217 research outputs found
A Survey of Techniques for Improving Security of GPUs
Graphics processing unit (GPU), although a powerful performance-booster, also
has many security vulnerabilities. Due to these, the GPU can act as a
safe-haven for stealthy malware and the weakest `link' in the security `chain'.
In this paper, we present a survey of techniques for analyzing and improving
GPU security. We classify the works on key attributes to highlight their
similarities and differences. More than informing users and researchers about
GPU security techniques, this survey aims to increase their awareness about GPU
security vulnerabilities and potential countermeasures
HardTaint: Production-Run Dynamic Taint Analysis via Selective Hardware Tracing
Dynamic taint analysis (DTA), as a fundamental analysis technique, is widely
used in security, privacy, and diagnosis, etc. As DTA demands to collect and
analyze massive taint data online, it suffers extremely high runtime overhead.
Over the past decades, numerous attempts have been made to lower the overhead
of DTA. Unfortunately, the reductions they achieved are marginal, causing DTA
only applicable to the debugging/testing scenarios. In this paper, we propose
and implement HardTaint, a system that can realize production-run dynamic taint
tracking. HardTaint adopts a hybrid and systematic design which combines static
analysis, selective hardware tracing and parallel graph processing techniques.
The comprehensive evaluations demonstrate that HardTaint introduces only around
9% runtime overhead which is an order of magnitude lower than the
state-of-the-arts, while without sacrificing any taint detection capability
Towards Making JavaScript Applications Secure and Private
JavaScript is a popular programming language widely used on both the browser and the server sides. Researchers have extensively studied different aspects of the security and privacy of JavaScript, for instance, the vulnerability detection of the server-side Node.JS applications and the browser-side fingerprinting techniques. Despite the research efforts, multiple challenges of JavaScript remain unsolved: on the server-side, existing vulnerability detection approaches do not generalize to a wide range of popular vulnerabilities and the detection rate is not satisfactory; on the client-side, service providers can only fingerprint users within a single browser but not cross different browsers.
In this dissertation, we propose a flow-, branch- and context-sensitive static analysis approach to generate a novel graph structure, named Object Dependence Graph (ODG), to address the server-side vulnerability detection challenges, and a cross-browser fingerprinting method that utilizes multiple novel OS and hardware level features to solve the client-side fingerprinting challenge.
On the server-side, ODG represents JavaScript objects as nodes and their relations with Abstract Syntax Tree (AST) as edges, and allows users to detect multiple types of vulnerabilities during and after the generation process of ODG and by graph queries. Our evaluation shows that for server-side vulnerability detection, our approach outperforms all the state-of-the-art JavaScript vulnerability detection tools in terms of false-positive rate and false-negative rate. We apply our tool to detect six types of vulnerabilities on top of an NPM package dataset, which correctly reports 241 zero-day vulnerable packages, and 81 of them are assigned with CVE identifiers.
On the client-side, our approach utilizes multiple novel OS and hardware level features, such as those from graphics cards and CPUs, to achieve better accuracy and stability. The evaluation shows that our approach can identify 99.24% of the browsers and 84.64% of the devices, as opposed to 90.83% and 68.98% of the state-of-the-art approaches, respectively
Master of Science
thesisTo minimize resource consumption and maximize performance, computer architecture research has been investigating approaches that may compute inaccurate solutions. Such hardware inaccuracies may induce a wide variety of program behaviors which are not obs
SHAPFUZZ: Efficient Fuzzing via Shapley-Guided Byte Selection
Mutation-based fuzzing is popular and effective in discovering unseen code
and exposing bugs. However, only a few studies have concentrated on quantifying
the importance of input bytes, which refers to the degree to which a byte
contributes to the discovery of new code. They often focus on obtaining the
relationship between input bytes and path constraints, ignoring the fact that
not all constraint-related bytes can discover new code. In this paper, we
conduct Shapely analysis to understand the effect of byte positions on fuzzing
performance, and find that some byte positions contribute more than others and
this property often holds across seeds. Based on this observation, we propose a
novel fuzzing solution, ShapFuzz, to guide byte selection and mutation.
Specifically, ShapFuzz updates Shapley values (importance) of bytes when each
input is tested during fuzzing with a low overhead, and utilizes contextual
multi-armed bandit to trade off between mutating high Shapley value bytes and
low-frequently chosen bytes. We implement a prototype of this solution based on
AFL++, i.e., ShapFuzz. We evaluate ShapFuzz against ten state-of-the-art
fuzzers, including five byte schedule-reinforced fuzzers and five commonly used
fuzzers. Compared with byte schedule-reinforced fuzzers, ShapFuzz discovers
more edges and exposes more bugs than the best baseline on three different sets
of initial seeds. Compared with commonly used fuzzers, ShapFuzz exposes 20 more
bugs than the best comparison fuzzer, and discovers 6 more CVEs than the best
baseline on MAGMA. Furthermore, ShapFuzz discovers 11 new bugs on the latest
versions of programs, and 3 of them are confirmed by vendors
- …