SlideShare a Scribd company logo

2012 S&P Paper Reading Session1

Chong-Kuan Chen
Chong-Kuan Chen
EngineeringEducationBusiness
1 of 46
Download to read offline
S&P  2012  Paper  Reading    Session  1:  System  Security Chong-­‐Kuan  Chen  
Outline 1.  A  Framework  to  Eliminate  Backdoors  from   Response-­‐Computable  AuthenHcaHon   2.  Safe  Loading-­‐A  FoundaHon  for  Secure   ExecuHon  of  Untrusted  Programs   3.  ReDeBug:  Finding  Unpatched  Code  Clones  in   EnHre  OS  DistribuHons  
A  Framework  to  Eliminate  Backdoors  from   Response-­‐Computable  Authen<ca<on Shuaifu  Dai,  Tao  Wei,  Chao  Zhang,  Tielei  Wang,  Yu   Ding,  Zhenkai  Liang,  Wei  Zou    Beijing  Key  Lab  of  Internet  Security  Technology      University  of  California,  Berkeley
Outline •  IntroducHon   •  Background   – AuthenHcaHon  Model   – Backdoor   •  Proposed  Scheme   – Explicit  response  comparison   – FuncHon  purificaHon   – Backdoor  usability  tesHng   •  EvaluaHon
IntroducHon •  Formalize  authenHcaHon  model   •  Classify  backdoor  to  response-­‐computable   authenHcaHon  (RCA)   •  Propose  new  RCA  framework  to  eliminate   backdoors  
AuthenHcaHon  Model •  The  basic  authenHcaHon   model     •  Two  class  of  authenHcaHon   model   –  Direct  compare  user  response   and  respected  response,   response-­‐computable   authenHcaHon  (RCA)   –  User  response  involves  in   authenHcaHon  progress  
Response-­‐computable  AuthenHcaHon
Backdoor  A[ack  Model •  The  a[acker  has  chance  to  modify  develop   progress  but  cannot  interfere  deployment   environment   •  A[acker  cannot  intercept  code  review  and  tesHng   process.   •  OperaHng  system  is  trusted.     •  Password  database  is    trusted   •  Examples  of  backdoor   – VSFTPD  2.3.4  Backdoor   – Thompson’s  compiler  backdoor  
Type  of  Backdoor •  type  T1  :  bypass  response  comparison     –  Depends  on  user  input(U-­‐trigger  backdoor)   –  Depends  on  global  states(G-­‐trigger  backdoor)     –  Depends  on  internal  states(I-­‐trigger  backdoor)   •  Type  T2  :  controlling  computaHon  of  expected   response   –  Type  T2a  backdoor's  response  computaHon  depends   on  informaHon  other  than  challenge  and  password   –  Type  T2b  is  response  computaHon  collision-­‐based   backdoor
Proposed  Scheme •  This  RCA  framework  include   –  Explicit  response  comparison   –  FuncHon  purificaHon   –  Backdoor  usability  tesHng
Explicit  Response  Comparison •  Decouple  verificaHon  process     – Response  computaHon     – Response  comparison   •  Explicit  Response  Comparison   – Response  comparison  compare  user  response  and   respect  response  only   •  This  step  can  eliminate  T1  backdoor  
FuncHon  purificaHon •  Pure    funcHon’s  characters   –  Without  side  effects   –  DeterminisHc     •  This  step  ensure    response  computaHon  is  a  pure  funcHon   –  Only  challenge  and  password  involve  in  response   computaHon     •  NaPu  components  employ  a  funcHon  level  sandbox     –  Global    state  isolaHon     –  Internal    state  reset.     •  Acer  this  step  T2a  backdoors  are  eliminated.  
Backdoor  usability  tesHng •  This  step  use  collision  tesHng     – Use  sampling  to  check  collision  probability   – find  out  high  collision  algorithms     •  Eliminated    T2b  backdoors.  
Overview  of  Scheme
EvaluaHon •  Performance  overhead   •  Backdoor  usability  tesHng   •  Volunteer-­‐created  backdoor
Safe  Loading-­‐AFounda<on  for  Secure  Execu<on  of   Untrusted  Programs Mathias  Payer,  Tobias  Hartmann  and  Thomas  R.  Gross   ETH  Zurich,  Switzerland
Outline •  IntroducHon   •  Background   –  Socware-­‐based  fault  isolaHon   –  Binary  TranslaHon   –  Policy-­‐based  system  call  authorizaHon   •  A[ack  Vector  To  Loader   –  ExploiHng  the  standard  loader   –  The  late  intercepHon  problem   –  The  loader  black  box   •  Proposed  Scheme   •  EvaluaHon
IntroducHon •  SFI  was  deployed  widely  to  secure  program   execuHon   •  Standard  loader  exposes  secure  risk  to  escape   SFI   •  This  paper  replaces  standard  loader  by  secure   loader  out  of  sandbox  to  eliminate  a[ack  to   loader    
Socware-­‐based  Fault  IsolaHon •  Socware-­‐based  fault  isolaHon(SFI)  has  been   proposed  to  secure  program  execuHon   •  With  FFI  framework,  many  security  features  can  be   implement   –  ASLR,  DEP,  stack  canaries   •  Most  of  SFI  frameworks  employ  following  technique   –  Binary  TranslaHon   –  Policy-­‐based  system  call  authorizaHon  
