检索结果-内蒙古大学图书馆

Reverse engineering Java Card and vulnerability exploitation: a shortcut to ROM

INTERNATIONAL JOURNAL OF INFORMATION SECURITY 2019年第1期18卷 85-100页

作者： Mesbah, Abdelhak Lanet, Jean-Louis Mezghiche, Mohamed Univ Boumerdes Independence Ave Boumerdes 35000 Algeria INRIA LHS PEC 263 Ave Gen Leclerc F-35042 Rennes France

Secure elements store and manipulate assets in a secure way. The most attractive assets are the cryptographic keys stored into the memory that can be used to provide secure services to a system. For this reason, secure elements are prone to attacks. But retrieving assets inside such a highly secure device is a challenging task. This paper presents the process we used to gain access to the assets in the particular case of Java Card secure element. In a Java Card, the assets are stored securely, i.e., respecting confidentiality and integrity attributes. Only the native layers can manipulate these sensitive objects. Thus, the Java interpreter, the API and the run time act as a firewall between the assets and the Java applications that one can load into the device. Finding a vulnerability into this piece of software is of a prime importance. Finding a vulnerability into a software is often not enough to develop a complete exploit. Here, we demonstrate at the end that a Java Card applet can call the hidden native functions used to decipher the secure container that encapsulates a key. Some previous attacks have shown the ability to get access to the application code area. But the Java Card intermediate byte code detected in the dumps has shown several differences with regard to the specification, which prevents the reverse engineering of the applicative code. Thus, to avoid the execution of shell code by a hostile applet, a part of the byte code stored into the card is unknown. The transformation is done on-the-fly during the upload of an application. We present in this article a new approach for reversing the unknown instruction set of the intermediate byte code which in turn has led to reverse engineering of the Java classes of the attacked card. We discovered during the reverse that some method calls have an unusual signature. Without having access to the native code, we have inferred the semantics of the called methods and their calling convention. These methods have

关键词： Smart card Java Card Reverse engineering Native calls vulnerability exploitation

来源：评论

学校读者我要写书评

暂无评论

Automated vulnerability exploitation Using Deep Reinforcement Learning

引用

APPLIED SCIENCES-BASEL 2024年第20期14卷 9331页

作者： Almajali, Anas Al-Abed, Loiy Yousef, Khalil M. Ahmad Mohd, Bassam J. Samamah, Zaid Abu Shhadeh, Anas Hashemite Univ Dept Comp Engn Fac Engn Zarqa 13115 Jordan Amer Univ Sharjah Dept Comp Sci & Engn Sharjah U Arab Emirates

The main objective of this paper is to develop a reinforcement agent capable of effectively exploiting a specific vulnerability. Automating pentesting can reduce the cost and time of the operation. While there are existing tools like Metasploit Pro that offer automated exploitation capabilities, they often require significant execution times and resources due to their reliance on exhaustive payload testing. In this paper, we have created a deep reinforcement agent specifically configured to exploit a targeted vulnerability. Through a training phase, the agent learns and stores payloads along with their corresponding reward values in a neural network. When encountering a specific combination of a target operating system and vulnerability, the agent utilizes its neural network to determine the optimal exploitation options. The novelty of this work lies in employing Deep Reinforcement Learning in vulnerability exploitation analysis. To evaluate our proposed methodology, we conducted training and testing on the Metasploitable platform. The training phase of the reinforcement agent was conducted on two use cases: the first one has one vulnerability, and the second one has four vulnerabilities. Our approach successfully achieved the attacker's primary objective of establishing a reverse shell with a maximum accuracy of 96.6% and 73.6% for use cases one and two, respectively.

关键词： cybersecurity vulnerability exploitation penetration testing risk assessment reinforcement learning neural networks machine learning

来源：评论

学校读者我要写书评

暂无评论

An effective evaluation model of vulnerability exploitation defense in dynamic trusted network

An effective evaluation model of vulnerability exploitation ...

引用

2013 International Conference on Sport Science and Computer Science (CCCS 2013)

作者： Wen Huang Guoyun Duan Department of computer and Communication Engineering Hunan University of Science and Engineering

This paper analyzed two potential vulnerability exploitations in trusted network authentication:TOCTOU attacks and substitution platform attack,and pointed out the system flaws in trusted terminal and remote trusted platform authenticating in the current TCG and TNC standard *** solve this problem,we proposed an improved scheme in dynamic trusted network authentication:checking the trusted storage by setting a symbol file,and binding trusted terminal and remote platform on this *** to the analysis of network vulnerability exploitation attack graph,the improved system can significantly reduce the vulnerability exploitation success rate in trusted network.

