3,557 research outputs found
No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone
It is generally recognized that the traffic generated by an individual
connected to a network acts as his biometric signature. Several tools exploit
this fact to fingerprint and monitor users. Often, though, these tools assume
to access the entire traffic, including IP addresses and payloads. This is not
feasible on the grounds that both performance and privacy would be negatively
affected. In reality, most ISPs convert user traffic into NetFlow records for a
concise representation that does not include, for instance, any payloads. More
importantly, large and distributed networks are usually NAT'd, thus a few IP
addresses may be associated to thousands of users. We devised a new
fingerprinting framework that overcomes these hurdles. Our system is able to
analyze a huge amount of network traffic represented as NetFlows, with the
intent to track people. It does so by accurately inferring when users are
connected to the network and which IP addresses they are using, even though
thousands of users are hidden behind NAT. Our prototype implementation was
deployed and tested within an existing large metropolitan WiFi network serving
about 200,000 users, with an average load of more than 1,000 users
simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned
out to be very effective, with an accuracy greater than 90%. We also devised
new tools and refined existing ones that may be applied to other contexts
related to NetFlow analysis
A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization
Existing Android malware detection approaches use a variety of features such
as security sensitive APIs, system calls, control-flow structures and
information flows in conjunction with Machine Learning classifiers to achieve
accurate detection. Each of these feature sets provides a unique semantic
perspective (or view) of apps' behaviours with inherent strengths and
limitations. Meaning, some views are more amenable to detect certain attacks
but may not be suitable to characterise several other attacks. Most of the
existing malware detection approaches use only one (or a selected few) of the
aforementioned feature sets which prevent them from detecting a vast majority
of attacks. Addressing this limitation, we propose MKLDroid, a unified
framework that systematically integrates multiple views of apps for performing
comprehensive malware detection and malicious code localisation. The rationale
is that, while a malware app can disguise itself in some views, disguising in
every view while maintaining malicious intent will be much harder.
MKLDroid uses a graph kernel to capture structural and contextual information
from apps' dependency graphs and identify malice code patterns in each view.
Subsequently, it employs Multiple Kernel Learning (MKL) to find a weighted
combination of the views which yields the best detection accuracy. Besides
multi-view learning, MKLDroid's unique and salient trait is its ability to
locate fine-grained malice code portions in dependency graphs (e.g.,
methods/classes). Through our large-scale experiments on several datasets
(incl. wild apps), we demonstrate that MKLDroid outperforms three
state-of-the-art techniques consistently, in terms of accuracy while
maintaining comparable efficiency. In our malicious code localisation
experiments on a dataset of repackaged malware, MKLDroid was able to identify
all the malice classes with 94% average recall
Information Flow Control in Spring Web Applications
Companies rely extensively on frameworks and APIs when developing their systems,
as these mechanisms are quite advantageous. Two of the most conspicuous benefits
are their ease of use and workload reduction, allowing for shorter and more responsive
development cycles. However, most frameworks do not provide security properties such
as data confidentiality as other tools do. A prime example is a Spring. It is the most
heavily used Java web development framework, hosting a vast array of functionalities,
ranging from data layer functionalities (c.f. hibernate and JPA), security providers, and
metrics providers to provide statistical data on the application itself as well as a layer for
REST communication. However, to achieve such advanced functionalities, Spring resorts
to bytecode manipulation and generation during its startup period, hindering the use of
other formal analysis tools that use similar processes in their execution.
In a broader sense, we provide a comprehensive approach for the static analysis of
spring-based web applications. We introduce hooks in the Spring pipeline, making
feasible the formal analysis and manipulation of the complete, run-time-generated appli-
cation bytecode through a well-defined interface. The hooks provide not only access to
the entire web application’s bytecode but also allow for the replacement of the applica-
tion’s component, enabling more complex analysis requiring the instrumentation of the
application.
To address data confidentiality-related issues in web applications developed with this
framework, we propose integrating information flow control tools in the framework’s
pipeline. Namely, we combine Spring with Snitch, a tool for hybrid information flow
control in Java bytecode that will be used as a case-study.As empresas apoiam-se cada vez mais em frameworks e APIs quando desenvolvem
os seus sistemas, pois estas ferramentas fornecem grandes vantagens. Duas das maiores
vantages destes sistemas são a sua fácil utilização/integração nos sistemas bem como a
quantidade de trabalho que reduzem ao desenvolvedor, permitindo assim perÃodos de
desenvolvimento mais curtos e responsivos. Ainda assim, a mrioria das frameworks não
têm como lidar com propriedades de segurança fundamentais como confidencialidade dos
dados. Um dos exemplos mais conhecidos é o Spring. É a framework mais usada em Java
para desenvolvimento web, oferecendo um vasto leque de funcionalidades, variando entre
uma camada que lida com dados (eg: hibernate e JPA), uma camada gestora de segurança
nas aplicações, uma camada estatÃstica que permite analisar a performance do sistema e
também uma camada para comunicação REST. Para alcançar estas funcionalidades, que
não são triviais, o Spring recorre a mecanismos de manipulação de bytecode e geração
de código durante o seu perÃodo de inicialização, perturbando o uso de ferramentas de
análise formais que recorrem a processos semelhantes na sua execução.
