67 research outputs found
Material extrusion-based additive manufacturing: G-code and firmware attacks and Defense frameworks
Additive Manufacturing (AM) refers to a group of manufacturing processes that create physical objects by sequentially depositing thin layers. AM enables highly customized production with minimal material wastage, rapid and inexpensive prototyping, and the production of complex assemblies as single parts in smaller production facilities. These features make AM an essential component of Industry 4.0 or Smart Manufacturing. It is now used to print functional components for aircraft, rocket engines, automobiles, medical implants, and more. However, the increased popularity of AM also raises concerns about cybersecurity. Researchers have demonstrated strength degradation attacks on printed objects by injecting cavities in the design file which cause premature failure and catastrophic consequences such as failure of the attacked propeller of a drone during flight.
Since a 3D printer is a cyber-physical system that connects the cyber and physical domains in a single process chain, it has a different set of vulnerabilities and security requirements compared to a conventional IT setup. My Ph.D. research focuses on the cybersecurity of one of the most popular AM processes, Material Extrusion or Fused Filament Fabrication (FFF). Although previous research has investigated attacks on printed objects by altering the design, these attacks often leave a larger footprint and are easier to detect. To address this limitation, I have focused on attacks at the intermediate stage of slicing through minimal manipulations at the individual sub-process level. By doing so, I have demonstrated that it is possible to implant subtle defects in printed parts that can evade detection schemes and bypass many quality assessment checks.
In addition to exploring attacks through design files or network layer manipulations, I have also proposed firmware attacks that cause damage to the printed parts, the printer, and the printing facility.
To detect sabotage attacks on FFF process, I have developed an attack detection framework that analyzes the cyber and physical domain state of the printing process and detects anomalies using a series of estimation and comparison algorithms in time, space, and frequency domains. An implementation case study confirms that cyber-physical security frameworks are an effective solution against sophisticated sabotage attacks. The increasing use of 3D printing technology to produce functional components underscores the growing importance of compliance and regulations in ensuring their quality and safety. Currently, there are no standards or best practices to guide a user in making a critical printing setup forensically ready. Therefore, I am proposing a novel forensic readiness framework for material extrusion-based 3D printing that will guide standards organizations in formulating compliance criteria for important 3D printing setups. I am optimistic that my offensive and defensive research endeavors presented in this thesis will serve as a valuable resource for researchers and industry practitioners in creating a safer and more secure future for additive manufacturing
HyperDbg: Reinventing Hardware-Assisted Debugging
Software analysis, debugging, and reverse engineering have a crucial impact in today's software industry. Efficient and stealthy debuggers are especially relevant for malware analysis. However, existing debugging platforms fail to address a transparent, effective, and high-performance low-level debugger due to their detectable fingerprints, complexity, and implementation restrictions.
In this paper, we present StealthDbg, a new hypervisor-assisted debugger for high-performance and stealthy debugging of user and kernel applications. To accomplish this, StealthDbg relies on state-of-the-art hardware features available in today's CPUs, such as VT-x and extended page tables. In contrast to other widely used existing debuggers, we design StealthDbg using a custom hypervisor, making it independent of OS functionality or API. We propose hardware-based instruction-level emulation and OS-level API hooking via extended page tables to increase the stealthiness. Our results of the dynamic analysis of 10,853 malware samples show that StealthDbg's stealthiness allows debugging on average 22% and 26% more samples than WinDbg and x64dbg, respectively. Moreover, in contrast to existing debuggers, StealthDbg is not detected by any of the 13 tested packers and protectors. We improve the performance over other debuggers by deploying a VMX-compatible script engine, eliminating unnecessary context switches. Our experiment on three concrete debugging scenarios shows that compared to WinDbg as the only kernel debugger, StealthDbg performs step-in, conditional breaks, and syscall recording, 2.98x, 1319x, and 2018x faster, respectively. We finally show real-world applications, such as a 0-day analysis, structure reconstruction for reverse engineering, software performance analysis, and code-coverage analysis
Self-Reliance for the Internet of Things: Blockchains and Deep Learning on Low-Power IoT Devices
