Visible to the public Biblio

Filters: Keyword is system security  [Clear All Filters]
2021-07-08
Sato, Masaya, Taniguchi, Hideo, Nakamura, Ryosuke.  2020.  Virtual Machine Monitor-based Hiding Method for Access to Debug Registers. 2020 Eighth International Symposium on Computing and Networking (CANDAR). :209—214.
To secure a guest operating system running on a virtual machine (VM), a monitoring method using hardware breakpoints by a virtual machine monitor is required. However, debug registers are visible to guest operating systems; thus, malicious programs on a guest operating system can detect or disable the monitoring method. This paper presents a method to hide access to debug registers from programs running on a VM. Our proposed method detects programs' access to debug registers and disguises the access as having succeeded. The register's actual value is not visible or modifiable to programs, so the monitoring method is hidden. This paper presents the basic design and evaluation results of our method.
2021-06-30
Maalla, Allam.  2020.  Research on Data Transmission Security Architecture Design and Process. 2020 IEEE International Conference on Information Technology,Big Data and Artificial Intelligence (ICIBA). 1:1195—1199.
With the development of business, management companies are currently facing a series of problems and challenges in terms of resource allocation and task management. In terms of the technical route, this research will use cloud services to implement the public honesty system, and carry out secondary development and interface development on this basis, the architecture design and the formulation of the process are realized for various types, relying on the support of the knowledge base and case library, through the system intelligent configuration corresponding work instructions, safety work instructions, case references and other reference information to the existing work plan to provide managers Reference; managers can configure and adjust the work content by themselves through specific requirements to efficiently and flexibly adapt to the work content.
2021-04-27
Samuel, J., Aalab, K., Jaskolka, J..  2020.  Evaluating the Soundness of Security Metrics from Vulnerability Scoring Frameworks. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :442—449.

Over the years, a number of vulnerability scoring frameworks have been proposed to characterize the severity of known vulnerabilities in software-dependent systems. These frameworks provide security metrics to support decision-making in system development and security evaluation and assurance activities. When used in this context, it is imperative that these security metrics be sound, meaning that they can be consistently measured in a reproducible, objective, and unbiased fashion while providing contextually relevant, actionable information for decision makers. In this paper, we evaluate the soundness of the security metrics obtained via several vulnerability scoring frameworks. The evaluation is based on the Method for DesigningSound Security Metrics (MDSSM). We also present several recommendations to improve vulnerability scoring frameworks to yield more sound security metrics to support the development of secure software-dependent systems.

Aigner, A., Khelil, A..  2020.  A Benchmark of Security Metrics in Cyber-Physical Systems. 2020 IEEE International Conference on Sensing, Communication and Networking (SECON Workshops). :1—6.

The usage of connected devices and their role within our daily- and business life gains more and more impact. In addition, various derivations of Cyber-Physical Systems (CPS) reach new business fields, like smart healthcare or Industry 4.0. Although these systems do bring many advantages for users by extending the overall functionality of existing systems, they come with several challenges, especially for system engineers and architects. One key challenge consists in achieving a sufficiently high level of security within the CPS environment, as sensitive data or safety-critical functions are often integral parts of CPS. Being system of systems (SoS), CPS complexity, unpredictability and heterogeneity complicate analyzing the overall level of security, as well as providing a way to detect ongoing attacks. Usually, security metrics and frameworks provide an effective tool to measure the level of security of a given component or system. Although several comprehensive surveys exist, an assessment of the effectiveness of the existing solutions for CPS environments is insufficiently investigated in literature. In this work, we address this gap by benchmarking a carefully selected variety of existing security metrics in terms of their usability for CPS. Accordingly, we pinpoint critical CPS challenges and qualitatively assess the effectiveness of the existing metrics for CPS systems.

2021-03-29
DiMase, D., Collier, Z. A., Chandy, J., Cohen, B. S., D'Anna, G., Dunlap, H., Hallman, J., Mandelbaum, J., Ritchie, J., Vessels, L..  2020.  A Holistic Approach to Cyber Physical Systems Security and Resilience. 2020 IEEE Systems Security Symposium (SSS). :1—8.

