47 research outputs found
Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
The widespread deployment of control-flow integrity has propelled non-control
data attacks into the mainstream. In the domain of OS kernel exploits, by
corrupting critical non-control data, local attackers can directly gain root
access or privilege escalation without hijacking the control flow. As a result,
OS kernels have been restricting the availability of such non-control data.
This forces attackers to continue to search for more exploitable non-control
data in OS kernels. However, discovering unknown non-control data can be
daunting because they are often tied heavily to semantics and lack universal
patterns.
We make two contributions in this paper: (1) discover critical non-control
objects in the file subsystem and (2) analyze their exploitability. This work
represents the first study, with minimal domain knowledge, to
semi-automatically discover and evaluate exploitable non-control data within
the file subsystem of the Linux kernel. Our solution utilizes a custom analysis
and testing framework that statically and dynamically identifies promising
candidate objects. Furthermore, we categorize these discovered objects into
types that are suitable for various exploit strategies, including a novel
strategy necessary to overcome the defense that isolates many of these objects.
These objects have the advantage of being exploitable without requiring KASLR,
thus making the exploits simpler and more reliable. We use 18 real-world CVEs
to evaluate the exploitability of the file system objects using various exploit
strategies. We develop 10 end-to-end exploits using a subset of CVEs against
the kernel with all state-of-the-art mitigations enabled.Comment: 14 pages, in submission of the 31th ACM Conference on Computer and
Communications Security (CCS), 202
Robust Optical Data Encryption by Projection-Photoaligned Polymer-Stabilized-Liquid-Crystals
The emerging Internet of Things (IoTs) invokes increasing security demands
that require robust encryption or anti-counterfeiting technologies. Albeit
being acknowledged as efficacious solutions in processing elaborate graphical
information via multiple degrees of freedom, optical data encryption and
anti-counterfeiting techniques are typically inept in delivering satisfactory
performance without compromising the desired ease-of-processibility or
compatibility, thus leading to the exploration of novel materials and devices
that are competent. Here, a robust optical data encryption technique is
demonstrated utilizing polymer-stabilized-liquid-crystals (PSLCs) combined with
projection photoalignment and photopatterning methods. The PSLCs possess
implicit optical patterns encoded via photoalignment, as well as explicit
geometries produced via photopatterning. Furthermore, the PSLCs demonstrate
improved robustness against harsh chemical environments and thermal stability,
and can be directly deployed onto various rigid and flexible substrates. Based
on this, it is demonstrated that single PSLC is apt to carry intricate
information, or serve as exclusive watermark with both implicit features and
explicit geometries. Moreover, a novel, generalized design strategy is
developed, for the first time, to encode intricate and exclusive information
with enhanced security by spatially programming the photoalignment patterns of
a pair of cascade PSLCs, which further illustrates the promising capabilies of
PSLCs in optical data encryption and anti-counterfeiting
Rondo: Scalable and Reconfiguration-Friendly Randomness Beacon
We present Rondo, a scalable and reconfiguration-friendly distributed randomness beacon (DRB) protocol in the partially synchronous model. Rondo is the first DRB protocol that is built from batched asynchronous verifiable secret sharing (bAVSS) and meanwhile avoids the high message cost, where is the number of nodes. Our key contribution lies in the introduction of a new variant of bAVSS called batched asynchronous verifiable secret sharing with partial output (bAVSS-PO). bAVSS-PO is a weaker primitive than bAVSS but allows us to build a secure and more efficient DRB protocol. We propose a bAVSS-PO protocol Breeze. Breeze achieves the optimal messages for the sharing stage and allows Rondo to offer better scalability than prior DRB protocols.
Additionally, to support the reconfiguration, we introduce Rondo-BFT, a dynamic and partially synchronous Byzantine fault-tolerant protocol inspired by Dyno (S&P 2022). Unlike Dyno, Rondo-BFT provides a communication pattern that generates randomness beacon output periodically, making it well-suited for DRB applications.
We implement our protocols and evaluate the performance on Amazon EC2 using up to 91 instances. Our evaluation results show that Rondo achieves higher throughput than existing works and meanwhile offers better scalability, where the performance does not degrade as significantly as grows
Genome Characterization and Phylogenetic Analysis of Bovine Hepacivirus in Inner Mongolia, Northeastern China
Bovine hepacivirus (BovHepV) is a new member of the genus Hepacivirus in the family Flaviviridae , which has been detected in cattle in more than seven countries. The purpose of this study was to identify and genetically characterize BovHepV in cattle in Inner Mongolia, northeastern (NE) China. A total of 116 serum samples from cattle were collected from HulunBuir in Inner Mongolia from April to May, 2021, and were divided into three pools for metagenomic sequencing. The samples were verified with semi-nested RT-PCR with primers based on the BovHepV sequences obtained from metagenomic sequencing. The complete genomes of BovHepV were amplified, and were used for genome characterization and phylogenetic analysis. BovHepV was detected in two pools through metagenomic sequencing. Five BovHepV positive samples were identified in Yakeshi of HulunBuir, thus indicating a prevalence of 8.8% (5/57). Two 8840 nucleotide long BovHepV strains YKS01/02 were amplified from the positive samples and showed 79.3%–91.9% nucleotide sequence identity with the discovered BovHepV strains. Phylogenetic analysis classified the YKS01/02 strains into BovHepV subtype G group. This study reports the first identification of BovHepV in cattle in northeastern China, and expands the known geographical distribution and genetic diversity of BovHepV in the country
Vacancy-Mediated Magnetism in Pure Copper Oxide Nanoparticles
Room temperature ferromagnetism (RTF) is observed in pure copper oxide (CuO) nanoparticles which were prepared by precipitation method with the post-annealing in air without any ferromagnetic dopant. X-ray photoelectron spectroscopy (XPS) result indicates that the mixture valence states of Cu1+ and Cu2+ ions exist at the surface of the particles. Vacuum annealing enhances the ferromagnetism (FM) of CuO nanoparticles, while oxygen atmosphere annealing reduces it. The origin of FM is suggested to the oxygen vacancies at the surface/or interface of the particles. Such a ferromagnet without the presence of any transition metal could be a very good option for a class of spintronics