Binary  TranslaHon •  Binary  TranslaHon  (BT)   – Libdetox,  Vx32,  Strata  sanbox  system   – Instrument  applicaHon  behavior
Policy-­‐based  System  Call  AuthorizaHon •  Policy-­‐based  system  call  authorizaHon   – System  call  trace  from  sandbox   – Pre-­‐defined  policy   – To  make  decision  if  the  system  call  can  be   executed
A[ack  Vector  to  Loader •  ExploiHng  the  standard  loader   •  The  late  intercepHon  problem   •  The  loader  black  box  
ExploiHng  the  standard  loader •  Increasing  complexity  of  standard  loader  bring   in  security  risk   – Preload  alternate  libraries   – Replace  the  standard  search  path   – Escalate  privileges
The  Late  IntercepHon  Problem •  ApplicaHon,  BT  and  loader  share  the  same   memory  space   – Loader  may  leak  memory  layout  informaHon   – Break  integrity  of  the  BT
The  Loader  Black  Box •  In  previous  work,  loader  is  the  black  box  and   translated  as  applicaHon   – ApplicaHon  must  has  privileges  to  load  code   – Sandbox  has  no  informaHon  about  memory  layout
Safe  Loading   •  A  lightweight  secure  loader   and  move  secure  loader  into   sandbox  
Privilege  Separate   •  Divide  applicaHon  into  two  domain   – Sandbox  domain  and  applicaHon  domain   •  Sandbox  domain  (secure  loader  and  sandbox)   – Ensure  only  checked  code  loaded     •  ApplicaHon  domain   – Indirect  control  flow  transfer  will  be  checked  by   sandbox  domain
SoluHon  to  Standard  Sandbox •  RestricHng  Privilege  EscalaHon  A[ack   – Secure  loader  only  need  to  relocate  code  and  thus   reduce  a[ack  vector   •  ProtecHng  All  Executed  ApplicaHon  Code   •  Opening  the  Loader  Black  Box
Performance  EvaluaHon
Security  Feature
ReDeBug:  Finding  Unpatched  Code  Clones  in  EnHre   OS  DistribuHons Jiyong  Jang,  Abeer  Agrawal,  and  David  Brumley   Carnegie  Mellon  University
IntroducHon •  Patch  is  the  standard  process  to  fix  and   update  buggy  code   •  Code  clone  is  ocen  appear  in  OS  distribuHon   – Bad  programming  style   – Independent  of  sub-­‐component   – It  is  hard  to  discover  code  clones  in  OS     •  This  paper  propose  system  finding  unpatched   code  clones  in  OS-­‐distribuHon  
Example  of  Code  Clone •  CVE-­‐2009-­‐3720  is  exploit  discovered  and  fixed   in  2009   •  But  the  same  code  clone  appear  386  Hmes   across  Debian,  Ubuntu  package  
Related  Work •  Most  previous  work  like  MOSS,  CCFinde   – DetecHon  all  code  clone  in  system   – Not  scale  enough  to  OS  level   – Language-­‐dependent  
ReDeBug •  This  paper  propose  ReDeBug  system  to  find  code   clone     –  Flexible  scalability   –  Language  agnosHc   –  Lower  false  detecHon  rate   •  ReDeBug  find  code  clone  by  folowing  steps   –  Pre-­‐process  the  source  to  construct  source  database   –  Check  for  unpatched  code  copies   –  Post-­‐process  to  find  exactly  matching  code  
ReDeBug  Workflow
Pre-­‐process 1.  Performs  normalizaHon  and  tokenizaHon     2.  Moves  an  n-­‐length  window  over  the  token   stream.  For  each  window,  the  resulHng  n-­‐ tokens  are  hashed  into  a  Bloom  filter   3.  Stores  the  Bloom  filter  for  each  source  file  in   a  raw  data  format
NormalizaHon   •  Each  line  as  a  basic  unit   – Remove  comments   – Non-­‐ASCII  characters   – Redundant  whitespace  and  newline   – Convert  to  lower  case
TokenizaHon •  Slides  a  window  of  length  n   – Every  n  consecuHve  unit  will  use  to  compare   – Following  are  sample  where  n=2 1 2 3 4 5 1 2 2 3 3 4 4 5
Bloom  Filter Add  element Check  element
Check for Unpatched Code Copies 1.  Extracts  the  original  code  snippet  and  the  c   tokens  of  context  informaHon  from  the  pre-­‐ patch  source   2.  Normalizes  and  tokenizes  the  extracted   original  buggy  code  snippets   3.  Hashes  the  n-­‐token  window  into  a  set  of   hashes   4.  Bloom  filter  set  membership  test
Post-­‐process 1.  Performs  an  exact-­‐matching  test   2.  Excludes  dead  code   3.  reports  only  non-­‐dead  code  to  the  user
Database  Build  Time
Query  Time  
Q&A
Login  Request Challenge Response server client Compute   response Compute   response ’ AuthenHcaHon   Check