A critical need exists for collaboration and action by government, industry, and academia to address cyber weaknesses or vulnerabilities inherent to embedded or cyber physical systems (CPS). These vulnerabilities are introduced as we leverage technologies, methods, products, and services from the global supply chain throughout a system's lifecycle. As adversaries are exploiting these weaknesses as access points for malicious purposes, solutions for system security and resilience become a priority call for action. The SAE G-32 Cyber Physical Systems Security Committee has been convened to address this complex challenge. The SAE G-32 will take a holistic systems engineering approach to integrate system security considerations to develop a Cyber Physical System Security Framework. This framework is intended to bring together multiple industries and develop a method and common language which will enable us to more effectively, efficiently, and consistently communicate a risk, cost, and performance trade space. The standard will allow System Integrators to make decisions utilizing a common framework and language to develop affordable, trustworthy, resilient, and secure systems.

2020-11-02
Fraile, Francisco, Flores, José Luis, Anaya, Victor, Saiz, Eduardo, Poler, Raúl.  2018.  A Scaffolding Design Framework for Developing Secure Interoperability Components in Digital Manufacturing Platforms. 2018 International Conference on Intelligent Systems (IS). :564—569.
This paper presents the Virtual Open Operating System (vf-OS) Input / Output (IO) Toolkit Generator, which is a design tool to develop vf-OS IO components that interact with all kinds of manufacturing assets, either physical devices like Program Logic Controllers (PLCs), software applications like Enterprise Resource Planning Systems (ERPs) or legacy file formats like STEP. The vf-OS IO Toolkit Generator is based on software scaffolding, a code generation technique that allows a developer to create a working component to interact with a manufacturing asset from the vf-OS Platform without writing a line of code. As described in this paper, software scaffolding not only simplifies the development of interoperability components, but it also fosters system security and platform integration automation. Another contribution of this paper is to propose possible integrations between the IO Toolkit Generator and the vf-OS Security Command Centre in charge of platform security. Additionally, this paper describes how the concept can be extended to address other digital manufacturing platforms like Fi-Ware.
2020-08-28
Zahid, Ali Z.Ghazi, Mohammed Salih Al-Kharsan, Ibrahim Hasan, Bakarman, Hesham A., Ghazi, Muntadher Faisal, Salman, Hanan Abbas, Hasoon, Feras N.  2019.  Biometric Authentication Security System Using Human DNA. 2019 First International Conference of Intelligent Computing and Engineering (ICOICE). :1—7.
The fast advancement in the last two decades proposed a new challenge in security. In addition, the methods used to secure information are drawing more attention and under intense investigation by researchers around the globe. However, securing data is a very hard task, due to the escalation of threat levels. Several technologies and techniques developed and used to secure data throughout communication or by direct access to the information as an example encryption techniques and authentication techniques. A most recent development methods used to enhance security is by using human biometric characteristics such as thumb, hand, eye, cornea, and DNA; to enforce the security of a system toward higher level, human DNA is a promising field and human biometric characteristics can enhance the security of any system using biometric features for authentication. Furthermore, the proposed methods does not fulfil or present the ultimate solution toward tightening the system security. However, one of the proposed solutions enroll a technique to encrypt the biometric characteristic using a well-known cryptosystem technique. In this paper, an overview presented on the benefits of incorporating a human DNA based security systems and the overall effect on how such systems enhance the security of a system. In addition, an algorithm is proposed for practical application and the implementation discussed briefly.
2020-08-17
Al Ghazo, Alaa T., Kumar, Ratnesh.  2019.  Identification of Critical-Attacks Set in an Attack-Graph. 2019 IEEE 10th Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :0716–0722.
SCADA/ICS (Supervisory Control and Data Acqui-sition/Industrial Control Systems) networks are becoming targets of advanced multi-faceted attacks, and use of attack-graphs has been proposed to model complex attacks scenarios that exploit interdependence among existing atomic vulnerabilities to stitch together the attack-paths that might compromise a system-level security property. While such analysis of attack scenarios enables security administrators to establish appropriate security measurements to secure the system, practical considerations on time and cost limit their ability to address all system vulnerabilities at once. In this paper, we propose an approach that identifies label-cuts to automatically identify a set of critical-attacks that, when blocked, guarantee system security. We utilize the Strongly-Connected-Components (SCCs) of the given attack graph to generate an abstracted version of the attack-graph, a tree over the SCCs, and next use an iterative backward search over this tree to identify set of backward reachable SCCs, along with their outgoing edges and their labels, to identify a cut with a minimum number of labels that forms a critical-attacks set. We also report the implementation and validation of the proposed algorithm to a real-world case study, a SCADA network for a water treatment cyber-physical system.
