight Dispatcher Constructions for Control Flow Flattening 用于控制流扁平化的轻量级调度程序结构
中国安防产品信息 Pub Date : 2017-12-05 DOI: 10.1145/3151137.3151139
Björn Johansson, Patrik Lantz, M. Liljenstam
{"title":"Lightweight Dispatcher Constructions for Control Flow Flattening","authors":"Björn Johansson, Patrik Lantz, M. Liljenstam","doi":"10.1145/3151137.3151139","DOIUrl":"https://doi.org/10.1145/3151137.3151139","url":null,"abstract":"The objective of control flow obfuscation is to protect the program control flow from analysis. A technique called control flow flattening addresses static analysis by hiding edges between basic blocks in a program and introduces a dispatcher block that determines the execution order of the randomized blocks. In this paper we propose a novel flattening construction and lightweight dispatchers that do not impose high runtime performance impact on the program but still give good protection of the control flow against static analysis. We also present an attack model that allows us to quantitatively evaluate the protection the constructions give and compare against other suggestions from the literature. We have implemented our construction in the open source obfuscator OLLVM and present experimental results on overheads from different dispatcher implementations.","PeriodicalId":68286,"journal":{"name":"中国安防产品信息","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86163391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Evaluating Optimal Phase Ordering in Obfuscation Executives 模糊执行器中最优阶段排序的评价
中国安防产品信息 Pub Date : 2017-12-05 DOI: 10.1145/3151137.3151140
Will Holder, J. McDonald, T. Andel
{"title":"Evaluating Optimal Phase Ordering in Obfuscation Executives","authors":"Will Holder, J. McDonald, T. Andel","doi":"10.1145/3151137.3151140","DOIUrl":"https://doi.org/10.1145/3151137.3151140","url":null,"abstract":"Obfuscation is a software protection technique that aims to increase the difficulty and amount of resources required to understand programs from the perspective of a malicious end user. The order and number of obfuscating transformations is determined by an obfuscation executive and the optimal arrangement of transformation defines the phase ordering problem. In this paper, we report on a case study evaluation for determining the optimal phase ordering for an obfuscation executive. We analyze obfuscation effectiveness of variants generated by Tigress, a dynamic virtualizing obfuscator with four transformation types. We test the evaluation of multiple orderings against a symbolic virtual machine to determine the strengths and weaknesses of each combination. We use overhead (cost) and effectiveness as the tradeoff space to determine the best sequence and ordering of transformations within this context. Our results show that, ideally, applying control flow transformation, data encoding, abstract transforms, and then dynamic virtualization provides the highest effectiveness on average against symbolic execution attacks.","PeriodicalId":68286,"journal":{"name":"中国安防产品信息","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73015511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
GroupDroid: Automatically Grouping Mobile Malware by Extracting Code Similarities GroupDroid:通过提取代码相似性自动分组移动恶意软件
中国安防产品信息 Pub Date : 2017-12-05 DOI: 10.1145/3151137.3151138
Niccolò Marastoni, Andrea Continella, Davide Quarta, S. Zanero, M. Preda
{"title":"GroupDroid: Automatically Grouping Mobile Malware by Extracting Code Similarities","authors":"Niccolò Marastoni, Andrea Continella, Davide Quarta, S. Zanero, M. Preda","doi":"10.1145/3151137.3151138","DOIUrl":"https://doi.org/10.1145/3151137.3151138","url":null,"abstract":"As shown in previous work, malware authors often reuse portions of code in the development of their samples. Especially in the mobile scenario, there exists a phenomena, called piggybacking, that describes the act of embedding malicious code inside benign apps. In this paper, we leverage such observations to analyze mobile malware by looking at its similarities. In practice, we propose a novel approach that identifies and extracts code similarities in mobile apps. Our approach is based on static analysis and works by computing the Control Flow Graph of each method and encoding it in a feature vector used to measure similarities. We implemented our approach in a tool, GroupDroid, able