204 research outputs found
BoostNet: Bootstrapping detection of socialbots, and a case study from Guatemala
We present a method to reconstruct networks of socialbots given minimal
input. Then we use Kernel Density Estimates of Botometer scores from 47,000
social networking accounts to find clusters of automated accounts, discovering
over 5,000 socialbots. This statistical and data driven approach allows for
inference of thresholds for socialbot detection, as illustrated in a case study
we present from Guatemala.Comment: 7 pages, 4 figure
InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion
With the increasing popularity of AArch64 processors in general-purpose
computing, securing software running on AArch64 systems against control-flow
hijacking attacks has become a critical part toward secure computation. Shadow
stacks keep shadow copies of function return addresses and, when protected from
illegal modifications and coupled with forward-edge control-flow integrity,
form an effective and proven defense against such attacks. However, AArch64
lacks native support for write-protected shadow stacks, while software
alternatives either incur prohibitive performance overhead or provide weak
security guarantees.
We present InversOS, the first hardware-assisted write-protected shadow
stacks for AArch64 user-space applications, utilizing commonly available
features of AArch64 to achieve efficient intra-address space isolation (called
Privilege Inversion) required to protect shadow stacks. Privilege Inversion
adopts unconventional design choices that run protected applications in the
kernel mode and mark operating system (OS) kernel memory as user-accessible;
InversOS therefore uses a novel combination of OS kernel modifications,
compiler transformations, and another AArch64 feature to ensure the safety of
doing so and to support legacy applications. We show that InversOS is secure by
design, effective against various control-flow hijacking attacks, and
performant on selected benchmarks and applications (incurring overhead of 7.0%
on LMBench, 7.1% on SPEC CPU 2017, and 3.0% on Nginx web server).Comment: 18 pages, 9 figures, 4 table
Immigrant community integration in world cities
As a consequence of the accelerated globalization process, today major cities
all over the world are characterized by an increasing multiculturalism. The
integration of immigrant communities may be affected by social polarization and
spatial segregation. How are these dynamics evolving over time? To what extent
the different policies launched to tackle these problems are working? These are
critical questions traditionally addressed by studies based on surveys and
census data. Such sources are safe to avoid spurious biases, but the data
collection becomes an intensive and rather expensive work. Here, we conduct a
comprehensive study on immigrant integration in 53 world cities by introducing
an innovative approach: an analysis of the spatio-temporal communication
patterns of immigrant and local communities based on language detection in
Twitter and on novel metrics of spatial integration. We quantify the "Power of
Integration" of cities --their capacity to spatially integrate diverse
cultures-- and characterize the relations between different cultures when
acting as hosts or immigrants.Comment: 13 pages, 5 figures + Appendi
Fine-Grained Static Detection of Obfuscation Transforms Using Ensemble-Learning and Semantic Reasoning
International audienceThe ability to efficiently detect the software protections used is at a prime to facilitate the selection and application of adequate deob-fuscation techniques. We present a novel approach that combines semantic reasoning techniques with ensemble learning classification for the purpose of providing a static detection framework for obfuscation transformations. By contrast to existing work, we provide a methodology that can detect multiple layers of obfuscation, without depending on knowledge of the underlying functionality of the training-set used. We also extend our work to detect constructions of obfuscation transformations, thus providing a fine-grained methodology. To that end, we provide several studies for the best practices of the use of machine learning techniques for a scalable and efficient model. According to our experimental results and evaluations on obfuscators such as Tigress and OLLVM, our models have up to 91% accuracy on state-of-the-art obfuscation transformations. Our overall accuracies for their constructions are up to 100%
An iterative technique to identify browser fingerprinting scripts
Browser fingerprinting is a stateless identification technique based on
browser properties. Together, they form an identifier that can be collected
without users' notice and has been studied to be unique and stable. As this
technique relies on browser properties that serve legitimate purposes, the
detection of this technique is challenging. While several studies propose
classification techniques, none of these are publicly available, making them
difficult to reproduce. This paper proposes a new browser fingerprinting
detection technique. Based on an incremental process, it relies on both
automatic and manual decisions to be both reliable and fast. The automatic step
matches API calls similarities between scripts while the manual step is
required to classify a script with different calls. We publicly share our
algorithm and implementation to improve the general knowledge on the subject
Assessing the Effectiveness of Binary-Level CFI Techniques
Memory corruption is an important class of vulnerability that can be
leveraged to craft control flow hijacking attacks. Control Flow Integrity (CFI)
provides protection against such attacks. Application of type-based CFI
policies requires information regarding the number and type of function
arguments. Binary-level type recovery is inherently speculative, which
motivates the need for an evaluation framework to assess the effectiveness of
binary-level CFI techniques compared with their source-level counterparts,
where such type information is fully and accurately accessible. In this work,
we develop a novel, generalized and extensible framework to assess how the
program analysis information we get from state-of-the-art binary analysis tools
affects the efficacy of type-based CFI techniques. We introduce new and
insightful metrics to quantitatively compare source independent CFI policies
with their ground truth source aware counterparts. We leverage our framework to
evaluate binary-level CFI policies implemented using program analysis
information extracted from the IDA Pro binary analyzer and compared with the
ground truth information obtained from the LLVM compiler, and present our
observations.Comment: 14 pages, 9 figures, 9 tables, Part of this work is to be published
in 16th International Symposium on Foundations & Practice of Security (FPS -
2023
- …