关键词： trusted network attack graph vulnerability exploitation TOCTOU platform substitution attack

来源：评论

学校读者我要写书评

暂无评论

Automated vulnerability Discovery and exploitation in the Internet of Things

引用

SENSORS 2019年第15期19卷 3362-3362页

作者： Wang, Zhongru Zhang, Yuntao Tian, Zhihong Ruan, Qiang Liu, Tong Wang, Haichen Liu, Zhehui Lin, Jiayi Fang, Binxing Shi, Wei Beijing Univ Posts & Telecommun Minist Educ Key Lab Trustworthy Distributed Comp & Serv Beijing 100876 Peoples R China Guangzhou Univ Cyberspace Inst Adv Technol Guangzhou 510006 Guangdong Peoples R China Beijing DigApis Technol Co Ltd Beijing 100081 Peoples R China Carleton Univ Sch Informat Technol Ottawa ON K1S 5B6 Canada

Recently, automated software vulnerability detection and exploitation in Internet of Things (IoT) has attracted more and more attention, due to IoT's fast adoption and high social impact. However, the task is challenging and the solutions are non-trivial: the existing methods have limited effectiveness at discovering vulnerabilities capable of compromising IoT systems. To address this, we propose an Automated vulnerability Discovery and exploitation framework with a Scheduling strategy, AutoDES that aims to improve the efficiency and effectiveness of vulnerability discovery and exploitation. In the vulnerability discovery stage, we use our Anti-Driller technique to mitigate the "path explosion" problem. This approach first generates a specific input proceeding from symbolic execution based on a Control Flow Graph (CFG). It then leverages a mutation-based fuzzer to find vulnerabilities while avoiding invalid mutations. In the vulnerability exploitation stage, we analyze the characteristics of vulnerabilities and then propose to generate exploits, via the use of several proposed attack techniques that can produce a shell based on the detected vulnerabilities. We also propose a genetic algorithm (GA)-based scheduling strategy (AutoS) that helps with assigning the computing resources dynamically and efficiently. The extensive experimental results on the RHG 2018 challenge dataset and the BCTF-RHG 2019 challenge dataset clearly demonstrate the effectiveness and efficiency of the proposed framework.

关键词： security vulnerability discovery vulnerability exploitation

来源：评论

学校读者我要写书评

暂无评论

Constructing arbitrary write via puppet objects and delivering gadgets in Linux kernel

引用

COMPUTERS & SECURITY 2025年 150卷

作者： Liu, Danjun Meng, Xuan Wang, Pengfei Xie, Xu Zhou Wei Natl Univ Def Technol Changsha Peoples R China

Researchers have proposed various methods to perform kernel exploitation, which facilitates vulnerability evaluation and fixing. To sum up, traditional approaches tend to construct ROP chains or perform arbitrary write to escalate privileges. However, the former depends on some unusual ROP gadgets to save the stack frame pointer and demands adequate kernel memory space to hold the ROP chain. Additionally, to construct arbitrary write, existing approaches either rely on the usability of a certain kernel objector have restrictions on the write value. These limitations sometimes hinder the exploitation of the vulnerability. In this paper, to overcome the limitations of existing exploitation strategies, we propose an elegant approach, which uses puppet objects and delivering gadgets to construct arbitrary writes. This approach relies common ROP gadgets, requires less controllable memory, imposes fewer restrictions, and features a concise exploitation process. We also devise a tool named PODE to automatically identify puppet objects in Linux kernel and select suitable puppet objects and delivering gadgets fora given vulnerability. We evaluate PODE using real-world kernel vulnerabilities and successfully exploit 16 of them using puppet objects, demonstrating that it not only diversifies the ways to perform kernel exploitation but also escalates the exploitability of kernel vulnerabilities.

关键词： Kernel security vulnerability exploitation Arbitrary write Privilege escalation

来源：评论

学校读者我要写书评

暂无评论

The efficiency of ICT suppliers' product security incident response teams in reducing the risk of exploitation of vulnerabilities in the wild