Recommended

Addios!
Addios!Addios!
Addios!Chong-Kuan Chen
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014Chong-Kuan Chen
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat Security Conference
 

Recommended

Addios!
Addios!Addios!
Addios!Chong-Kuan Chen
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014Chong-Kuan Chen
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat Security Conference
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat Security Conference
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentationisc2-hellenic
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsNCC Group
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
OWST - Orange Web Security Toolkit Documentation
OWST - Orange Web Security Toolkit DocumentationOWST - Orange Web Security Toolkit Documentation
OWST - Orange Web Security Toolkit DocumentationOrange Tsai
 

More Related Content

What's hot

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat Security Conference
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentationisc2-hellenic
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsNCC Group
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 

What's hot (20)

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-room
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentation
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 

Viewers also liked

Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
OWST - Orange Web Security Toolkit Documentation
OWST - Orange Web Security Toolkit DocumentationOWST - Orange Web Security Toolkit Documentation
OWST - Orange Web Security Toolkit DocumentationOrange Tsai
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security MasterChong-Kuan Chen
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure ComputationChong-Kuan Chen
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and ExecutionChong-Kuan Chen
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享Chong-Kuan Chen
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-AreaOrange Tsai
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueChong-Kuan Chen
 
WebConf 2013「Best Practices - The Upload」
WebConf 2013「Best Practices - The Upload」WebConf 2013「Best Practices - The Upload」
WebConf 2013「Best Practices - The Upload」Orange Tsai
 

Viewers also liked (12)

Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
OWST - Orange Web Security Toolkit Documentation
OWST - Orange Web Security Toolkit DocumentationOWST - Orange Web Security Toolkit Documentation
OWST - Orange Web Security Toolkit Documentation
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security Master
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure Computation
 
Mem forensic
Mem forensicMem forensic
Mem forensic
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and Execution
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
 
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
 
WebConf 2013「Best Practices - The Upload」
WebConf 2013「Best Practices - The Upload」WebConf 2013「Best Practices - The Upload」
WebConf 2013「Best Practices - The Upload」
 

Similar to 2012 S&P Paper Reading Session1

ONOS System Test - ONS2016
ONOS System Test - ONS2016ONOS System Test - ONS2016
ONOS System Test - ONS2016Suibin Zhang
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksAnne Nicolas
 
Version Control and Continuous Integration
Version Control and Continuous IntegrationVersion Control and Continuous Integration
Version Control and Continuous IntegrationGeff Henderson Chang
 
Tool Up Your LAMP Stack
Tool Up Your LAMP StackTool Up Your LAMP Stack
Tool Up Your LAMP StackLorna Mitchell
 
