1,572 research outputs found
Recommended from our members
Multi-aspect, robust, and memory exclusive guest os fingerprinting
Precise fingerprinting of an operating system (OS) is critical to many security and forensics applications in the cloud, such as virtual machine (VM) introspection, penetration testing, guest OS administration, kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM always exists in all these applications, in this article, we present OS-Sommelier+, a multi-aspect, memory exclusive approach for precise and robust guest OS fingerprinting in the cloud. It works as follows: given a physical memory dump of a guest OS, OS-Sommelier+ first uses a code hash based approach from kernel code aspect to determine the guest OS version. If code hash approach fails, OS-Sommelier+ then uses a kernel data signature based approach from kernel data aspect to determine the version. We have implemented a prototype system, and tested it with a number of Linux kernels. Our evaluation results show that the code hash approach is faster but can only fingerprint the known kernels, and data signature approach complements the code signature approach and can fingerprint even unknown kernels
XSS-FP: Browser Fingerprinting using HTML Parser Quirks
There are many scenarios in which inferring the type of a client browser is
desirable, for instance to fight against session stealing. This is known as
browser fingerprinting. This paper presents and evaluates a novel
fingerprinting technique to determine the exact nature (browser type and
version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks
exercised through XSS. Our experiments show that the exact version of a web
browser can be determined with 71% of accuracy, and that only 6 tests are
sufficient to quickly determine the exact family a web browser belongs to
Note: Finger Imaging: A 21st Century Solution to Welfare Fraud at our Fingertips
This Note describes the finger imaging process and summarizes the current New York Social Services law regarding public assistance. It also outlines the current finger imaging bill before the New York State Legislature. Part III examines and considers the two major policy arguments against the implementation of the program. Part IV outlines the legal controversy regarding finger imaging and addresses each express concern as well as constitutional issues. Part V compares New York\u27s finger imaging legislation with similar legislation already in place in California and argues that the New York program will be as effective as California\u27s. In conclusion, this Note urges the New York State Legislature to enact a statewide finger imaging requirement for public assistance and embrace the finger imaging system as an effective and proper method of combatting welfare fraud in the state
Note: Finger Imaging: A 21st Century Solution to Welfare Fraud at our Fingertips
This Note describes the finger imaging process and summarizes the current New York Social Services law regarding public assistance. It also outlines the current finger imaging bill before the New York State Legislature. Part III examines and considers the two major policy arguments against the implementation of the program. Part IV outlines the legal controversy regarding finger imaging and addresses each express concern as well as constitutional issues. Part V compares New York\u27s finger imaging legislation with similar legislation already in place in California and argues that the New York program will be as effective as California\u27s. In conclusion, this Note urges the New York State Legislature to enact a statewide finger imaging requirement for public assistance and embrace the finger imaging system as an effective and proper method of combatting welfare fraud in the state
Seeking Anonymity in an Internet Panopticon
Obtaining and maintaining anonymity on the Internet is challenging. The state
of the art in deployed tools, such as Tor, uses onion routing (OR) to relay
encrypted connections on a detour passing through randomly chosen relays
scattered around the Internet. Unfortunately, OR is known to be vulnerable at
least in principle to several classes of attacks for which no solution is known
or believed to be forthcoming soon. Current approaches to anonymity also appear
unable to offer accurate, principled measurement of the level or quality of
anonymity a user might obtain.
Toward this end, we offer a high-level view of the Dissent project, the first
systematic effort to build a practical anonymity system based purely on
foundations that offer measurable and formally provable anonymity properties.
Dissent builds on two key pre-existing primitives - verifiable shuffles and
dining cryptographers - but for the first time shows how to scale such
techniques to offer measurable anonymity guarantees to thousands of
participants. Further, Dissent represents the first anonymity system designed
from the ground up to incorporate some systematic countermeasure for each of
the major classes of known vulnerabilities in existing approaches, including
global traffic analysis, active attacks, and intersection attacks. Finally,
because no anonymity protocol alone can address risks such as software exploits
or accidental self-identification, we introduce WiNon, an experimental
operating system architecture to harden the uses of anonymity tools such as Tor
and Dissent against such attacks.Comment: 8 pages, 10 figure
A New Procedure to Detect Low Interaction Honeypots
Honeypots systems are an important piece of the network security infrastructure and can be deployed to accomplish different purposes such as: network sensing, capturing and learning about 0-day exploits, capturing and analyzing of black hat techniques, deterring black hats and data gathering for doing statistical analysis over the Internet traffic, among others. Nevertheless, all honeypots need to look like real systems, due to if a honeypot is unmasked, it loses its value. This paper presents a new procedure to detect low interaction honeypots, through HTTP request, regardless honeypot architecture. It is important to mention that Low Interaction Honeypots network services need to be improved in order to get trustworthy information. Otherwise, it should consider data obtained by low interaction honeypots like inaccurate and unreliable information.DOI:http://dx.doi.org/10.11591/ijece.v4i6.688
- …