Em geral, nós fornecemos uma nova forma de lidar com análise formal em aplicações
web Spring. Aqui introduzimos hooks no processo de inicialização do Spring, tornando
possÃvel que a análise formal e a manipulação de todo o bytecode gerado da aplicação a
partir duma interface cuidadosamente definida. Os hooks fornecidos fornecem acesso ao
bytecode da aplicação na sua totalidade bem como permitem a substituição do componente
da aplicação, permitindo assim a análise complexa e formal por parte da ferramenta que
pode requerer instrumentação da aplicação.
Para lidar com problemas relacionados com confidencialidade dos dados em aplicações
web desenvolvidas com a framework, propomos a integração de ferramentas de controlo
do fluxo de informação na prórpia framework. Assim, juntamos Spring e Snitch, uma
ferramenta que analisa bytecode para verificar a segurança do fluxo de informação hÃbrida
The Dilemma of Security Smells and How to Escape It
A single mobile app can now be more complex than entire operating systems ten years ago, thus security becomes a major concern for mobile apps. Unfortunately, previous studies focused rather on particular aspects of mobile application security and did not provide a holistic overview of security issues. Therefore, they could not accurately understand the fundamental flaws to propose effective solutions to common security problems. In order to understand these fundamental flaws, we followed a hybrid strategy, i.e., we collected reported issues from existing work, and we actively identified security-related code patterns that violate best practices in software development. We further introduced the term ``security smell,'' i.e., a security issue that could potentially lead to a vulnerability. As a result, we were able to establish comprehensive security smell catalogues for Android apps and related components, i.e., inter-component communication, web communication, app servers, and HTTP clients. Furthermore, we could identify a dilemma of security smells, because most security smells require unique fixes that increase the code complexity, which in return increases the risk of introducing more security smells. With this knowledge, we investigate the interaction of our security smells with the 192 Mitre CAPEC attack mechanism categories of which the majority could be mitigated with just a few additional security measures. These measures, a String class with behavior and the more thorough use of secure default values and paradigms, would simplify the application logic and at the same time largely increase security if implemented appropriately. We conclude that application security has to focus on the String class, which has not largely changed over the last years, and secure default values and paradigms since they are the smallest common denominator for a strong foundation to build resilient applications. Moreover, we provide an initial implementation for a String class with behavior, however the further exploration remains future work. Finally, the term ``security smell'' is now widely used in academia and eases the communication among security researchers
Securing the Foundations of Practical Information Flow Control
Language-based information flow control (IFC) promises to secure computer programs against malicious or incompetent programmers by addressing key shortcomings of modern programming languages. In spite of showing great promise, the field remains under-utilised in practise. This thesis makes contributions to the theoretical foundations of IFC aimed at making the techniques practically applicable. The paper addresses two primary topics, IFC as a library and IFC without false alarms. The contributions range from foundational observations about soundness and completeness, to practical considerations of efficiency and expressiveness
Principled Flow Tracking in IoT and Low-Level Applications
Significant fractions of our lives are spent digitally, connected to and dependent on Internet-based applications, be it through the Web, mobile, or IoT. All such applications have access to and are entrusted with private user data, such as location, photos, browsing habits, private feed from social networks, or bank details.In this thesis, we focus on IoT and Web(Assembly) apps. We demonstrate IoT apps to be vulnerable to attacks by malicious app makers who are able to bypass the sandboxing mechanisms enforced by the platform to stealthy exfiltrate user data. We further give examples of carefully crafted WebAssembly code abusing the semantics to leak user data.We are interested in applying language-based technologies to ensure application security due to the formal guarantees they provide. Such technologies analyze the underlying program and track how the information flows in an application, with the goal of either statically proving its security, or preventing insecurities from happening at runtime. As such, for protecting against the attacks on IoT apps, we develop both static and dynamic methods, while for securing WebAssembly apps we describe a hybrid approach, combining both.While language-based technologies provide strong security guarantees, they are still to see a widespread adoption outside the academic community where they emerged.In this direction, we outline six design principles to assist the developer in choosing the right security characterization and enforcement mechanism for their system.We further investigate the relative expressiveness of two static enforcement mechanisms which pursue fine- and coarse-grained approaches for tracking the flow of sensitive information in a system.\ua0Finally, we provide the developer with an automatic method for reducing the manual burden associated with some of the language-based enforcements
- …