Domain Name System Security and Privacy: Old Problems and New Challenges

The domain name system (DNS) is an important protocol in today's Internet operation, and is the standard naming convention between domain names, names that are easy to read, understand, and remember by humans, to IP address of Internet resources. The wealth of research activities on DNS in general and security and privacy in particular suggest that all problems in this domain are solved. Reality however is that despite the large body of literature on various aspects of DNS, there are still many challenges that need to be addressed. In this paper, we review the various activities in the research community on DNS operation, security, and privacy, and outline various challenges and open research directions that need to be tackled

ConsiDroid: A Concolic-based Tool for Detecting SQL Injection Vulnerability in Android Apps

In this paper, we present a concolic execution technique for detecting SQL injection vulnerabilities in Android apps, with a new tool we called ConsiDroid. We extend the source code of apps with mocking technique, such that the execution of original source code is not affected. The extended source code can be treated as Java applications and may be executed by SPF with concolic execution. We automatically produce a DummyMain class out of static analysis such that the essential functions are called sequentially and, the events leading to vulnerable functions are triggered. We extend SPF with taint analysis in ConsiDroid. For making taint analysis possible, we introduce a new technique of symbolic mock classes in order to ease the propagation of tainted values in the code. An SQL injection vulnerability is detected through receiving a tainted value by a vulnerable function. Besides, ConsiDroid takes advantage of static analysis to adjust SPF in order to inspect only suspicious paths. To illustrate the applicability of ConsiDroid, we have inspected randomly selected 140 apps from F-Droid repository. From these apps, we found three apps vulnerable to SQL injection. To verify their vulnerability, we analyzed the apps manually based on ConsiDroid's reports by using Robolectric

On Mitigation of Side-Channel Attacks in 3D ICs: Decorrelating Thermal Patterns from Power and Activity

Various side-channel attacks (SCAs) on ICs have been successfully demonstrated and also mitigated to some degree. In the context of 3D ICs, however, prior art has mainly focused on efficient implementations of classical SCA countermeasures. That is, SCAs tailored for up-and-coming 3D ICs have been overlooked so far. In this paper, we conduct such a novel study and focus on one of the most accessible and critical side channels: thermal leakage of activity and power patterns. We address the thermal leakage in 3D ICs early on during floorplanning, along with tailored extensions for power and thermal management. Our key idea is to carefully exploit the specifics of material and structural properties in 3D ICs, thereby decorrelating the thermal behaviour from underlying power and activity patterns. Most importantly, we discuss powerful SCAs and demonstrate how our open-source tool helps to mitigate them.Comment: Published in Proc. Design Automation Conference, 201

Privacy in Social Media: Identification, Mitigation and Applications

The increasing popularity of social media has attracted a huge number of people to participate in numerous activities on a daily basis. This results in tremendous amounts of rich user-generated data. This data provides opportunities for researchers and service providers to study and better understand users' behaviors and further improve the quality of the personalized services. Publishing user-generated data risks exposing individuals' privacy. Users privacy in social media is an emerging task and has attracted increasing attention in recent years. These works study privacy issues in social media from the two different points of views: identification of vulnerabilities, and mitigation of privacy risks. Recent research has shown the vulnerability of user-generated data against the two general types of attacks, identity disclosure and attribute disclosure. These privacy issues mandate social media data publishers to protect users' privacy by sanitizing user-generated data before publishing it. Consequently, various protection techniques have been proposed to anonymize user-generated social media data. There is a vast literature on privacy of users in social media from many perspectives. In this survey, we review the key achievements of user privacy in social media. In particular, we review and compare the state-of-the-art algorithms in terms of the privacy leakage attacks and anonymization algorithms. We overview the privacy risks from different aspects of social media and categorize the relevant works into five groups 1) graph data anonymization and de-anonymization, 2) author identification, 3) profile attribute disclosure, 4) user location and privacy, and 5) recommender systems and privacy issues. We also discuss open problems and future research directions for user privacy issues in social media.Comment: This survey is currently under revie

