the process of encrypting data for Cloud services is usually presented two ways. the data owner can encrypt it themselves or rely on the service provider to do so. On one hand, we have significant security, but high-c...
详细信息
ISBN:
(纸本)9781450322782
the process of encrypting data for Cloud services is usually presented two ways. the data owner can encrypt it themselves or rely on the service provider to do so. On one hand, we have significant security, but high-complexity. On the other, we have ease of use, but limited protection. this false choice leads to data going unprotected as customers throw up their hands. there is a better way. In this keynote, we'll discuss a middle ground that improves upon the standard use cases using Barbican, an open-source key manager created by Rackspace for the OpenStack Cloud.
Virtualization has been a major enabling technology for improving trustworthiness and tamper-resistance of computer security functions. In the past decade, we have witnessed the development of virtualization-based tec...
详细信息
ISBN:
(纸本)9781450322782
Virtualization has been a major enabling technology for improving trustworthiness and tamper-resistance of computer security functions. In the past decade, we have witnessed the development of virtualization-based techniques for attack/malware monitoring, detection, prevention, and profiling. Virtual platforms have been widely adopted for system security experimentation and evaluation, because of their strong isolation, maneuverability, and scalability properties. Conversely, the demand from security research has led to significant advances in virtualization technology itself, for example, in the aspects of virtual machine introspection, check-pointing, and replay. In this talk, I will present an overview of research efforts (including our own) in virtualization-based security and security-driven virtualization. I will also discuss a number of challenges and opportunities in maintaining and elevating the synergies between virtualization and security.
Android has become the leading smartphone platform with hundreds of devices from various manufacturers available on the market today. All these phones closely resemble each other with similar hardware and software fea...
详细信息
ISBN:
(纸本)9781450322782
Android has become the leading smartphone platform with hundreds of devices from various manufacturers available on the market today. All these phones closely resemble each other with similar hardware and software features. Manufacturers must therefore customize the official Android system to differentiate their devices. Unfortunately, such heavily customization by third-party manufacturers often leads to serious vulnerabilities that do not exist in the official Android system. In this paper, we propose a comparative approach to systematically audit software in third-party phones by comparing them side-by-side to the official system. Specifically, we first retrieve pre-loaded apps and libraries from the phone and build a matching base system from the Android open source project repository. We then compare corresponding apps and libraries for potential vulnerabilities. To facilitate this process, we have designed and implemented DexDiff, a system that can pinpoint fine structural differences between two Android binaries and also present the changes in their surrounding contexts. Our experiments show that DexDiff is efficient and scalable. For example, it spends less than two and half minutes to process two 16.5MB (in total) files. DexDiff is also able to reveal a new vulnerability and details of the invasive CIQ mobile intelligence software.
暂无评论