检索结果-内蒙古大学图书馆

Analysis of the adoption of security headers in HTTP

IET INFORMATION SECURITY 2018年第2期12卷 118-126页

作者： Buchanan, William J. Helme, Scott Woodward, Alan Edinburgh Napier Univ Cyber Acad Sch Comp Edinburgh Midlothian Scotland Univ Surrey Surrey Ctr Cyber Secur Guildford Surrey England

With the increase in the number of threats within web-based systems, a more integrated approach is required to ensure the enforcement of security policies from the server to the client. These policies aim to stop man-in-the-middle attacks, code injection, and so on. This study analyses some of the newest security options used within HTTP responses, and scans the Alexa Top 1 Million sites for their implementation within HTTP responses. These options scanned for include: content security policy, public key pinning extension for HTTP, HTTP strict transport security, and HTTP header field X-frame-options, in order to understand the impact that these options have on the most popular websites. The results show that, while the implementation of the parameters is increasing, it is still not implemented on many of the top sites. Along with this, the study shows the profile of adoption of Let's Encrypt digital certificates across the one million sites, along with a way of assessing the quality of the security headers.

关键词： hypermedia transport protocols Web sites public key cryptography security header adoption Web-based systems security policies enforcement man-in-the-middle attacks code injection HTTP responses content security policy public key pinning extension HTTP strict transport security HTTP header field X-frame-options Websites Let Encrypt digital certificates

来源：评论

学校读者我要写书评

暂无评论

A Native APIs Protection Mechanism in the Kernel Mode against Malicious code

引用

IEEE TRANSACTIONS ON COMPUTERS 2011年第6期60卷 813-823页

作者： Sun, Hung-Min Wang, Hsun Wang, King-Hang Chen, Chien-Ming Natl Tsing Hua Univ Dept Comp Sci Hsinchu 300 Taiwan Hong Kong Inst Technol Hong Kong Hong Kong Peoples R China

As new vulnerabilities on Windows systems are reported endlessly, it is more practical to stop polymorphic malicious code from exploiting these vulnerabilities by building an behavior-based monitor, rather than adopting a signature-based detection system or fixing these vulnerabilities. Many behavior-based monitors have been proposed for Windows systems to serve this purpose. Some of them hook high-level system APIs to detect the suspicious behaviors of code. However, they cannot detect malicious code that directly invokes Native APIs. In this paper, we present a novel security scheme that hooks Native APIs in the kernel mode. This method effectively prevents malicious code calling Native APIs directly. It introduces an average eight percent computation overhead into the system. Analyses and a series of experiments are given in the paper to support our claims.

关键词： API hooking Windows API code injection

来源：评论

学校读者我要写书评

暂无评论

Randomized Instruction Sets and Runtime Environments Past Research and Future Directions

引用

IEEE SECURITY & PRIVACY 2009年第1期7卷 18-25页

作者： Keromytis, Angelos D. Columbia Univ Dept Comp Sci New York NY 10027 USA Columbia Univ Network Secur Lab New York NY 10027 USA

The author describes past research and future directions on instruction set randomization (ISR), a general technique for protecting against code-injection attacks. Such attacks are commonly encountered in a variety of application domains, remotely targeting program binaries, Web application and database backends, and Web browsers. Collectively, they represent the vast majority of reported attacks in bug- and incident-tracking repositories for the past decade, with no sign of abatement. ISR provides for a separation of code from data by randomizing the execution environment of legitimate code, which has to be suitably transformed using a key shared with the execution environment. This article describes the motivation behind ISR, the high-level concept, its use in two different application domains (binary code injection and SQL injection attacks), the author's findings and experiences (including several limitations, both of the technique and of prototypes), and future directions for improvements and application of ISR. Although he tries to provide broad coverage of the topic, the primary focus is on the research conducted at the Network Security Laboratory at Columbia.

