Biblio

Filters: Author is Liu, Bo  [Clear All Filters]
2021-05-18
Zhang, Chi, Chen, Jinfu, Cai, Saihua, Liu, Bo, Wu, Yiming, Geng, Ye.  2020.  iTES: Integrated Testing and Evaluation System for Software Vulnerability Detection Methods. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1455–1460.
To find software vulnerabilities using software vulnerability detection technology is an important way to ensure the system security. Existing software vulnerability detection methods have some limitations as they can only play a certain role in some specific situations. To accurately analyze and evaluate the existing vulnerability detection methods, an integrated testing and evaluation system (iTES) is designed and implemented in this paper. The main functions of the iTES are:(1) Vulnerability cases with source codes covering common vulnerability types are collected automatically to form a vulnerability cases library; (2) Fourteen methods including static and dynamic vulnerability detection are evaluated in iTES, involving the Windows and Linux platforms; (3) Furthermore, a set of evaluation metrics is designed, including accuracy, false positive rate, utilization efficiency, time cost and resource cost. The final evaluation and test results of iTES have a good guiding significance for the selection of appropriate software vulnerability detection methods or tools according to the actual situation in practice.
2020-08-07
Liu, Bo, Xiong, Jian, Wu, Yiyan, Ding, Ming, Wu, Cynthia M..  2019.  Protecting Multimedia Privacy from Both Humans and AI. 2019 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting (BMSB). :1—6.
With the development of artificial intelligence (AI), multimedia privacy issues have become more challenging than ever. AI-assisted malicious entities can steal private information from multimedia data more easily than humans. Traditional multimedia privacy protection only considers the situation when humans are the adversaries, therefore they are ineffective against AI-assisted attackers. In this paper, we develop a new framework and new algorithms that can protect image privacy from both humans and AI. We combine the idea of adversarial image perturbation which is effective against AI and the obfuscation technique for human adversaries. Experiments show that our proposed methods work well for all types of attackers.
2020-07-10
Xiao, Tianran, Tong, Wei, Lei, Xia, Liu, Jingning, Liu, Bo.  2019.  Per-File Secure Deletion for Flash-Based Solid State Drives. 2019 IEEE International Conference on Networking, Architecture and Storage (NAS). :1—8.

File update operations generate many invalid flash pages in Solid State Drives (SSDs) because of the-of-place update feature. If these invalid flash pages are not securely deleted, they will be left in the “missing” state, resulting in leakage of sensitive information. However, deleting these invalid pages in real time greatly reduces the performance of SSD. In this paper, we propose a Per-File Secure Deletion (PSD) scheme for SSD to achieve non-real-time secure deletion. PSD assigns a globally unique identifier (GUID) to each file to quickly locate the invalid data blocks and uses Security-TRIM command to securely delete these invalid data blocks. Moreover, we propose a PSD-MLC scheme for Multi-Level Cell (MLC) flash memory. PSD-MLC distributes the data blocks of a file in pairs of pages to avoid the influence of programming crosstalk between paired pages. We evaluate our schemes on different hardware platforms of flash media, and the results prove that PSD and PSD-MLC only have little impact on the performance of SSD. When the cache is disabled and enabled, compared with the system without the secure deletion, PSD decreases SSD throughput by 1.3% and 1.8%, respectively. PSD-MLC decreases SSD throughput by 9.5% and 10.0%, respectively.

2018-09-12
Yoon, Man-Ki, Liu, Bo, Hovakimyan, Naira, Sha, Lui.  2017.  VirtualDrone: Virtual Sensing, Actuation, and Communication for Attack-resilient Unmanned Aerial Systems. Proceedings of the 8th International Conference on Cyber-Physical Systems. :143–154.

As modern unmanned aerial systems (UAS) continue to expand the frontiers of automation, new challenges to security and thus its safety are emerging. It is now difficult to completely secure modern UAS platforms due to their openness and increasing complexity. We present the VirtualDrone Framework, a software architecture that enables an attack-resilient control of modern UAS. It allows the system to operate with potentially untrustworthy software environment by virtualizing the sensors, actuators, and communication channels. The framework provides mechanisms to monitor physical and logical system behaviors and to detect security and safety violations. Upon detection of such an event, the framework switches to a trusted control mode in order to override malicious system state and to prevent potential safety violations. We built a prototype quadcoper running an embedded multicore processor that features a hardware-assisted virtualization technology. We present extensive experimental study and implementation details, and demonstrate how the framework can ensure the robustness of the UAS in the presence of security breaches.

2017-09-05
Wang, Chen, Guo, Xiaonan, Wang, Yan, Chen, Yingying, Liu, Bo.  2016.  Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :189–200.

The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user's fine-grained hand movements, which enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user's hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries, which to our knowledge, is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.