Runos OpenFlow Controller (eng)
Runos OpenFlow Controller (eng)Runos OpenFlow Controller (eng)
Runos OpenFlow Controller (eng)Alexander Shalimov
 
Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...Nikolay Savvinov
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
DevOps & Security: Here & Now
DevOps & Security: Here & NowDevOps & Security: Here & Now
DevOps & Security: Here & NowCheckmarx
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Puppet
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavAbhay Bhargav
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
Dev opsandsecurity owasp
Dev opsandsecurity owaspDev opsandsecurity owasp
Dev opsandsecurity owaspHelen Bravo
 
Joomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingJoomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingShyam Sunder Verma
 
526_topic12_13.ppt
526_topic12_13.ppt526_topic12_13.ppt
526_topic12_13.pptImXaib
 
CNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware LaunchingCNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware LaunchingSam Bowne
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Sysdig
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 

Similar to 2012 S&P Paper Reading Session1 (20)

ONOS System Test - ONS2016
ONOS System Test - ONS2016ONOS System Test - ONS2016
ONOS System Test - ONS2016
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
 
Version Control and Continuous Integration
Version Control and Continuous IntegrationVersion Control and Continuous Integration
Version Control and Continuous Integration
 
Tool up your lamp stack
Tool up your lamp stackTool up your lamp stack
Tool up your lamp stack
 
Tool Up Your LAMP Stack
Tool Up Your LAMP StackTool Up Your LAMP Stack
Tool Up Your LAMP Stack
 
Runos OpenFlow Controller (eng)
Runos OpenFlow Controller (eng)Runos OpenFlow Controller (eng)
Runos OpenFlow Controller (eng)
 
Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
DevOps & Security: Here & Now
DevOps & Security: Here & NowDevOps & Security: Here & Now
DevOps & Security: Here & Now
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Security
 
Dev opsandsecurity owasp
Dev opsandsecurity owaspDev opsandsecurity owasp
Dev opsandsecurity owasp
 
Joomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingJoomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation Testing
 
526_topic12_13.ppt
526_topic12_13.ppt526_topic12_13.ppt
526_topic12_13.ppt
 
CNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware LaunchingCNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware Launching
 
Chapter 1: Introduction to Unix / Linux Kernel
Chapter 1: Introduction to Unix / Linux KernelChapter 1: Introduction to Unix / Linux Kernel
Chapter 1: Introduction to Unix / Linux Kernel
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 

Recently uploaded

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Christo Ananth
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 

Recently uploaded (20)