2020-07-20
Fowler, Daniel S., Bryans, Jeremy, Cheah, Madeline, Wooderson, Paul, Shaikh, Siraj A..  2019.  A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). :1–8.
There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design.
2020-06-15
Gorbachov, Valeriy, Batiaa, Abdulrahman Kataeba, Ponomarenko, Olha, Kotkova, Oksana.  2019.  Impact Evaluation of Embedded Security Mechanisms on System Performance. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S T). :407–410.
Experience in designing general-purpose systems that enforce security goals shows that achieving universality, security, and performance remains a very difficult challenge. As a result, two directions emerged in designing, one of which focused on universality and performance with limited security mechanisms, and another - on robust security with reasonable performance for limited sets of applications. In the first case, popular but unsecure systems were created, and various efforts were subsequently made to upgrade the protected infrastructure for such systems. In the work, the latter approach is considered. It is obvious that the inclusion of built-in security mechanisms leads to a decrease in system performance. The paper considers a reference monitor and the assessment of its impact on system performance. For this purpose, the functional structure of reference monitor is built and the analytical model of impact evaluation on system performance is proposed.
2020-06-08
Sahabandu, Dinuka, Moothedath, Shana, Bushnell, Linda, Poovendran, Radha, Aller, Joey, Lee, Wenke, Clark, Andrew.  2019.  A Game Theoretic Approach for Dynamic Information Flow Tracking with Conditional Branching. 2019 American Control Conference (ACC). :2289–2296.
In this paper, we study system security against Advanced Persistent Threats (APTs). APTs are stealthy and persistent but APTs interact with system and introduce information flows in the system as data-flow and control-flow commands. Dynamic Information Flow Tracking (DIFT) is a promising detection mechanism against APTs which taints suspicious input sources in the system and performs online security analysis when a tainted information is used in unauthorized manner. Our objective in this paper is to model DIFT that handle data-flow and conditional branches in the program that arise from control-flow commands. We use game theoretic framework and provide the first analytical model of DIFT with data-flow and conditional-branch tracking. Our game model which is an undiscounted infinite-horizon stochastic game captures the interaction between APTs and DIFT and the notion of conditional branching. We prove that the best response of the APT is a maximal reachability probability problem and provide a polynomial-time algorithm to find the best response by solving a linear optimization problem. We formulate the best response of the defense as a linear optimization problem and show that an optimal solution to the linear program returns a deterministic optimal policy for the defense. Since finding Nash equilibrium for infinite-horizon undiscounted stochastic games is computationally difficult, we present a nonlinear programming based polynomial-time algorithm to find an E-Nash equilibrium. Finally, we perform experimental analysis of our algorithm on real-world data for NetRecon attack augmented with conditional branching.
2020-05-11
Kenarangi, Farid, Partin-Vaisband, Inna.  2019.  Security Network On-Chip for Mitigating Side-Channel Attacks. 2019 ACM/IEEE International Workshop on System Level Interconnect Prediction (SLIP). :1–6.
Hardware security is a critical concern in design and fabrication of integrated circuits (ICs). Contemporary hardware threats comprise tens of advance invasive and non-invasive attacks for compromising security of modern ICs. Numerous attack-specific countermeasures against the individual threats have been proposed, trading power, area, speed, and design complexity of a system for security. These typical overheads combined with strict performance requirements in advanced technology nodes and high complexity of modern ICs often make the codesign of multiple countermeasures impractical. In this paper, on-chip distribution networks are exploited for detecting those hardware security threats that require non-invasive, yet physical interaction with an operating device-under-attack (e.g., measuring equipment for collecting sensitive information in side-channel attacks). With the proposed approach, the effect of the malicious physical interference with the device-under-attack is captured in the form of on-chip voltage variations and utilized for detecting malicious activity in the compromised device. A machine learning (ML) security IC is trained to predict system security based on sensed variations of signals within on-chip distribution networks. The trained ML ICs are distributed on-chip, yielding a robust and high-confidence security network on-chip. To halt an active attack, a variety of desired counteractions can be executed in a cost-effective manner upon the attack detection. The applicability and effectiveness of these security networks is demonstrated in this paper with respect to power, timing, and electromagnetic analysis attacks.
2020-02-10
Zheng, Junjun, Okamura, Hiroyuki, Dohi, Tadashi.  2019.  Security Evaluation of a VM-Based Intrusion-Tolerant System with Pull-Type Patch Management. 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE). :156–163.

