3,020 research outputs found
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response
Considerable delays often exist between the discovery of a vulnerability and
the issue of a patch. One way to mitigate this window of vulnerability is to
use a configuration workaround, which prevents the vulnerable code from being
executed at the cost of some lost functionality -- but only if one is
available. Since program configurations are not specifically designed to
mitigate software vulnerabilities, we find that they only cover 25.2% of
vulnerabilities.
To minimize patch delay vulnerabilities and address the limitations of
configuration workarounds, we propose Security Workarounds for Rapid Response
(SWRRs), which are designed to neutralize security vulnerabilities in a timely,
secure, and unobtrusive manner. Similar to configuration workarounds, SWRRs
neutralize vulnerabilities by preventing vulnerable code from being executed at
the cost of some lost functionality. However, the key difference is that SWRRs
use existing error-handling code within programs, which enables them to be
mechanically inserted with minimal knowledge of the program and minimal
developer effort. This allows SWRRs to achieve high coverage while still being
fast and easy to deploy.
We have designed and implemented Talos, a system that mechanically
instruments SWRRs into a given program, and evaluate it on five popular Linux
server programs. We run exploits against 11 real-world software vulnerabilities
and show that SWRRs neutralize the vulnerabilities in all cases. Quantitative
measurements on 320 SWRRs indicate that SWRRs instrumented by Talos can
neutralize 75.1% of all potential vulnerabilities and incur a loss of
functionality similar to configuration workarounds in 71.3% of those cases. Our
overall conclusion is that automatically generated SWRRs can safely mitigate
2.1x more vulnerabilities, while only incurring a loss of functionality
comparable to that of traditional configuration workarounds.Comment: Published in Proceedings of the 37th IEEE Symposium on Security and
Privacy (Oakland 2016
Using Context and Interactions to Verify User-Intended Network Requests
Client-side malware can attack users by tampering with applications or user
interfaces to generate requests that users did not intend. We propose Verified
Intention (VInt), which ensures a network request, as received by a service, is
user-intended. VInt is based on "seeing what the user sees" (context). VInt
screenshots the user interface as the user interacts with a security-sensitive
form. There are two main components. First, VInt ensures output integrity and
authenticity by validating the context, ensuring the user sees correctly
rendered information. Second, VInt extracts user-intended inputs from the
on-screen user-provided inputs, with the assumption that a human user checks
what they entered. Using the user-intended inputs, VInt deems a request to be
user-intended if the request is generated properly from the user-intended
inputs while the user is shown the correct information. VInt is implemented
using image analysis and Optical Character Recognition (OCR). Our evaluation
shows that VInt is accurate and efficient
LIBRARY SELF SERVICE SYSTEM USING NFC AND 2FA GOOGLE AUTHENTICATOR
The implementation of a self-service system is already used by many libraries, mainly on self-loan books. Self-service generally only uses RFID as a medium for identifying members and borrowed books, but using RFID alone as the head of the identification process may lead to many crimes such as using someone else's member card to borrow books, scam, and so on. This study aims to propose a new business process for self loan books from the library by combining NFC or RFID technology and 2FA (two-factor authentication) to minimize the crimes such as fraudulence, scams, and so on. The results showed that the system or prototype could work and function properly. The process of reading NFC tags and the use of 2F also runs quickly and safely
Perancangan Kampanye Pengenalan Zero Waste untuk Anak Usia 7-12 Tahun
Zero waste merupakan sebuah prinsip atau gaya hidup yang diterapkan dalam kehidupan sehari-hari masyarakat untuk mencapai tujuan bebas atau nol sampah. Menurut United States Environmental Protection Agency (APA), zero waste merupakan suatu prinsip pada abad ke-21 dengan meminimalkan penghasilan limbah, mengurangi konsumsi, dan memastikan bahwa produk yang dibuat untuk digunakan kembali, diperbaiki, atau didaur ulang kembali. Bedasarkan hasil wawancara yang dilakukan penulis suatu pembentukan gaya hidup lebih tepat diajarkan kepada anak dalam masa perkembangan. Namun bedasarkan hasil kuesioner penulis, masih banyak dari anak-anak Indonesia yang belum mengetahui dan belum menerapkan gaya hidup zero waste, sedangkan tingginya angka permasalahan sampah yang ada di Indonesia terus meningkat pada setiap tahunnya. Karena itu penulis ingin merancang suatu kampanye pengenalan gaya hidup zero waste kepada anak berumur 7-12 tahun sebagai solusi agar dapat mengurangi permasalahan sampah yang ada di Indonesia melalui penerapan gaya hidup zero waste
- …