18,667 research outputs found
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response
Considerable delays often exist between the discovery of a vulnerability and
the issue of a patch. One way to mitigate this window of vulnerability is to
use a configuration workaround, which prevents the vulnerable code from being
executed at the cost of some lost functionality -- but only if one is
available. Since program configurations are not specifically designed to
mitigate software vulnerabilities, we find that they only cover 25.2% of
vulnerabilities.
To minimize patch delay vulnerabilities and address the limitations of
configuration workarounds, we propose Security Workarounds for Rapid Response
(SWRRs), which are designed to neutralize security vulnerabilities in a timely,
secure, and unobtrusive manner. Similar to configuration workarounds, SWRRs
neutralize vulnerabilities by preventing vulnerable code from being executed at
the cost of some lost functionality. However, the key difference is that SWRRs
use existing error-handling code within programs, which enables them to be
mechanically inserted with minimal knowledge of the program and minimal
developer effort. This allows SWRRs to achieve high coverage while still being
fast and easy to deploy.
We have designed and implemented Talos, a system that mechanically
instruments SWRRs into a given program, and evaluate it on five popular Linux
server programs. We run exploits against 11 real-world software vulnerabilities
and show that SWRRs neutralize the vulnerabilities in all cases. Quantitative
measurements on 320 SWRRs indicate that SWRRs instrumented by Talos can
neutralize 75.1% of all potential vulnerabilities and incur a loss of
functionality similar to configuration workarounds in 71.3% of those cases. Our
overall conclusion is that automatically generated SWRRs can safely mitigate
2.1x more vulnerabilities, while only incurring a loss of functionality
comparable to that of traditional configuration workarounds.Comment: Published in Proceedings of the 37th IEEE Symposium on Security and
Privacy (Oakland 2016
Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling
A number of Internet of Things (IoTs) platforms have emerged to enable
various IoT apps developed by third-party developers to automate smart homes.
Prior research mostly concerns the overprivilege problem in the permission
model. Our work, however, reveals that even IoT apps that follow the principle
of least privilege, when they interplay, can cause unique types of threats,
named Cross-App Interference (CAI) threats. We describe and categorize the new
threats, showing that unexpected automation, security and privacy issues may be
caused by such threats, which cannot be handled by existing IoT security
mechanisms. To address this problem, we present HOMEGUARD, a system for
appified IoT platforms to detect and cope with CAI threats. A symbolic executor
module is built to precisely extract the automation semantics from IoT apps.
The semantics of different IoT apps are then considered collectively to
evaluate their interplay and discover CAI threats systematically. A user
interface is presented to users during IoT app installation, interpreting the
discovered threats to help them make decisions. We evaluate HOMEGUARD via a
proof-of-concept implementation on Samsung SmartThings and discover many threat
instances among apps in the SmartThings public repository. The evaluation shows
that it is precise, effective and efficient.Comment: An earlier version of this paper was submitted to ACM CCS'18 on May
9th, 2018. This version contains some minor modifications based on that
submissio
Review of Considerations for Mobile Device based Secure Access to Financial Services and Risk Handling Strategy for CIOs, CISOs and CTOs
The information technology and security stakeholders like CIOs, CISOs and
CTOs in financial services organization are often asked to identify the risks
with mobile computing channel for financial services that they support. They
are also asked to come up with approaches for handling risks, define risk
acceptance level and mitigate them. This requires them to articulate strategy
for supporting a huge variety of mobile devices from various vendors with
different operating systems and hardware platforms and at the same time stay
within the accepted risk level. These articulations should be captured in
information security policy document or other suitable document of financial
services organization like banks, payment service provider, etc. While risks
and mitigation approaches are available from multiple sources, the senior
stakeholders may find it challenging to articulate the issues in a
comprehensive manner for sharing with business owners and other technology
stakeholders. This paper reviews the current research that addresses the issues
mentioned above and articulates a strategy that the senior stakeholders may use
in their organization. It is assumed that this type of comprehensive strategy
guide for senior stakeholders is not readily available and CIOs, CISOs and CTOs
would find this paper to be very useful
Practical Enclave Malware with Intel SGX
Modern CPU architectures offer strong isolation guarantees towards user
applications in the form of enclaves. For instance, Intel's threat model for
SGX assumes fully trusted enclaves, yet there is an ongoing debate on whether
this threat model is realistic. In particular, it is unclear to what extent
enclave malware could harm a system. In this work, we practically demonstrate
the first enclave malware which fully and stealthily impersonates its host
application. Together with poorly-deployed application isolation on personal
computers, such malware can not only steal or encrypt documents for extortion,
but also act on the user's behalf, e.g., sending phishing emails or mounting
denial-of-service attacks. Our SGX-ROP attack uses new TSX-based
memory-disclosure primitive and a write-anything-anywhere primitive to
construct a code-reuse attack from within an enclave which is then
inadvertently executed by the host application. With SGX-ROP, we bypass ASLR,
stack canaries, and address sanitizer. We demonstrate that instead of
protecting users from harm, SGX currently poses a security threat, facilitating
so-called super-malware with ready-to-hit exploits. With our results, we seek
to demystify the enclave malware threat and lay solid ground for future
research on and defense against enclave malware
Hello rootKitty: A lightweight invariance-enforcing framework
In monolithic operating systems, the kernel is the piece of code that
executes with the highest privileges and has control over all the software
running on a host. A successful attack against an operating system's kernel
means a total and complete compromise of the running system. These attacks
usually end with the installation of a rootkit, a stealthy piece of software
running with kernel privileges. When a rootkit is present, no guarantees can be
made about the correctness, privacy or isolation of the operating system.