The rise of the Internet of Things (IoT) has transformed common embedded devices from isolated objects to interconnected devices, allowing multiple applications for smart cities, smart logistics, and digital health, to name but a few. These Internet-enabled embedded devices have sensors and actuators interacting in the real world. The IoT interactions produce an enormous amount of data typically stored on cloud services due to the resource limitations of IoT devices. These limitations have made IoT applications highly dependent on cloud services. However, cloud services face several challenges, especially in terms of communication, energy, scalability, and transparency regarding their information storage. In this thesis, we study how to enable the next generation of IoT systems with transaction automation and machine learning capabilities with a reduced reliance on cloud communication. To achieve this, we look into architectures and algorithms for data provenance, automation, and machine learning that are conventionally running on powerful high-end devices. We redesign and tailor these architectures and algorithms to low-power IoT, balancing the computational, energy, and memory requirements.The thesis is divided into three parts:Part I presents an overview of the thesis and states four research questions addressed in later chapters.Part II investigates and demonstrates the feasibility of data provenance and transaction automation with blockchains and smart contracts on IoT devices.Part III investigates and demonstrates the feasibility of deep learning on low-power IoT devices.We provide experimental results for all high-level proposed architectures and methods. Our results show that algorithms of high-end cloud nodes can be tailored to IoT devices, and we quantify the main trade-offs in terms of memory, computation, and energy consumption
ECONOMICALLY PROTECTING COMPLEX, LEGACY OPERATING SYSTEMS USING SECURE DESIGN PRINCIPLES
In modern computer systems, complex legacy operating systems, such as Linux, are deployed ubiquitously. Many design choices in these legacy operating systems predate a modern understanding of security risks. As a result, new attack opportunities are routinely discovered to subvert such systems, which reveal design flaws that spur new research about secure design principles and other security mechanisms to thwart these attacks. Most research falls into two categories: encapsulating the threat and redesigning the system from scratch. Each approach has its challenge. Encapsulation can only limit the exposure to the risk, but not entirely prevent it. Rewriting the huge codebase of these operating systems is impractical in terms of developer effort, but appealing inasmuch as it can comprehensively eliminate security risks. This thesis pursues a third, understudied option: retrofitting security design principles in the existing kernel design. Conventional wisdom discourages retrofitting security because retrofitting is a hard problem, may require the use of new abstractions or break backward compatibility, may have unforeseen consequences, and may be equivalent to redesigning the system from scratch in terms of effort. This thesis offers new evidence to challenge this conventional wisdom, indicating that one can economically retrofit a comprehensive security policy onto complex, legacy systems. To demonstrate this assertion, this thesis firstly surveys the alternative of encapsulating the threat to the complex, legacy system by adding a monitoring layer using a technique called Virtual Machine Introspection, and discusses the shortcomings of this technique. Secondly, this thesis shows how to enforce the principle of least privilege by removing the need to run setuid-to-root binaries with administrator privilege. Finally, this thesis takes the first steps to show how to economically retrofit secure design principles to the OS virtualization feature of the Linux kernel called containers without rewriting the whole system. This approach can be applied more generally to other legacy systems.Doctor of Philosoph
Cyber Security of Critical Infrastructures
Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods
HyperDbg: Reinventing Hardware-Assisted Debugging (Extended Version)
Software analysis, debugging, and reverse engineering have a crucial impact
in today's software industry. Efficient and stealthy debuggers are especially
relevant for malware analysis. However, existing debugging platforms fail to
address a transparent, effective, and high-performance low-level debugger due
to their detectable fingerprints, complexity, and implementation restrictions.
In this paper, we present HyperDbg, a new hypervisor-assisted debugger for
high-performance and stealthy debugging of user and kernel applications. To
accomplish this, HyperDbg relies on state-of-the-art hardware features
available in today's CPUs, such as VT-x and extended page tables. In contrast
to other widely used existing debuggers, we design HyperDbg using a custom
hypervisor, making it independent of OS functionality or API. We propose
hardware-based instruction-level emulation and OS-level API hooking via
extended page tables to increase the stealthiness. Our results of the dynamic
analysis of 10,853 malware samples show that HyperDbg's stealthiness allows
debugging on average 22% and 26% more samples than WinDbg and x64dbg,
respectively. Moreover, in contrast to existing debuggers, HyperDbg is not
detected by any of the 13 tested packers and protectors. We improve the
performance over other debuggers by deploying a VMX-compatible script engine,
eliminating unnecessary context switches. Our experiment on three concrete
debugging scenarios shows that compared to WinDbg as the only kernel debugger,
HyperDbg performs step-in, conditional breaks, and syscall recording, 2.98x,
1319x, and 2018x faster, respectively. We finally show real-world applications,
such as a 0-day analysis, structure reconstruction for reverse engineering,
software performance analysis, and code-coverage analysis
