Automated generation of colluding apps for experimental research

Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of colluding and non-colluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps

Developing Single Use Server Containers

The security provided by virtualization and the versatility and the undemanding nature of containers makes them viable candidates for achieving a one-to-one client-server architecture and the associated security benefits. Our team\u27s goal for this Major-Qualifying Project is to host WPI\u27s InstructAssist class management software using this model. Thus, each user session will be have its own instance of the web server in a container, preventing denial of service attacks by attacking a single point of failure and data theft attacks by employing a Query Restrictor

Succour to the Confused Deputy Types for Capabilities

Abstract. The possession of secrets is a recurrent theme in security literature and practice. We present a refinement type system, based on indexed intuitonist S4 necessity, for an object calculus with explicit locations (corresponding to principals) to control the principals that may possess a secret. Type safety ensures that if the execution of a well-typed program leads to a configuration with an object p located at principal a, then a possesses the capability to p. We illustrate the type system with simple examples drawn from web applications, including an illustration of how Cross-Site Request Forgery (CSRF) vulnerabilities may manifest themselves as absurd refinements on object declarations during type checking. This is an extended version of a paper that appears in APLAS 2012

PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses

Rowhammer is a hardware vulnerability in DRAM memory, where repeated access to memory can induce bit flips in neighboring memory locations. Being a hardware vulnerability, rowhammer bypasses all of the system memory protection, allowing adversaries to compromise the integrity and confidentiality of data. Rowhammer attacks have shown to enable privilege escalation, sandbox escape, and cryptographic key disclosures. Recently, several proposals suggest exploiting the spatial proximity between the accessed memory location and the location of the bit flip for a defense against rowhammer. These all aim to deny the attacker's permission to access memory locations near sensitive data. In this paper, we question the core assumption underlying these defenses. We present PThammer, a confused-deputy attack that causes accesses to memory locations that the attacker is not allowed to access. Specifically, PThammer exploits the address translation process of modern processors, inducing the processor to generate frequent accesses to protected memory locations. We implement PThammer, demonstrating that it is a viable attack, resulting in a system compromise (e.g., kernel privilege escalation). We further evaluate the effectiveness of proposed software-only defenses showing that PThammer can overcome those.Comment: Preprint of the work accepted at the International Symposium on Microarchitecture (MICRO) 2020. arXiv admin note: text overlap with arXiv:1912.0307

Boomerangs and creativity

The aim of this paper is to describe the country brand for Australia released by the Australian Federal Government in May 2010, ‘Brand Australia’. At the time of writing this paper, only the logo was available, and further details of the strategy (activities, targets, partners) were to be announced at a later date. This paper is focused on the available elements of the new Australian strategy; its antecedents in destination branding; the process conducted by the Australian Trade Commission (Austrade) in developing the new brand; the primary and secondary resource studies used by the Building Brand Australia program; policy aims; and the messages delivered by the brand’s new visual resources. The research method is based on website analysis and interviews. In addition to interviews with specific key respondents linked to the brand strategy, several interviews were conducted with researchers connected to tourism and cultural studies as an exercise in ‘thinking together’ about a phenomenon that is new, but also framed in a cultural sphere that is ‘exotic’ to the author. The main findings of this research can be summarized as follows: Australia enjoys the advantage of an outstanding perceived image, largely built on ‘soft’ portrayal items; Brand Australia focuses its core message in a couple of weak items (creativity and technology), probably considered strategic and undervalued by international audiences; the new program is not particularly worried about certain other weak issues (culture and environment); the new logo includes only a few elements (of the boomerang and the Australian map), mixing controversial and innocuous wellknown icons