In this paper we present \emph{Hello rootKitty}, an invariance-enforcing
framework which takes advantage of current virtualization technology to protect
a guest operating system against rootkits. \emph{Hello rootKitty} uses the idea
of invariance to detect maliciously modified kernel data structures and restore
them to their original legitimate values. Our prototype has negligible
performance and memory overhead while effectively protecting commodity
operating systems from modern rootkits.Comment: 16 pages, ISC Information Security Conference, Xi'an China, 2011,
Springe
Software Defined Security Service Provisioning Framework for Internet of Things
Programmable management framework have paved the way for managing devices in
the network. Lately, emerging paradigm of Software Defined Networking (SDN)
have revolutionized programmable networks. Designers of networking applications
i.e. Internet of things (IoT) have started investigating potentials of SDN
paradigm in improving network management. IoT envision interconnecting various
embedded devices surrounding our environment with IP to enable internet
connectivity. Unlike traditional network architectures, IoT are characterized
by constraint in resources and heterogeneous inter connectivity of wireless and
wired medium. Therefore, unique challenges for managing IoT are raised which
are discussed in this paper. Ubiquity of IoT have raised unique security
challenges in IoT which is one of the aspect of management framework for IoT.
In this paper, security threats and requirements are summarized in IoT
extracted from the state of the art efforts in investigating security
challenges of IoT. Also, SDN based security service provisioning framework for
IoT is proposed.Comment: 15 pages, 18 figure
Software Vulnerabilities, Banking Threats, Botnets and Malware Self-Protection Technologies
Information security is the protection of information from a wide range of
threats in order to ensure success business continuity by minimizing risks and
maximizing the return of investments and business opportunities. In this paper,
we study and discuss the software vulnerabilities, banking threats, botnets and
propose the malware self-protection technologies.Comment: 5 page
Aware: Controlling App Access to I/O Devices on Mobile Platforms
Smartphones' cameras, microphones, and device displays enable users to
capture and view memorable moments of their lives. However, adversaries can
trick users into authorizing malicious apps that exploit weaknesses in current
mobile platforms to misuse such on-board I/O devices to stealthily capture
photos, videos, and screen content without the users' consent. Contemporary
mobile operating systems fail to prevent such misuse of I/O devices by
authorized apps due to lack of binding between users' interactions and accesses
to I/O devices performed by these apps. In this paper, we propose Aware, a
security framework for authorizing app requests to perform operations using I/O
devices, which binds app requests with user intentions to make all uses of
certain I/O devices explicit. We evaluate our defense mechanisms through
laboratory-based experimentation and a user study, involving 74 human subjects,
whose ability to identify undesired operations targeting I/O devices increased
significantly. Without Aware, only 18% of the participants were able to
identify attacks from tested RAT apps. Aware systematically blocks all the
attacks in absence of user consent and supports users in identifying 82% of
social-engineering attacks tested to hijack approved requests, including some
more sophisticated forms of social engineering not yet present in available
RATs. Aware introduces only 4.79% maximum performance overhead over operations
targeting I/O devices. Aware shows that a combination of system defenses and
user interface can significantly strengthen defenses for controlling the use of
on-board I/O devices
EPA-RIMM: A Framework for Dynamic SMM-based Runtime Integrity Measurement
Runtime integrity measurements identify unexpected changes in operating
systems and hypervisors during operation, enabling early detection of
persistent threats. System Management Mode, a privileged x86 CPU mode, has the
potential to effectively perform such rootkit detection. Previously proposed
SMM-based approaches demonstrated effective detection capabilities, but at a
cost of performance degradation and software side effects. In this paper we
introduce our solution to these problems, an SMM-based Extensible, Performance
Aware Runtime Integrity Measurement Mechanism called EPA-RIMM. The EPA-RIMM
architecture features a performance-sensitive design that decomposes large
integrity measurements and schedules them to control perturbation and side
effects. EPA-RIMM's decomposition of long-running measurements into shorter
tasks, extensibility, and use of SMM complicates the efforts of malicious code
to detect or avoid the integrity measurements. Using a Minnowboard-based
prototype, we demonstrate its detection capabilities and performance impacts.
Early results are promising, and suggest that EPA-RIMM will meet
production-level performance constraints while continuously monitoring key OS
and hypervisor data structures for signs of attack.Comment: 13 page
- …