On the malware detection problem : challenges and novel approaches
Orientador: AndrĂ© Ricardo Abed GrĂ©gioCoorientador: Paulo LĂcio de GeusTese (doutorado) - Universidade Federal do ParanĂĄ, Setor de CiĂȘncias Exatas, Programa de PĂłs-Graduação em InformĂĄtica. Defesa : Curitiba,Inclui referĂȘnciasĂrea de concentração: CiĂȘncia da ComputaçãoResumo: Software Malicioso (malware) Ă© uma das maiores ameaças aos sistemas computacionais atuais, causando danos Ă imagem de indivĂduos e corporaçÔes, portanto requerendo o desenvolvimento de soluçÔes de detecção para prevenir que exemplares de malware causem danos e para permitir o uso seguro dos sistemas. Diversas iniciativas e soluçÔes foram propostas ao longo do tempo para detectar exemplares de malware, de Anti-VĂrus (AVs) a sandboxes, mas a detecção de malware de forma efetiva e eficiente ainda se mantĂ©m como um problema em aberto. Portanto, neste trabalho, me proponho a investigar alguns desafios, falĂĄcias e consequĂȘncias das pesquisas em detecção de malware de modo a contribuir para o aumento da capacidade de detecção das soluçÔes de segurança. Mais especificamente, proponho uma nova abordagem para o desenvolvimento de experimentos com malware de modo prĂĄtico mas ainda cientĂfico e utilizo-me desta abordagem para investigar quatro questĂ”es relacionadas a pesquisa em detecção de malware: (i) a necessidade de se entender o contexto das infecçÔes para permitir a detecção de ameaças em diferentes cenĂĄrios; (ii) a necessidade de se desenvolver melhores mĂ©tricas para a avaliação de soluçÔes antivĂrus; (iii) a viabilidade de soluçÔes com colaboração entre hardware e software para a detecção de malware de forma mais eficiente; (iv) a necessidade de predizer a ocorrĂȘncia de novas ameaças de modo a permitir a resposta Ă incidentes de segurança de forma mais rĂĄpida.Abstract: Malware is a major threat to most current computer systems, causing image damages and financial losses to individuals and corporations, thus requiring the development of detection solutions to prevent malware to cause harm and allow safe computers usage. Many initiatives and solutions to detect malware have been proposed over time, from AntiViruses (AVs) to sandboxes, but effective and efficient malware detection remains as a still open problem. Therefore, in this work, I propose taking a look on some malware detection challenges, pitfalls and consequences to contribute towards increasing malware detection system's capabilities. More specifically, I propose a new approach to tackle malware research experiments in a practical but still scientific manner and leverage this approach to investigate four issues: (i) the need for understanding context to allow proper detection of localized threats; (ii) the need for developing better metrics for AV solutions evaluation; (iii) the feasibility of leveraging hardware-software collaboration for efficient AV implementation; and (iv) the need for predicting future threats to allow faster incident responses
Agent-Based Modelling of O ensive Actors in Cyberspace
© Cran eld University 2021. All rights reserved. No part
of this publication may be reproduced without the written
permission of the copyright owner.With the rise of the Information Age, there has also been a growing rate of attacks
targeting information. In order to better defend against these attacks being able to
understand attackers and simulate their behaviour is of utmost importance. A recent
approach of using serious games provides an avenue to explore o ensive cyber attacks
in a safe and fun environment. There exists a wide range of cyber attackers, with
varying levels of expertise whose motivations are di erent. This project provides a
novel contribution in using games to allow people to role play as malicious attackers
and then using these games as inputs into the simulation.
A board game has been designed that emulates a cyber environment, where
players represent o ensive actors, with seven roles - Cyber Mercenary (low and
high capability), State-backed (low and high capability), Script Kiddy, Hacktivist
and Counter-culture (not motivated by nances or ideology). The facilitator or the
Games Master (GM) represents the organisation under attack, and players use the
Technique cards to perform attacks on the organisation, all cards are sourced from
existing Tools, Techniques and Procedures (TTPs). Along with the game, players
also provided responses to a questionnaire, that encapsulated three individual dif ferences: Sneider's self-report, DOSPERT and Barratt's Impulsiveness scale. There
was a total of 15 players participating in 13 games, and three key groups of individual
di erences players. No correlation was identi ed with the individual Technique card
pick rate and role. However, the complexity of the attack patterns (Technique card
chains) was modulated by roles, and the players' individual di erences.
A proof-of-concept simulation has been made using an Agent-Based Modelling
framework that re-plays the actions of a player. One of the aspects of future work is the exploitation of the game data to be used as a learning model to create intelligent
standalone agents.PH
AIUCD 2021 - Book of Extended Abstracts
Il decimo convegno annuale dell'Associazione per lâInformatica Umanistica e la Cultura Digitale ha
nellâedizione 2021 un titolo peculiare e importante: "DH per la societĂ : e-guaglianza, partecipazione, diritti e valori nellâera digitale". Questo volume raccoglie gli abstract estesi e sottoposti a review per la conferenza di AIUCD2021 tenutasi in forma virtuale a Pisa
- âŠ