Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats

Network steganography is the art of hiding secret information within innocent network transmissions. Recent findings indicate that novel malware is increasingly using network steganography. Similarly, other malicious activities can profit from network steganography, such as data leakage or the exchange of pedophile data. This paper provides an introduction to network steganography and highlights its potential application for harmful purposes. We discuss the issues related to countering network steganography in practice and provide an outlook on further research directions and problems.Comment: 11 page

Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection

Recent studies observe that app foreground is the most striking component that influences the access control decisions in mobile platform, as users tend to deny permission requests lacking visible evidence. However, none of the existing permission models provides a systematic approach that can automatically answer the question: Is the resource access indicated by app foreground? In this work, we present the design, implementation, and evaluation of COSMOS, a context-aware mediation system that bridges the semantic gap between foreground interaction and background access, in order to protect system integrity and user privacy. Specifically, COSMOS learns from a large set of apps with similar functionalities and user interfaces to construct generic models that detect the outliers at runtime. It can be further customized to satisfy specific user privacy preference by continuously evolving with user decisions. Experiments show that COSMOS achieves both high precision and high recall in detecting malicious requests. We also demonstrate the effectiveness of COSMOS in capturing specific user preferences using the decisions collected from 24 users and illustrate that COSMOS can be easily deployed on smartphones as a real-time guard with a very low performance overhead.Comment: Accepted for publication in IEEE INFOCOM'201

A System for Detecting Malicious Insider Data Theft in IaaS Cloud Environments

The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems

Fighting Child Pornography: A Review of Legal and Technological Developments

In our digitally connected world, the law is arguably behind the technological developments of the Internet age. While this causes many issues for law enforcement, it is of particular concern in the area of child pornography in the United States. With the wide availability of technologies such as digital cameras, peer-to-peer file sharing, strong encryption, Internet anonymizers and cloud computing, the creation and distribution of child pornography has become more widespread. Simultaneously, fighting the growth of this crime has become more difficult. This paper explores the development of both the legal and technological environments surrounding digital child pornography. In doing so, we cover the complications that court decisions have given law enforcement who are trying to investigate and prosecute child pornographers. We then provide a review of the technologies used in this crime and the forensic challenges that cloud computing creates for law enforcement. We note that both legal and technological developments since the 1990s seem to be working to the advantage of users and sellers of child pornography. Before concluding, we provide a discussion and offer observations regarding this subject