Computer security has gained more and more attention in a public over the last years, since computer systems are suffering from significant and increasing security threats that cause security breaches by exploiting software vulnerabilities. The most efficient way to ensure the system security is to patch the vulnerable system before a malicious attack occurs. Besides the commonly-used push-type patch management, the pull-type patch management is also adopted. The main issues in the pull-type patch management are two-fold; when to check the vulnerability information and when to apply a patch? This paper considers the security patch management for a virtual machine (VM) based intrusion tolerant system (ITS), where the system undergoes the patch management with a periodic vulnerability checking strategy, and evaluates the system security from the availability aspect. A composite stochastic reward net (SRN) model is applied to capture the attack behavior of adversary and the defense behaviors of system. Two availability measures; interval availability and point-wise availability are formulated to quantify the system security via phase expansion. The proposed approach and metrics not only enable us to quantitatively assess the system security, but also provide insights on the patch management. In numerical experiments, we evaluate effects of the intrusion rate and the number of vulnerability checking on the system security.

2020-01-21
Zhan, Xin, Yuan, Huabing, Wang, Xiaodong.  2019.  Research on Block Chain Network Intrusion Detection System. 2019 International Conference on Computer Network, Electronic and Automation (ICCNEA). :191–196.

With the development of computer technology and the popularization of network, network brings great convenience to colleagues and risks to people from all walks of life all over the world. The data in the network world is growing explosively. Various kinds of intrusions are emerging in an endless stream. The means of network intrusion are becoming more and more complex. The intrusions occur at any time and the security threats become more and more serious. Defense alone cannot meet the needs of system security. It is also necessary to monitor the behavior of users in the network at any time and detect new intrusions that may occur at any time. This will not only make people's normal network needs cannot be guaranteed, but also face great network risks. So that people not only rely on defensive means to protect network security, this paper explores block chain network intrusion detection system. Firstly, the characteristics of block chain are briefly introduced, and the challenges of block chain network intrusion security and privacy are proposed. Secondly, the intrusion detection system of WLAN is designed experimentally. Finally, the conclusion analysis of block chain network intrusion detection system is discussed.

2019-07-01
Rosa, F. De Franco, Jino, M., Bueno, P. Marcos Siqueira, Bonacin, R..  2018.  Coverage-Based Heuristics for Selecting Assessment Items from Security Standards: A Core Set Proposal. 2018 Workshop on Metrology for Industry 4.0 and IoT. :192-197.

In the realm of Internet of Things (IoT), information security is a critical issue. Security standards, including their assessment items, are essential instruments in the evaluation of systems security. However, a key question remains open: ``Which test cases are most effective for security assessment?'' To create security assessment designs with suitable assessment items, we need to know the security properties and assessment dimensions covered by a standard. We propose an approach for selecting and analyzing security assessment items; its foundations come from a set of assessment heuristics and it aims to increase the coverage of assessment dimensions and security characteristics in assessment designs. The main contribution of this paper is the definition of a core set of security assessment heuristics. We systematize the security assessment process by means of a conceptual formalization of the security assessment area. Our approach can be applied to security standards to select or to prioritize assessment items with respect to 11 security properties and 6 assessment dimensions. The approach is flexible allowing the inclusion of dimensions and properties. Our proposal was applied to a well know security standard (ISO/IEC 27001) and its assessment items were analyzed. The proposal is meant to support: (i) the generation of high-coverage assessment designs, which include security assessment items with assured coverage of the main security characteristics, and (ii) evaluation of security standards with respect to the coverage of security aspects.