关键词： Randomized Runtimes And Languages code injection code Randomization SQL injection Cross Site Scripting Artificial Diversity IT Monoculture

来源：评论

学校读者我要写书评

暂无评论

RASCv2: Enabling Remote Access to Side-Channels for Mission Critical and IoT Systems

引用

ACM TRANSACTIONS ON DESIGN AUTOMATION OF ELECTRONIC SYSTEMS 2022年第6期27卷 1–25页

作者： Bai, Yunkai Stern, Andrew Park, Jungmin Tehranipoor, Mark Forte, Domenic Univ Florida 601 Gale Lemerand Dr Gainesville FL 32611 USA

The Internet of Things (IoT) and smart devices are currently being deployed in systems such as autonomous vehicles and medical monitoring devices. The introduction of IoT devices into these systems enables network connectivity for data transfer, cloud support, and more, but can also lead to malware injection. Since many IoT devices operate in remote environments, it is also difficult to protect them from physical tampering. Conventional protection approaches rely on software. However, these can be circumvented by the moving target nature of malware or through hardware attacks. Alternatively, insertion of the internal monitoring circuits into IoT chips requires a design trade-off, balancing the requirements of the monitoring circuit and the main circuit. A very promising approach to detecting anomalous behavior in the IoT and other embedded systems is side-channel analysis. To date, however, this can be performed only before deployment due to the cost and size of side-channel setups (e.g., and oscilloscopes, probes) or by internal performance counters. Here, we introduce an external monitoring printed circuit board (PCB) named RASC to provide remote access to side-channels. RASC reduces the complete side-channel analysis system into two small PCBs (2 x 2 cm), providing the ability to monitor power and electromagnetic (EM) traces of the target device. Additionally, RASC can transmit data and/or alerts of anomalous activities detected to a remote host through Bluetooth. To demonstrate RASCs capabilities, we extract keys from encryption modules such as AES implemented on Arduino and FPGA boards. To illustrate RASC's defensive capabilities, we also use it to perform malware detection. RASC's success in power analysis is comparable to an oscilloscope/probe setup but is lightweight and two orders of magnitude cheaper.

关键词： Side-channel analysis power electromagnetic radiation AES buffer overflow code injection return-oriented program

来源：评论

学校读者我要写书评

暂无评论

Commix: automating evaluation and exploitation of command injection vulnerabilities in Web applications

引用

INTERNATIONAL JOURNAL OF INFORMATION SECURITY 2019年第1期18卷 49-72页

作者： Stasinopoulos, Anastasios Ntantogian, Christoforos Xenakis, Christos Univ Piraeus Dept Digital Syst Karaoli & Dimitriou St 80 Piraeus 18534 Greece

Despite the prevalence and the high impact of command injection attacks, little attention has been given by the research community to this type of code injections. Although there are many software tools to detect and exploit other types of code injections, such as SQL injections or cross-site scripting, there is no dedicated and specialized software that detects and exploits, automatically, command injection vulnerabilities. This paper proposes an open-source tool that automates the process of detecting and exploiting command injection flaws on Web applications, named as COMMand injection eXploiter (Commix). We present and elaborate on the software architecture and detection engine of Commix as well its extra functionalities that greatly facilitate penetration testers and security researchers in the detection and exploitation of command injection vulnerabilities. Moreover, based on the knowledge and the practical experience gained from the development of Commix, we propose and analyze new identified techniques that perform side-channel exploitation for command injections allowing an attacker to indirectly deduce the output of the executed command (i.e., also known as blind command injections). Furthermore, we evaluate the detection capabilities of Commix, by performing experiments against various applications. The experimental results show that Commix presents high detection accuracy, while at the same time false positives are eliminated. Finally and more importantly, we analyze several 0-day command injection vulnerabilities that Commix detected in real-world applications. Despite its short release time, Commix has been embraced by the security community and comes preinstalled in many security-oriented operating systems including the well-known Kali Linux.