to group mobile apps together according to their code similarities. Armed with Group-Droid, we then analyzed modern mobile malware samples. Our experiments show that GroupDroid is able to correctly and accurately distinguish different malware variants, and to provide useful and detailed information about the similar portions of malicious code.","PeriodicalId":68286,"journal":{"name":"中国安防产品信息","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75690603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Proceedings of the 7th Software Security, Protection, and Reverse Engineering / Software Security and Protection Workshop 第七届软件安全、保护与逆向工程/软件安全与保护研讨会论文集
中国安防产品信息 Pub Date : 2017-12-05 DOI: 10.1145/3151137
J. McDonald, M. Preda, Natalia Stakhanova
{"title":"Proceedings of the 7th Software Security, Protection, and Reverse Engineering / Software Security and Protection Workshop","authors":"J. McDonald, M. Preda, Natalia Stakhanova","doi":"10.1145/3151137","DOIUrl":"https://doi.org/10.1145/3151137","url":null,"abstract":"","PeriodicalId":68286,"journal":{"name":"中国安防产品信息","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89448266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Fast Model Learning for the Detection of Malicious Digital Documents 基于快速模型学习的恶意数字文档检测
中国安防产品信息 Pub Date : 2017-12-05 DOI: 10.1145/3151137.3151142
Daniel Scofield, Craig Miles, Stephen Kuhn
{"title":"Fast Model Learning for the Detection of Malicious Digital Documents","authors":"Daniel Scofield, Craig Miles, Stephen Kuhn","doi":"10.1145/3151137.3151142","DOIUrl":"https://doi.org/10.1145/3151137.3151142","url":null,"abstract":"Modern cyber attacks are often conducted by distributing digital documents that contain malware. The approach detailed herein, which consists of a classifier that uses features derived from dynamic analysis of a document viewer as it renders the document in question, is capable of classifying the disposition of digital documents with greater than 98% accuracy even when its model is trained on just small amounts of data. To keep the classification model itself small and thereby to provide scalability, we employ an entity resolution strategy that merges syntactically disparate features that are thought to be semantically equivalent but vary due to programmatic randomness. Entity resolution enables construction of a comprehensive model of benign functionality using relatively few training documents, and the model does not improve significantly with additional training data.","PeriodicalId":68286,"journal":{"name":"中国安防产品信息","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87570422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Packer identification based on metadata signature 基于元数据签名的封隔器识别
中国安防产品信息 Pub Date : 2017-12-05 DOI: 10.1145/3151137.3160687
Nguyen Minh Hai, Mizuhito Ogawa, Q. T. Tho
{"title":"Packer identification based on metadata signature","authors":"Nguyen Minh Hai, Mizuhito Ogawa, Q. T. Tho","doi":"10.1145/3151137.3160687","DOIUrl":"https://doi.org/10.1145/3151137.3160687","url":null,"abstract":"Malware applies lots of obfuscation techniques, which are often automatically generated by the use of packers. This paper presents a packer identification of packed code based on metadata signature, which is a frequency vector of occurrences of classified obfuscation techniques. First, BE-PUM (Binary Emulator for PUshdown Model generation) disassembles and generates the control flow graph of malware in an on-the-fly manner, using concolic testing. Second, obfuscation techniques in the generated control flow graph are detected based on the formal criteria of each obfuscation technique. Last, the used packer is identified with the chisquare test on the metadata signature of a packed code. The precision is evaluated with experiments on 12814 malware from VX heaven and Virusshare, in which 608 examples are detected inconsistent with commercial packer identification at PEiD, CFF Explore, and VirusTotal. We manually confirm that, except for 1 example, BE-PUM is correct. The only case that BE-PUM misunderstands is between MEW and FSG, which are quite similar packers and current BE-PUM extension does not support MEW.","PeriodicalId":68286,"journal":{"name":"中国安防产品信息","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78663581","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信