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 

2012 S&P Paper Reading Session1

  • 1. S&P  2012  Paper  Reading    Session  1:  System  Security Chong-­‐Kuan  Chen  
  • 2. Outline 1.  A  Framework  to  Eliminate  Backdoors  from   Response-­‐Computable  AuthenHcaHon   2.  Safe  Loading-­‐A  FoundaHon  for  Secure   ExecuHon  of  Untrusted  Programs   3.  ReDeBug:  Finding  Unpatched  Code  Clones  in   EnHre  OS  DistribuHons  
  • 3. A  Framework  to  Eliminate  Backdoors  from   Response-­‐Computable  Authen<ca<on Shuaifu  Dai,  Tao  Wei,  Chao  Zhang,  Tielei  Wang,  Yu   Ding,  Zhenkai  Liang,  Wei  Zou    Beijing  Key  Lab  of  Internet  Security  Technology      University  of  California,  Berkeley
  • 4. Outline •  IntroducHon   •  Background   – AuthenHcaHon  Model   – Backdoor   •  Proposed  Scheme   – Explicit  response  comparison   – FuncHon  purificaHon   – Backdoor  usability  tesHng   •  EvaluaHon
  • 5. IntroducHon •  Formalize  authenHcaHon  model   •  Classify  backdoor  to  response-­‐computable   authenHcaHon  (RCA)   •  Propose  new  RCA  framework  to  eliminate   backdoors  
  • 6. AuthenHcaHon  Model •  The  basic  authenHcaHon   model     •  Two  class  of  authenHcaHon   model   –  Direct  compare  user  response   and  respected  response,   response-­‐computable   authenHcaHon  (RCA)   –  User  response  involves  in   authenHcaHon  progress  
  • 8. Backdoor  A[ack  Model •  The  a[acker  has  chance  to  modify  develop   progress  but  cannot  interfere  deployment   environment   •  A[acker  cannot  intercept  code  review  and  tesHng   process.   •  OperaHng  system  is  trusted.     •  Password  database  is    trusted   •  Examples  of  backdoor   – VSFTPD  2.3.4  Backdoor   – Thompson’s  compiler  backdoor  
  • 9. Type  of  Backdoor •  type  T1  :  bypass  response  comparison     –  Depends  on  user  input(U-­‐trigger  backdoor)   –  Depends  on  global  states(G-­‐trigger  backdoor)     –  Depends  on  internal  states(I-­‐trigger  backdoor)   •  Type  T2  :  controlling  computaHon  of  expected   response   –  Type  T2a  backdoor's  response  computaHon  depends   on  informaHon  other  than  challenge  and  password   –  Type  T2b  is  response  computaHon  collision-­‐based   backdoor
  • 10. Proposed  Scheme •  This  RCA  framework  include   –  Explicit  response  comparison   –  FuncHon  purificaHon   –  Backdoor  usability  tesHng
  • 11. Explicit  Response  Comparison •  Decouple  verificaHon  process     – Response  computaHon     – Response  comparison   •  Explicit  Response  Comparison   – Response  comparison  compare  user  response  and   respect  response  only   •  This  step  can  eliminate  T1  backdoor  
  • 12. FuncHon  purificaHon •  Pure    funcHon’s  characters   –  Without  side  effects   –  DeterminisHc     •  This  step  ensure    response  computaHon  is  a  pure  funcHon   –  Only  challenge  and  password  involve  in  response   computaHon     •  NaPu  components  employ  a  funcHon  level  sandbox     –  Global    state  isolaHon     –  Internal    state  reset.     •  Acer  this  step  T2a  backdoors  are  eliminated.  
  • 13. Backdoor  usability  tesHng •  This  step  use  collision  tesHng     – Use  sampling  to  check  collision  probability   – find  out  high  collision  algorithms     •  Eliminated    T2b  backdoors.  
  • 15. EvaluaHon •  Performance  overhead   •  Backdoor  usability  tesHng   •  Volunteer-­‐created  backdoor
  • 16. Safe  Loading-­‐AFounda<on  for  Secure  Execu<on  of   Untrusted  Programs Mathias  Payer,  Tobias  Hartmann  and  Thomas  R.  Gross   ETH  Zurich,  Switzerland
  • 17. Outline •  IntroducHon   •  Background   –  Socware-­‐based  fault  isolaHon   –  Binary  TranslaHon   –  Policy-­‐based  system  call  authorizaHon   •  A[ack  Vector  To  Loader   –  ExploiHng  the  standard  loader   –  The  late  intercepHon  problem   –  The  loader  black  box   •  Proposed  Scheme   •  EvaluaHon
  • 18. IntroducHon •  SFI  was  deployed  widely  to  secure  program   execuHon   •  Standard  loader  exposes  secure  risk  to  escape   SFI   •  This  paper  replaces  standard  loader  by  secure   loader  out  of  sandbox  to  eliminate  a[ack  to   loader    