2019-06-28
Kulik, T., Tran-Jørgensen, P. W. V., Boudjadar, J., Schultz, C..  2018.  A Framework for Threat-Driven Cyber Security Verification of IoT Systems. 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). :89-97.

Industrial control systems are changing from monolithic to distributed and interconnected architectures, entering the era of industrial IoT. One fundamental issue is that security properties of such distributed control systems are typically only verified empirically, during development and after system deployment. We propose a novel modelling framework for the security verification of distributed industrial control systems, with the goal of moving towards early design stage formal verification. In our framework we model industrial IoT infrastructures, attack patterns, and mitigation strategies for countering attacks. We conduct model checking-based formal analysis of system security through scenario execution, where the analysed system is exposed to attacks and implement mitigation strategies. We study the applicability of our framework for large systems using a scalability analysis.

2019-05-08
Yao, Danfeng(Daphne).  2018.  Data Breach and Multiple Points to Stop It. Proceedings of the 23Nd ACM on Symposium on Access Control Models and Technologies. :1–1.
Preventing unauthorized access to sensitive data is an exceedingly complex access control problem. In this keynote, I will break down the data breach problem and give insights into how organizations could and should do to reduce their risks. The talk will start with discussing the technical reasons behind some of the recent high-profile data breach incidents (e.g., in Equifax, Target), as well as pointing out the threats of inadvertent or accidental data leaks. Then, I will show that there are usually multiple points to stop data breach and give an overview of the relevant state-of-the-art solutions. I will focus on some of the recent algorithmic advances in preventing inadvertent data loss, including set-based and alignment-based screening techniques, outsourced screening, and GPU-based performance acceleration. I will also briefly discuss the role of non-technical factors (e.g., organizational culture on security) in data protection. Because of the cat-and-mouse-game nature of cybersecurity, achieving absolute data security is impossible. However, proactively securing critical data paths through strategic planning and placement of security tools will help reduce the risks. I will also point out a few exciting future research directions, e.g., on data leak detection as a cloud security service and deep learning for reducing false alarms in continuous authentication and the prickly insider-threat detection.
2019-03-15
Amosov, O. S., Amosova, S. G., Muller, N. V..  2018.  Identification of Potential Risks to System Security Using Wavelet Analysis, the Time-and-Frequency Distribution Indicator of the Time Series and the Correlation Analysis of Wavelet-Spectra. 2018 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon). :1-6.

To identify potential risks to the system security presented by time series it is offered to use wavelet analysis, the indicator of time-and-frequency distribution, the correlation analysis of wavelet-spectra for receiving rather complete range of data about the process studied. The indicator of time-and-frequency localization of time series was proposed allowing to estimate the speed of non-stationary changing. The complex approach is proposed to use the wavelet analysis, the time-and-frequency distribution of time series and the wavelet spectra correlation analysis; this approach contributes to obtaining complete information on the studied phenomenon both in numerical terms, and in the form of visualization for identifying and predicting potential system security threats.