引用

COMPUTERS & SECURITY 2025年 152卷

作者： Radunovic, Vladimir Veinovic, Mladen Jevremovic, Aleksandar Singidunum Univ Beograd Serbia

exploitation of vulnerabilities in digital products is among the key components of cyberattacks. Suppliers of digital products use different security-by-design practices, such as a product security incident response team (PSIRT), to respond to discovered vulnerabilities and minimise the cybersecurity risk. However, the efficiency of such practices, including PSIRT, remains underexplored. This paper evaluates the efficiency of PSIRT in reducing risks of exploitation of vulnerabilities 'in the wild' (i. e. their active use in real-world cyberattacks) using a customised model based on randomised matched case- control design with data from authoritative public sources. Results show that PSIRT reduces the likelihood of exploitation by 17 % (absolute risk reduction). Additionally, factors like the availability of proof of concept for vulnerability exploitation, type of supplier's industry, and the open-source nature of its products influence the risk altering the absolute risk reduction by 10 %, 3.6 % and 2.2 % respectively. The study confirms PSIRT as a good practice that cybersecurity practitioners - particularly large suppliers and suppliers to critical infrastructure - should consider in order to reduce risk of vulnerability exploitation in the wild. It recommends coupling PSIRT with other security-by-design practices to maximise risk reduction. The proposed model allows researchers and practitioners to assess the efficiency of similar practices in reducing the risk of vulnerability exploitation.

关键词： vulnerability exploitation vulnerability management Product security Cybersecurity risks Incident response Security-by-design Secure development lifecycle

来源：评论

学校读者我要写书评

暂无评论

A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps

引用

APPLIED MATHEMATICS AND COMPUTATION 2017年第0期293卷 523-544页

作者： D'Orazio, Christian J. Lu, Rongxing Choo, Kim-Kwang Raymond Vasilakos, Athanasios V. Univ South Australia Sch Informat Technol & Math Sci Adelaide SA Australia Univ New Brunswick Fac Comp Sci Fredericton NB E3B 5A3 Canada Univ Texas San Antonio Dept Informat Syst & Cyber Secur San Antonio TX 78249 USA China Univ Geosci Sch Comp Sci Wuhan Peoples R China Lulea Univ Technol Dept Comp Sci Elect & Space Engn Lulea Sweden

With the increased convergence of technologies whereby a user can access, store and transmit data across different devices in real-time, risks will arise from factors such as lack of appropriate security measures in place and users not having requisite levels of security awareness and not fully understanding how security measures can be used to their advantage. In this paper, we adapt our previously published adversary model for digital rights management (DRM) apps and demonstrate how it can be used to detect vulnerable iOS devices and to analyse (non-DRM) apps for vulnerabilities that can potentially be exploited. Using our adversary model, we investigate several (jailbroken and non-jailbroken) iOS devices, Australian Government Medicare Expert Plus (MEP) app, Commonwealth Bank of Australia app, Western Union app, PayPal app, PocketCloud Remote Desktop app and Simple Transfer Pro app, and reveal previously unknown vulnerabilities. We then demonstrate how the identified vulnerabilities can be exploited to expose the user's sensitive data and personally identifiable information stored on or transmitted from the device. We conclude with several recommendations to enhance the security and privacy of user data stored on or transmitted from these devices. (C) 2016 Elsevier Inc. All rights reserved.

关键词： Mobile device vulnerability Mobile security and privacy Mobile threats vulnerability discovery vulnerability exploitation iOS device vulnerability

来源：评论

学校读者我要写书评

暂无评论

Software systems at risk: An empirical study of cloned vulnerabilities in practice

引用

COMPUTERS & SECURITY 2018年 77卷 720-736页

作者： Kim, Seulbae Lee, Heejo Korea Univ Dept Comp Sci & Engn Seoul 136713 South Korea

With the growth of open source software (OSS), code clones - code fragments that are copied and pasted within or between software systems- are proliferating. Although code cloning may expedite the process of software development, it often critically affects the security of software because vulnerabilities and bugs can easily be propagated through code clones. These vulnerable code clones are increasing in conjunction with the growth of OSS, potentially contaminating many systems. Although researchers have attempted to detect code clones for decades, most of these attempts fail to scale to the size of the ever-growing OSS code base. The lack of scalability prevents software developers from readily managing code clones and associated vulnerabilities. Moreover, most existing clone detection techniques focus overly on merely detecting clones and this impairs their ability to accurately find "vulnerable" clones. In this paper, we propose VUDDY, an approach for the scalable detection of vulnerable code clones, which is capable of detecting security vulnerabilities in large software programs efficiently and accurately. Its extreme scalability is achieved by leveraging function-level granularity and a length-filtering technique that reduces the number of signature comparisons. This efficient design enables VUDDY to preprocess a billion lines of code in 14 hours and 17 minutes, after which it requires a few seconds to identify code clones. In addition, we designed a vulnerability-preserving abstraction technique that renders VUDDY resilient to common modifications in cloned code, while preserving the vulnerable conditions even after the abstraction is applied. This extends the scope of VUDDY to identifying variants of known vulnerabilities, with high accuracy. An implementation of VUDDY has been serviced online for free at IoTcube, an automated vulnerability detection platform. In this study, we describe its principles, evaluate its efficacy, and analyze the vulnerabilities