  • 19. Socware-­‐based  Fault  IsolaHon •  Socware-­‐based  fault  isolaHon(SFI)  has  been   proposed  to  secure  program  execuHon   •  With  FFI  framework,  many  security  features  can  be   implement   –  ASLR,  DEP,  stack  canaries   •  Most  of  SFI  frameworks  employ  following  technique   –  Binary  TranslaHon   –  Policy-­‐based  system  call  authorizaHon  
  • 20. Binary  TranslaHon •  Binary  TranslaHon  (BT)   – Libdetox,  Vx32,  Strata  sanbox  system   – Instrument  applicaHon  behavior
  • 21. Policy-­‐based  System  Call  AuthorizaHon •  Policy-­‐based  system  call  authorizaHon   – System  call  trace  from  sandbox   – Pre-­‐defined  policy   – To  make  decision  if  the  system  call  can  be   executed
  • 22. A[ack  Vector  to  Loader •  ExploiHng  the  standard  loader   •  The  late  intercepHon  problem   •  The  loader  black  box  
  • 23. ExploiHng  the  standard  loader •  Increasing  complexity  of  standard  loader  bring   in  security  risk   – Preload  alternate  libraries   – Replace  the  standard  search  path   – Escalate  privileges
  • 24. The  Late  IntercepHon  Problem •  ApplicaHon,  BT  and  loader  share  the  same   memory  space   – Loader  may  leak  memory  layout  informaHon   – Break  integrity  of  the  BT
  • 25. The  Loader  Black  Box •  In  previous  work,  loader  is  the  black  box  and   translated  as  applicaHon   – ApplicaHon  must  has  privileges  to  load  code   – Sandbox  has  no  informaHon  about  memory  layout
  • 26. Safe  Loading   •  A  lightweight  secure  loader   and  move  secure  loader  into   sandbox  
  • 27. Privilege  Separate   •  Divide  applicaHon  into  two  domain   – Sandbox  domain  and  applicaHon  domain   •  Sandbox  domain  (secure  loader  and  sandbox)   – Ensure  only  checked  code  loaded     •  ApplicaHon  domain   – Indirect  control  flow  transfer  will  be  checked  by   sandbox  domain
  • 28. SoluHon  to  Standard  Sandbox •  RestricHng  Privilege  EscalaHon  A[ack   – Secure  loader  only  need  to  relocate  code  and  thus   reduce  a[ack  vector   •  ProtecHng  All  Executed  ApplicaHon  Code   •  Opening  the  Loader  Black  Box
  • 31. ReDeBug:  Finding  Unpatched  Code  Clones  in  EnHre   OS  DistribuHons Jiyong  Jang,  Abeer  Agrawal,  and  David  Brumley   Carnegie  Mellon  University
  • 32. IntroducHon •  Patch  is  the  standard  process  to  fix  and   update  buggy  code   •  Code  clone  is  ocen  appear  in  OS  distribuHon   – Bad  programming  style   – Independent  of  sub-­‐component   – It  is  hard  to  discover  code  clones  in  OS     •  This  paper  propose  system  finding  unpatched   code  clones  in  OS-­‐distribuHon  
  • 33. Example  of  Code  Clone •  CVE-­‐2009-­‐3720  is  exploit  discovered  and  fixed   in  2009   •  But  the  same  code  clone  appear  386  Hmes   across  Debian,  Ubuntu  package  
  • 34. Related  Work •  Most  previous  work  like  MOSS,  CCFinde   – DetecHon  all  code  clone  in  system   – Not  scale  enough  to  OS  level   – Language-­‐dependent  
  • 35. ReDeBug •  This  paper  propose  ReDeBug  system  to  find  code   clone     –  Flexible  scalability   –  Language  agnosHc   –  Lower  false  detecHon  rate   •  ReDeBug  find  code  clone  by  folowing  steps   –  Pre-­‐process  the  source  to  construct  source  database   –  Check  for  unpatched  code  copies   –  Post-­‐process  to  find  exactly  matching  code  
  • 37. Pre-­‐process 1.  Performs  normalizaHon  and  tokenizaHon     2.  Moves  an  n-­‐length  window  over  the  token   stream.  For  each  window,  the  resulHng  n-­‐ tokens  are  hashed  into  a  Bloom  filter   3.  Stores  the  Bloom  filter  for  each  source  file  in   a  raw  data  format
  • 38. NormalizaHon   •  Each  line  as  a  basic  unit   – Remove  comments   – Non-­‐ASCII  characters   – Redundant  whitespace  and  newline   – Convert  to  lower  case
  • 39. TokenizaHon •  Slides  a  window  of  length  n   – Every  n  consecuHve  unit  will  use  to  compare   – Following  are  sample  where  n=2 1 2 3 4 5 1 2 2 3 3 4 4 5
  • 41. Check for Unpatched Code Copies 1.  Extracts  the  original  code  snippet  and  the  c   tokens  of  context  informaHon  from  the  pre-­‐ patch  source   2.  Normalizes  and  tokenizes  the  extracted   original  buggy  code  snippets   3.  Hashes  the  n-­‐token  window  into  a  set  of   hashes   4.  Bloom  filter  set  membership  test
  • 42. Post-­‐process 1.  Performs  an  exact-­‐matching  test   2.  Excludes  dead  code   3.  reports  only  non-­‐dead  code  to  the  user
  • 45. Q&A