2018-11-19
Wang, Y., Zhang, L..  2017.  High Security Orthogonal Factorized Channel Scrambling Scheme with Location Information Embedded for MIMO-Based VLC System. 2017 IEEE 85th Vehicular Technology Conference (VTC Spring). :1–5.
The broadcast nature of visible light beam has aroused great concerns about the privacy and confidentiality of visible light communication (VLC) systems.In this paper, in order to enhance the physical layer security, we propose a channel scrambling scheme, which realizes orthogonal factorized channel scrambling with location information embedded (OFCS-LIE) for the VLC systems. We firstly embed the location information of the legitimate user, including the transmission angle and the distance, into a location information embedded (LIE) matrix, then the LIE matrix is factorized orthogonally in order that the LIE matrix is approximately uncorrelated to the multiple-input, multiple-output (MIMO) channels by the iterative orthogonal factorization method, where the iteration number is determined based on the orthogonal error. The resultant OFCS-LIE matrix is approximately orthogonal and used to enhance both the reliability and the security of information transmission. Furthermore, we derive the information leakage at the eavesdropper and the secrecy capacity to analyze the system security. Simulations are performed, and the results demonstrate that with the aid of the OFCS-LIE scheme, MIMO-based VLC system has achieved higher security when compared with the counterpart scrambling scheme and the system without scrambling.
2018-06-11
Liu, Y., Briones, J., Zhou, R., Magotra, N..  2017.  Study of secure boot with a FPGA-based IoT device. 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS). :1053–1056.
Internet of Things (loT) is network connected “Things” such as vehicles, buildings, embedded systems, sensors, as well as people. IoT enables these objects to collect and exchange data of interest to complete various tasks including patient health monitoring, environmental monitoring, system condition prognostics and prediction, smart grid, smart buildings, smart cities, and do on. Due to the large scale of and the limited host processor computation power in an IoT system, effective security provisioning is shifting from software-based security implementation to hardware-based security implementation in terms of efficiency and effectiveness. Moreover, FPGA can take over the work of infrastructure components to preserve and protect critical components and minimize the negative impacts on these components. In this paper, we employ Xilinx Zynq-7000 Series System-on-Chip (SoC) ZC706 prototype board to design an IoT device. To defend against threats to FPGA design, we have studied Zynq-ZC706 to (1) encrypt FPGA bitstream to protect the IoT device from bitstream decoding; (2) encrypt system boot image to enhance system security; and (3) ensure the FPGA operates correctly as intended via authentication to avoid spoofing and Trojan Horse attacks.
2018-02-21
Wiest, P., Groß, D., Rudion, K., Probst, A..  2017.  Security-constrained dynamic curtailment method for renewable energy sources in grid planning. 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe). :1–6.

This paper presents a new approach for a dynamic curtailment method for renewable energy sources that guarantees fulfilling of (n-1)-security criteria of the system. Therefore, it is applicable to high voltage distribution grids and has compliance to their planning guidelines. The proposed dynamic curtailment method specifically reduces the power feed-in of renewable energy sources up to a level, where no thermal constraint is exceeded in the (n-1)-state of the system. Based on AC distribution factors, a new formulation of line outage distribution factors is presented that is applicable for outages consisting of a single line or multiple segment lines. The proposed method is tested using a planning study of a real German high voltage distribution grid. The results show that any thermal loading limits are exceeded by using the dynamic curtailment approach. Therefore, a significant reduction of the grid reinforcement can be achieved by using a small amount of curtailed annual energy from renewable energy sources.

2018-01-23
Shi, Hao, Mirkovic, Jelena, Alwabel, Abdulla.  2017.  Handling Anti-Virtual Machine Techniques in Malicious Software. ACM Trans. Priv. Secur.. 21:2:1–2:31.

Malware analysis relies heavily on the use of virtual machines (VMs) for functionality and safety. There are subtle differences in operation between virtual and physical machines. Contemporary malware checks for these differences and changes its behavior when it detects a VM presence. These anti-VM techniques hinder malware analysis. Existing research approaches to uncover differences between VMs and physical machines use randomized testing, and thus cannot guarantee completeness. In this article, we propose a detect-and-hide approach, which systematically addresses anti-VM techniques in malware. First, we propose cardinal pill testing—a modification of red pill testing that aims to enumerate the differences between a given VM and a physical machine through carefully designed tests. Cardinal pill testing finds five times more pills by running 15 times fewer tests than red pill testing. We examine the causes of pills and find that, while the majority of them stem from the failure of VMs to follow CPU specifications, a small number stem from under-specification of certain instructions by the Intel manual. This leads to divergent implementations in different CPU and VM architectures. Cardinal pill testing successfully enumerates the differences that stem from the first cause. Finally, we propose VM Cloak—a WinDbg plug-in which hides the presence of VMs from malware. VM Cloak monitors each execute malware command, detects potential pills, and at runtime modifies the command’s outcomes to match those that a physical machine would generate. We implemented VM Cloak and verified that it successfully hides VM presence from malware.

2017-12-28
Noureddine, M. A., Marturano, A., Keefe, K., Bashir, M., Sanders, W. H..  2017.  Accounting for the Human User in Predictive Security Models. 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing (PRDC). :329–338.

