69,369 research outputs found
Multi-aspect, robust, and memory exclusive guest os fingerprinting
Precise fingerprinting of an operating system (OS) is critical to many security and forensics applications in the cloud, such as virtual machine (VM) introspection, penetration testing, guest OS administration, kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM always exists in all these applications, in this article, we present OS-Sommelier+, a multi-aspect, memory exclusive approach for precise and robust guest OS fingerprinting in the cloud. It works as follows: given a physical memory dump of a guest OS, OS-Sommelier+ first uses a code hash based approach from kernel code aspect to determine the guest OS version. If code hash approach fails, OS-Sommelier+ then uses a kernel data signature based approach from kernel data aspect to determine the version. We have implemented a prototype system, and tested it with a number of Linux kernels. Our evaluation results show that the code hash approach is faster but can only fingerprint the known kernels, and data signature approach complements the code signature approach and can fingerprint even unknown kernels
Computational and Energy Costs of Cryptographic Algorithms on Handheld Devices
Networks are evolving toward a ubiquitous model in which heterogeneous
devices are interconnected. Cryptographic algorithms are required for developing security
solutions that protect network activity. However, the computational and energy limitations
of network devices jeopardize the actual implementation of such mechanisms. In this
paper, we perform a wide analysis on the expenses of launching symmetric and asymmetric
cryptographic algorithms, hash chain functions, elliptic curves cryptography and pairing
based cryptography on personal agendas, and compare them with the costs of basic operating
system functions. Results show that although cryptographic power costs are high and such
operations shall be restricted in time, they are not the main limiting factor of the autonomy
of a device
Recommended from our members
A Study of the Relationship Between Antivirus Regressions and Label Changes
AntiVirus (AV) products use multiple components to detect malware. A component which is found in virtually all AVs is the signature-based detection engine: this component assigns a particular signature label to a malware that the AV detects. In previous analysis [1-3], we observed cases of regressions in several different AVs: i.e. cases where on a particular date a given AV detects a given malware but on a later date the same AV fails to detect the same malware. We studied this aspect further by analyzing the only externally observable behaviors from these AVs, namely whether AV engines detect a malware and what labels they assign to the detected malware. In this paper we present the results of the analysis about the relationship between the changing of the labels with which AV vendors recognize malware and the AV regressions
Visual identification by signature tracking
We propose a new camera-based biometric: visual signature identification. We discuss the importance of the parameterization of the signatures in order to achieve good classification results, independently of variations in the position of the camera with respect to the writing surface. We show that affine arc-length parameterization performs better than conventional time and Euclidean arc-length ones. We find that the system verification performance is better than 4 percent error on skilled forgeries and 1 percent error on random forgeries, and that its recognition performance is better than 1 percent error rate, comparable to the best camera-based biometrics
Selective AP-sequence Based Indoor Localization without Site Survey
In this paper, we propose an indoor localization system employing ordered
sequence of access points (APs) based on received signal strength (RSS). Unlike
existing indoor localization systems, our approach does not require any
time-consuming and laborious site survey phase to characterize the radio
signals in the environment. To be precise, we construct the fingerprint map by
cutting the layouts of the interested area into regions with only the knowledge
of positions of APs. This can be done offline within a second and has a
potential for practical use. The localization is then achieved by matching the
ordered AP-sequence to the ones in the fingerprint map. Different from
traditional fingerprinting that employing all APs information, we use only
selected APs to perform localization, due to the fact that, without site
survey, the possibility in obtaining the correct AP sequence is lower if it
involves more APs. Experimental results show that, the proposed system achieves
localization accuracy < 5m with an accumulative density function (CDF) of 50%
to 60% depending on the density of APs. Furthermore, we observe that, using all
APs for localization might not achieve the best localization accuracy, e.g. in
our case, 4 APs out of total 7 APs achieves the best performance. In practice,
the number of APs used to perform localization should be a design parameter
based on the placement of APs.Comment: VTC2016-Spring, 15-18 May 2016, Nanjing, Chin
- …