Multi-aspect, robust, and memory exclusive guest os fingerprinting

Precise fingerprinting of an operating system (OS) is critical to many security and forensics applications in the cloud, such as virtual machine (VM) introspection, penetration testing, guest OS administration, kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM always exists in all these applications, in this article, we present OS-Sommelier+, a multi-aspect, memory exclusive approach for precise and robust guest OS fingerprinting in the cloud. It works as follows: given a physical memory dump of a guest OS, OS-Sommelier+ first uses a code hash based approach from kernel code aspect to determine the guest OS version. If code hash approach fails, OS-Sommelier+ then uses a kernel data signature based approach from kernel data aspect to determine the version. We have implemented a prototype system, and tested it with a number of Linux kernels. Our evaluation results show that the code hash approach is faster but can only fingerprint the known kernels, and data signature approach complements the code signature approach and can fingerprint even unknown kernels

XSS-FP: Browser Fingerprinting using HTML Parser Quirks

There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to

Note: Finger Imaging: A 21st Century Solution to Welfare Fraud at our Fingertips

This Note describes the finger imaging process and summarizes the current New York Social Services law regarding public assistance. It also outlines the current finger imaging bill before the New York State Legislature. Part III examines and considers the two major policy arguments against the implementation of the program. Part IV outlines the legal controversy regarding finger imaging and addresses each express concern as well as constitutional issues. Part V compares New York\u27s finger imaging legislation with similar legislation already in place in California and argues that the New York program will be as effective as California\u27s. In conclusion, this Note urges the New York State Legislature to enact a statewide finger imaging requirement for public assistance and embrace the finger imaging system as an effective and proper method of combatting welfare fraud in the state

Note: Finger Imaging: A 21st Century Solution to Welfare Fraud at our Fingertips

This Note describes the finger imaging process and summarizes the current New York Social Services law regarding public assistance. It also outlines the current finger imaging bill before the New York State Legislature. Part III examines and considers the two major policy arguments against the implementation of the program. Part IV outlines the legal controversy regarding finger imaging and addresses each express concern as well as constitutional issues. Part V compares New York\u27s finger imaging legislation with similar legislation already in place in California and argues that the New York program will be as effective as California\u27s. In conclusion, this Note urges the New York State Legislature to enact a statewide finger imaging requirement for public assistance and embrace the finger imaging system as an effective and proper method of combatting welfare fraud in the state

Seeking Anonymity in an Internet Panopticon

Obtaining and maintaining anonymity on the Internet is challenging. The state of the art in deployed tools, such as Tor, uses onion routing (OR) to relay encrypted connections on a detour passing through randomly chosen relays scattered around the Internet. Unfortunately, OR is known to be vulnerable at least in principle to several classes of attacks for which no solution is known or believed to be forthcoming soon. Current approaches to anonymity also appear unable to offer accurate, principled measurement of the level or quality of anonymity a user might obtain. Toward this end, we offer a high-level view of the Dissent project, the first systematic effort to build a practical anonymity system based purely on foundations that offer measurable and formally provable anonymity properties. Dissent builds on two key pre-existing primitives - verifiable shuffles and dining cryptographers - but for the first time shows how to scale such techniques to offer measurable anonymity guarantees to thousands of participants. Further, Dissent represents the first anonymity system designed from the ground up to incorporate some systematic countermeasure for each of the major classes of known vulnerabilities in existing approaches, including global traffic analysis, active attacks, and intersection attacks. Finally, because no anonymity protocol alone can address risks such as software exploits or accidental self-identification, we introduce WiNon, an experimental operating system architecture to harden the uses of anonymity tools such as Tor and Dissent against such attacks.Comment: 8 pages, 10 figure

A New Procedure to Detect Low Interaction Honeypots

Honeypots  systems  are   an   important  piece  of   the   network  security infrastructure and can be deployed to accomplish different purposes such as: network sensing, capturing and learning about 0-day exploits, capturing and analyzing of black hat techniques, deterring black hats and data gathering for doing  statistical  analysis  over  the  Internet  traffic,  among  others. Nevertheless, all honeypots need to look like real systems, due to if a honeypot is unmasked, it loses its value. This paper presents a new procedure to detect low interaction honeypots, through HTTP request, regardless honeypot architecture. It is important to mention that Low Interaction Honeypots network services need to be improved in order to get trustworthy information. Otherwise, it should consider data obtained by low interaction honeypots like inaccurate and unreliable information.DOI:http://dx.doi.org/10.11591/ijece.v4i6.688