oo7: Low-overhead Defense against Spectre Attacks via Program Analysis

The Spectre vulnerability in modern processors has been widely reported. The key insight in this vulnerability is that speculative execution in processors can be misused to access the secrets. Subsequently, even though the speculatively executed instructions are squashed, the secret may linger in micro-architectural states such as cache, and can potentially be accessed by an attacker via side channels. In this paper, we propose oo7, a static analysis approach that can mitigate Spectre attacks by detecting potentially vulnerable code snippets in program binaries and protecting them against the attack by patching them. Our key contribution is to balance the concerns of effectiveness, analysis time and run-time overheads. We employ control flow extraction, taint analysis, and address analysis to detect tainted conditional branches and speculative memory accesses. oo7 can detect all fifteen purpose-built Spectre-vulnerable code patterns, whereas Microsoft compiler with Spectre mitigation option can only detect two of them. We also report the results of a large-scale study on applying oo7 to over 500 program binaries (average binary size 261 KB) from different real-world projects. We protect programs against Spectre attack by selectively inserting fences only at vulnerable conditional branches to prevent speculative execution. Our approach is experimentally observed to incur around 5.9% performance overheads on SPECint benchmarks.Comment: To appear in IEEE Transactions on Software Engineering, 202

A Survey of Techniques for Improving Security of GPUs

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link' in the security `chain'. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures

Hardware Trojan Detection through Information Flow Security Verification

Semiconductor design houses are increasingly becoming dependent on third party vendors to procure intellectual property (IP) and meet time-to-market constraints. However, these third party IPs cannot be trusted as hardware Trojans can be maliciously inserted into them by untrusted vendors. While different approaches have been proposed to detect Trojans in third party IPs, their limitations have not been extensively studied. In this paper, we analyze the limitations of the state-of-the-art Trojan detection techniques and demonstrate with experimental results how to defeat these detection mechanisms. We then propose a Trojan detection framework based on information flow security (IFS) verification. Our framework detects violation of IFS policies caused by Trojans without the need of white-box knowledge of the IP. We experimentally validate the efficacy of our proposed technique by accurately identifying Trojans in the trust-hub benchmarks. We also demonstrate that our technique does not share the limitations of the previously proposed Trojan detection techniques.Comment: 10 pages, 8 Figure

Identification of Optimal Locations for Sampling Ground Water for Pesticides in the Mississippi Delta Region of Eastern Arkansas

Concerns about the presence of pesticides in the Mississippi River Valley alluvial aquifer in the Arkansas Delta have generated the need to develop a map of ground water vulnerability for this region comprised of approximately 10 million acres. Based on the availability of digital data and the scale of this study. we used a modified Pesticide DRASTIC model in a GRASS GIS environment to identify areas that were physically more sensitive to pesticide contamination than other areas within the Delta. Spatial distribution of pesticide loading was estimated from pesticide application rates in different crops and crop distribution map interpreted from satellite imagery. Relative ground water vulnerability index was expressed as a product of aquifer sensitivity index and pesticide loading index. The resulting map showing the spatial distribution of relative ground water vulnerability index values was intended for use in selecting optimal locations for sampling ground water for pesticides in the Arkansas Delta and for aid in implementing the Arkansas Agricultural Chemical Ground-Water Management Plan. The most sensitive areas in the Delta are distributed mostly along major streams where a combination of shallow depth to ground water, thin confining unit, permeable soils, and high recharge rate usually prevails. It is also in many of these areas where large acres of crops are grown, and pesticides are used. Consequently, many areas along major streams are also most vulnerable. These vulnerable areas may be targeted by planners and governmental agencies for further detailed evaluation. Uncertainties in the methodology and mapped input data, plus the dynamic nature of model factors, require continued and improved efforts in ground water vulnerability assessment for the Arkansas Delta

Exploitation Techniques and Defenses for Data-Oriented Attacks

Data-oriented attacks manipulate non-control data to alter a program's benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow defense mechanisms. However, these threats have not been adequately addressed. In this SoK paper, we first map data-oriented exploits, including Data-Oriented Programming (DOP) attacks, to their assumptions/requirements and attack capabilities. We also compare known defenses against these attacks, in terms of approach, detection capabilities, overhead, and compatibility. Then, we experimentally assess the feasibility of a detection approach that is based on the Intel Processor Trace (PT) technology. PT only traces control flows, thus, is generally believed to be not useful for data-oriented security. However, our work reveals that data-oriented attacks (in particular the recent DOP attacks) may generate side-effects on control-flow behavior in multiple dimensions, which manifest in PT traces. Based on this evaluation, we discuss challenges for building deployable data-oriented defenses and open research questions