Given the growing sophistication of cyber attacks, designing a perfectly secure system is not generally possible. Quantitative security metrics are thus needed to measure and compare the relative security of proposed security designs and policies. Since the investigation of security breaches has shown a strong impact of human errors, ignoring the human user in computing these metrics can lead to misleading results. Despite this, and although security researchers have long observed the impact of human behavior on system security, few improvements have been made in designing systems that are resilient to the uncertainties in how humans interact with a cyber system. In this work, we develop an approach for including models of user behavior, emanating from the fields of social sciences and psychology, in the modeling of systems intended to be secure. We then illustrate how one of these models, namely general deterrence theory, can be used to study the effectiveness of the password security requirements policy and the frequency of security audits in a typical organization. Finally, we discuss the many challenges that arise when adopting such a modeling approach, and then present our recommendations for future work.

2017-05-30
Jang, Yeongjin, Lee, Sangho, Kim, Taesoo.  2016.  Breaking Kernel Address Space Layout Randomization with Intel TSX. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :380–392.

Kernel hardening has been an important topic since many applications and security mechanisms often consider the kernel as part of their Trusted Computing Base (TCB). Among various hardening techniques, Kernel Address Space Layout Randomization (KASLR) is the most effective and widely adopted defense mechanism that can practically mitigate various memory corruption vulnerabilities, such as buffer overflow and use-after-free. In principle, KASLR is secure as long as no memory leak vulnerability exists and high entropy is ensured. In this paper, we introduce a highly stable timing attack against KASLR, called DrK, that can precisely de-randomize the memory layout of the kernel without violating any such assumptions. DrK exploits a hardware feature called Intel Transactional Synchronization Extension (TSX) that is readily available in most modern commodity CPUs. One surprising behavior of TSX, which is essentially the root cause of this security loophole, is that it aborts a transaction without notifying the underlying kernel even when the transaction fails due to a critical error, such as a page fault or an access violation, which traditionally requires kernel intervention. DrK turned this property into a precise timing channel that can determine the mapping status (i.e., mapped versus unmapped) and execution status (i.e., executable versus non-executable) of the privileged kernel address space. In addition to its surprising accuracy and precision, DrK is universally applicable to all OSes, even in virtualized environments, and generates no visible footprint, making it difficult to detect in practice. We demonstrated that DrK can break the KASLR of all major OSes (i.e., Windows, Linux, and OS X) with near-perfect accuracy in under a second. Finally, we propose potential countermeasures that can effectively prevent or mitigate the DrK attack. We urge our community to be aware of the potential threat of having Intel TSX, which is present in most recent Intel CPUs – 100% in workstation and 60% in high-end Intel CPUs since Skylake – and is even available on Amazon EC2 (X1).

2017-05-18
Wang, Huangxin, Li, Fei, Chen, Songqing.  2016.  Towards Cost-Effective Moving Target Defense Against DDoS and Covert Channel Attacks. Proceedings of the 2016 ACM Workshop on Moving Target Defense. :15–25.

Traditionally, network and system configurations are static. Attackers have plenty of time to exploit the system's vulnerabilities and thus they are able to choose when to launch attacks wisely to maximize the damage. An unpredictable system configuration can significantly lift the bar for attackers to conduct successful attacks. Recent years, moving target defense (MTD) has been advocated for this purpose. An MTD mechanism aims to introduce dynamics to the system through changing its configuration continuously over time, which we call adaptations. Though promising, the dynamic system reconfiguration introduces overhead to the applications currently running in the system. It is critical to determine the right time to conduct adaptations and to balance the overhead afforded and the security levels guaranteed. This problem is known as the MTD timing problem. Little prior work has been done to investigate the right time in making adaptations. In this paper, we take the first step to both theoretically and experimentally study the timing problem in moving target defenses. For a broad family of attacks including DDoS attacks and cloud covert channel attacks, we model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to make adaptations with the objective of minimizing the long-term cost rate. In our experiments, both DDoS attacks and cloud covert channel attacks are studied. Simulations based on real network traffic traces are conducted and we demonstrate that our proposed algorithm outperforms known adaptation schemes.