1,906 research outputs found
A Survey of Techniques for Improving Security of GPUs
Graphics processing unit (GPU), although a powerful performance-booster, also
has many security vulnerabilities. Due to these, the GPU can act as a
safe-haven for stealthy malware and the weakest `link' in the security `chain'.
In this paper, we present a survey of techniques for analyzing and improving
GPU security. We classify the works on key attributes to highlight their
similarities and differences. More than informing users and researchers about
GPU security techniques, this survey aims to increase their awareness about GPU
security vulnerabilities and potential countermeasures
Sophisticated denial-of-service attack detections through integrated architectural, OS, and appplication level events monitoring
As the first step to defend against DoS attacks, Network-based Intrusion Detection System is well explored and widely used in both commercial tools and research works. Such IDS framework is built upon features extracted from the network traffic, which are application-level features, and is effective in detecting flooding-based DoS attacks. However, in a sophisticated DoS attack, where an attacker manages to bypass the network-based monitors and launch a DoS attack locally, sniffer-based methods have difficulty in differentiating attacks with normal behaviors, since the malicious connection itself behaves in the same manner of normal connections. In this work, we study a Host-based IDS framework which integrates features from architectural and operating system (OS) levels to improve performance of sophisticated DoS intrusion detection. Network traffic collected from a campus network, and real-world exploits are used to provide a realistic evaluation
On Ladder Logic Bombs in Industrial Control Systems
In industrial control systems, devices such as Programmable Logic Controllers
(PLCs) are commonly used to directly interact with sensors and actuators, and
perform local automatic control. PLCs run software on two different layers: a)
firmware (i.e. the OS) and b) control logic (processing sensor readings to
determine control actions). In this work, we discuss ladder logic bombs, i.e.
malware written in ladder logic (or one of the other IEC 61131-3-compatible
languages). Such malware would be inserted by an attacker into existing control
logic on a PLC, and either persistently change the behavior, or wait for
specific trigger signals to activate malicious behaviour. For example, the LLB
could replace legitimate sensor readings with manipulated values. We see the
concept of LLBs as a generalization of attacks such as the Stuxnet attack. We
introduce LLBs on an abstract level, and then demonstrate several designs based
on real PLC devices in our lab. In particular, we also focus on stealthy LLBs,
i.e. LLBs that are hard to detect by human operators manually validating the
program running in PLCs. In addition to introducing vulnerabilities on the
logic layer, we also discuss countermeasures and we propose two detection
techniques.Comment: 11 pages, 14 figures, 2 tables, 1 algorith
An Extended Survey on Vehicle Security
The advanced electronic units with wireless capabilities inside modern
vehicles have, enhanced the driving experience, but also introduced a myriad of
security problems due to the inherent limitations of the internal communication
protocol. In the last two decades, a number of security threats have been
identified and accordingly, security measures have been proposed. In this
paper, we provide a comprehensive review of security threats and
countermeasures for the ubiquitous CAN bus communication protocol. Our review
of the existing literature leads us to a observation of an overlooked simple,
cost-effective, and incrementally deployable solution. Essentially, a reverse
firewall, referred to in this paper as an icewall, can be an effective defense
against a major class of packet-injection attacks and many denial of service
attacks. We cover the fundamentals of the icewall in this paper. Further, by
introducing the notion of human-in-the-loop, we discuss the subtle implications
to its security when a human driver is accounted for
Automatic Removal of Flaws in Embedded System Software
Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2022Currently, embedded systems are present in a myriad of devices, such as Internet of Things, drones,
and Cyber-physical Systems. The security of these devices can be critical, depending on the context
they are integrated and the role they play (e.g., water plant, car). C is the core language used to develop
the software for these devices and is known for missing the bounds of its data types, which leads to
vulnerabilities such as buffer overflows. These vulnerabilities, when exploited, cause severe damage and
can put human life in danger. Therefore, the software of these devices must be secure.
One of the concerns with vulnerable C programs is to correct the code automatically, employing
secure code that can remove the existing vulnerabilities and avoid attacks. However, such task faces
some challenges after finding the vulnerabilities, namely determining what code is needed to remove
them and where to insert that code, maintaining the correct behavior of the application after applying the
code correction, and verifying that the generated code correction is secure and effectively removes the
vulnerabilities. Another challenge is to accomplish all these elements automatically.
This work aims to study diverse types of buffer overflow vulnerabilities in the C programming lan guage, forms to build secure code for invalidating such vulnerabilities, including functions from the C
language that can be used to remove flaws. Based on this knowledge, we propose an approach that
automatically, after discovering and confirming potential vulnerabilities of an application, applies code
correction to fix the vulnerable code of those vulnerabilities verified and validate the new code with
fuzzing/attack injection.
We implemented our approach and evaluated it with a set of test cases and with real applications. The
experimental results showed that the tool detected the intended vulnerabilities and generated corrections
capable of removing the vulnerabilities found
APHID: Anomaly Processor in Hardware for Intrusion Detection
The Anomaly Processor in Hardware for Intrusion Detection (APHID) is a step forward in the field of co-processing intrusion detection mechanism. By using small, fast hardware primitives APHID relieves the production CPU from the burden of security processing. These primitives are tightly coupled to the CPU giving them access to critical state information such as the current instruction(s) in execution, the next instruction, registers, and processor state information. By monitoring these hardware elements, APHID is able to determine when an anomalous action occurs within one clock cycle. Upon detection, APHID can force the processor into a corrective state, or a halted state, depending on the required response. APHID primitives also harden the production system against attacks such as Distribute Denial of Service attack and buffer overflow attacks. APHID is designed to be fast and agile, with the ability to create multiple monitors that switch in and out of monitoring with the context switches of the production processor to highly focused coverage over multiple devices and sections of code
- …