关键词： Command injection code injection Exploitation Software tool Web security

来源：评论

学校读者我要写书评

暂无评论

On Architectural Support for Instruction Set Randomization

引用

ACM TRANSACTIONS ON ARCHITECTURE AND code OPTIMIZATION 2020年第4期17卷 1–26页

作者： Christou, George Vasiliadis, Giorgos Papaefstathiou, Vassilis Papadogiannakis, Antonis Ioannidis, Sotiris Fdn Res & Technol Hellas FORTH ICS Iraklion Greece Tech Univ Crete TUC ECE Khania Greece

Instruction Set Randomization (ISR) is able to protect against remote code injection attacks by randomizing the instruction set of each process. Thereby, even if an attacker succeeds to inject code, it will fail to execute on the randomized processor. The majority of existing ISR implementations is based on emulators and binary instrumentation tools that unfortunately: (i) incur significant runtime performance overheads, (ii) limit the ease of deployment, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts that bypass the ISR protection itself. To address these issues, we present the design and implementation of ASIST, an architecture with both hardware and operating system support for ISR. ASIST uses our extended SPARC processor that is mapped onto a FPGA board and runs our modified Linux kernel to support the new features. In particular, before executing a new user-level process, the operating system loads its randomization key into a newly defined register, and the modified processor decodes the process's instructions with this key. Besides that, ASIST uses a separate randomization key for the operating system to protect the base system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges. Our evaluation shows that ASIST can transparently protect both user-land applications and the operating system kernel from code injection and code reuse attacks. with about 1.5% runtime overhead when using simple encryption schemes, such as XOR and Transposition;more secure ciphers, such as AES, even though they are much more complicated for mapping them to hardware, they are still within acceptable margins,with approximately 10% runtime overhead, when efficiently leveraging the spatial locality of code through modern instruction cache configurations.

关键词： code injection instruction set randomization hardware assisted security

来源：评论

学校读者我要写书评

暂无评论

Exfiltrating data from Android devices

引用

COMPUTERS & SECURITY 2015年 48卷 74-91页

作者： Do, Quang Martini, Ben Choo, Kim-Kwang Raymond Univ S Australia Informat Assurance Res Grp Adelaide SA 5001 Australia

Modern mobile devices have security capabilities built into the native operating system, which are generally designed to ensure the security of personal or corporate data stored on the device, both at rest and in transit. In recent times, there has been interest from researchers and governments in securing as well as exfiltrating data stored on such devices (e.g. the high profile PRISM program involving the US Government). In this paper, we propose an adversary model for Android covert data exfiltration, and demonstrate how it can be used to construct a mobile data exfiltration technique (MDET) to covertly exfiltrate data from Android devices. Two proof-of-concepts were implemented to demonstrate the feasibility of exfiltrating data via SMS and inaudible audio transmission using standard mobile devices. (C) 2014 Elsevier Ltd. All rights reserved.

关键词： Android code injection Covert exfiltration Data exfiltration Inaudible transmission Mobile adversary model Reverse engineering SMALI SMS transmission

来源：评论

学校读者我要写书评

暂无评论

Safe Inspection of Live Virtual Machines 17

Safe Inspection of Live Virtual Machines

引用

13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE)

作者： Suneja, Sahil Koller, Ricardo Isci, Canturk de lara, Eyal Hashemi, Ali Bhattacharyya, Arnamoy Amza, Cristiana IBM TJ Watson Res Yorktown Hts NY 10598 USA Univ Toronto Toronto ON Canada

ISBN: (纸本)9781450349482

With DevOps automation and an everything-as-code approach to lifecycle management for cloud-native applications, challenges emerge from an operational visibility and control perspective. Once a VM is deployed in production it typically becomes a hands-off entity in terms of restrictions towards inspecting or tuning it, for the fear of negatively impacting its operation. We present CIVIC (Cloning and injection based VM Inspection for Cloud), a new mechanism that enables safe inspection of unmodified production VMs on-the-fly. CIVIC restricts all impact and side-effects of inspection or analysis operations inside a live clone of the production VM. New functionality over the replicated VM state is introduced using code injection. In this paper, we describe the design and implementation of our solution over KVM/QEMU. We demonstrate four of its use-cases-i) safe reuse of system monitoring agents, (ii) impact-heavy problem diagnostics and troubleshooting, (iii) attaching an intrusive anomaly detector to a live service, and (iv) live tuning of a webserver's configuration parameters. Our evaluation shows CIVIC is nimble and lightweight in terms of memory footprint as well as clone activation time (6.5 s), and has a low impact on the original VM (< 10 %).