关键词： Software vulnerability Open source software vulnerability propagation Code clone detection vulnerability exploitation

来源：评论

学校读者我要写书评

暂无评论

From Release to Rebirth: Exploiting Thanos Objects in Linux Kernel

引用

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 2023年 18卷 533-548页

作者： Liu, Danjun Wang, Pengfei Zhou, Xu Xie, Wei Zhang, Gen Luo, Zhenhao Yue, Tai Wang, Baosheng Natl Univ Def Technol Sch Comp Sci Changsha 410073 Peoples R China

vulnerability fixing is time-consuming, hence, not all of the discovered vulnerabilities can be fixed timely. In reality, developers prioritize vulnerability fixing based on exploitability. Large numbers of vulnerabilities are delayed to patch or even ignored as they are regarded as "unexploitable " or underestimated owing to the difficulty in exploiting the weak primitives. However, exploits may have been in the wild. In this paper, to exploit the weak primitives that traditional approaches fail to exploit, we propose a versatile exploitation strategy that can transform weak exploit primitives into strong exploit primitives. Based on a special object in the kernel named Thanos object, our approach can exploit a UAF vulnerability that does not have function pointer dereference and an OOB write vulnerability that has limited write length and value. Our approach overcomes the shortage that traditional exploitation strategies heavily rely on the capability of the vulnerability. To facilitate using Thanos objects, we devise a tool named TAODE to automatically search for eligible Thanos objects from the kernel. Then, it evaluates the usability of the identified Thanos objects by the complexity of the constraints. Finally, it pairs vulnerabilities with eligible Thanos objects. We have evaluated our approach with real-world kernels. TAODE successfully identified numerous Thanos objects from Linux. Using the identified Thanos objects, we proved the feasibility of our approach with 20 real-world vulnerabilities, most of which traditional techniques failed to exploit. Through the experiments, we find that in addition to exploiting weak primitives, our approach can sometimes bypass the kernel SMAP mechanism (CVE-2016-10150, CVE-2016-0728), better utilize the leaked heap pointer address (CVE-2022-25636), and even theoretically break certain vulnerability patches (e.g., double-free).

关键词： vulnerability exploitation transfer weak primitives kernel security

来源：评论

学校读者我要写书评

暂无评论

Secret Cracking and Security Enhancement for the Image Application of CRT-Based Secret Sharing

引用

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 2024年 19卷 9819-9834页

作者： Wang, Rui Li, Longlong Yang, Guozheng Yan, Xuehu Yan, Wei Natl Univ Def Technol Coll Elect Engn Hefei 230037 Peoples R China Anhui Prov Key Lab Cyberspace Secur Situat Awarene Hefei 230037 Peoples R China

The Asmuth and Bloom threshold secret sharing (AB-SS) is a classical introduction of the Chinese remainder theorem (CRT) to secret sharing, offering low computational complexity compared to other branches of secret sharing. For decades, numerous schemes have been proposed for practical applications of AB-SS, such as secret image sharing (SIS). However, in terms of security, AB-SS has proved to be neither ideal nor perfect, and its derivatives in image sharing exhibit vulnerabilities associated with secret leakage. This paper studies the security issues in the SIS schemes derived from AB-SS and improves the core sharing principle of AB-SS to enhance security in image protection. First, for (2, n)-CRTSIS schemes, we exploit the vulnerability in a single share image to crack the confidential information of the original image, including secret pixel values and the ratio of different pixels. Then, by employing the XOR operation, we introduce a chain obfuscation technology and propose a secure image sharing scheme based on the Chinese remainder theorem (COxor-CRTSIS). The COxor-CRTSIS scheme utilizes integer linear programming for achieving lossless recovery without segmentation and eliminates potential secret disclosure risks without additional encryption. Furthermore, to comprehensively evaluate the security of existing schemes, this paper presents three metrics, information loss rate, fluctuation degree, and coverage rate, enabling a quantitative comparison of security for the first time. Theoretical analyses and experiments are conducted to validate the effectiveness of our scheme.

关键词： Security Cryptography Encryption Image segmentation Steganography Propagation losses Polynomials Information leakage Image reconstruction Transforms Secret image sharing Chinese remainder theorem vulnerability exploitation chain obfuscation security enhancement

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：