关键词： Virtualization Virtual Machine Cloud Data Center DevOps Monitoring Inspection Sandboxing Live Cloning code injection

来源：评论

学校读者我要写书评

暂无评论

Host-Oriented Approach to Cyber Security for the SCADA Systems 6

Host-Oriented Approach to Cyber Security for the SCADA Syste...

引用

6th IEEE International Congress on Information Science and Technology (IEEE CiSt)

作者： Lee, Jae-Myeong Hong, Sugwon Myongji Univ Dept Comp Engn Yongin South Korea

ISBN: (纸本)9781728166469

Recent cyberattacks targeting Supervisory Control and Data Acquisition (SCADA)/Industrial Control System(ICS) exploit weaknesses of host system software environment and take over the control of host processes in the host of the station network. We analyze the attack path of these attacks, which features how the attack hijacks the host in the network and compromises the operations of field device controllers. The paper proposes a host-based protection method, which can prevent malware penetration into the process memory by code injection attacks. The method consists of two protection schemes. One is to prevent file-based code injection such as DLL injection. The other is to prevent fileless code injection. The method traces changes in memory regions and determine whether the newly allocated memory is written with malicious codes. For this method, we show how a machine learning method can be adopted.

关键词： SCADA/ICS cyber security code injection DLL injection fileless malware

来源：评论

学校读者我要写书评

暂无评论

Prison: Tracking Process Interactions to Contain Malware 17

Prison: Tracking Process Interactions to Contain Malware

引用

2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC)

作者： Caillat, Benjamin Gilbert, Bob Kemmerer, Richard Kruegel, Christopher Vigna, Giovanni Univ Calif Santa Barbara Santa Barbara CA 93106 USA Lastline Inc Redwood City CA 94065 USA

ISBN: (纸本)9781479989379

Modern operating systems provide a number of different mechanisms that allow processes to interact. These interactions can generally be divided into two classes: interprocess communication techniques, which a process supports to provide services to its clients, and injection methods, which allow a process to inject code or data directly into another process' address space. Operating systems support these mechanisms to enable better performance and to provide simple and elegant software development APIs that promote cooperation between processes. Unfortunately, process interaction channels introduce problems at the end-host that are related to malware containment and the attribution of malicious actions. In particular, host-based security systems rely on process isolation to detect and contain malware. However, interaction mechanisms allow malware to manipulate a trusted process to carry out malicious actions on its behalf. In this case, existing security products will typically either ignore the actions or mistakenly attribute them to the trusted process. For example, a host-based security tool might be configured to deny untrusted processes from accessing the network, but malware could circumvent this policy by abusing a (trusted) web browser to get access to the Internet. In short, an effective host-based security solution must monitor and take into account interactions between processes. In this paper, we present PRISON, a system that tracks process interactions and prevents malware from leveraging benign programs to fulfill its malicious intent. To this end, an operating system kernel extension monitors the various system services that enable processes to interact, and the system analyzes the calls to determine whether or not the interaction should be allowed. PRISON can be deployed as an online system for tracking and containing malicious process interactions to effectively mitigate the threat of malware. The system can also be used as a dynamic analysis tool t

关键词： Internet application program interfaces invasive software online front-ends operating system kernels software engineering system monitoring Prison Web browser code injection dynamic analysis tool host-based security solution host-based security systems injection method interprocess communication technique malicious action attribution malware containment operating system kernel extension process address space process interaction tracking process isolation software development API trusted process Browsers Kernel Malware Monitoring inter-process communication prison windows

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：