We introduce a general framework to automate the application of countermeasures against Differential Power Attacks aimed at software implementations of cryptographic primitives. The approach enables the generation of ...
详细信息
ISBN:
(纸本)9781450311991
We introduce a general framework to automate the application of countermeasures against Differential Power Attacks aimed at software implementations of cryptographic primitives. The approach enables the generation of multiple versions of the code, to prevent an attacker from recognizing the exact point in time where the observed operation is executed and how such operation is performed. The strategy increases the effort needed to retrieve the secret key through hindering the formulation of a correct hypothetical consumption to be correlated with the power measurements. The experimental evaluation shows how a DPA attack against OpenSSL AES implementation on an industrial grade ARM-based SoC is hindered with limited performance overhead.
Current antivirus software still focuses on using signature based algorithms on file content level to detect malware. Unfortunately, there is a simple way to circumvent this detection method: The malware author applie...
详细信息
ISBN:
(纸本)9781457709029
Current antivirus software still focuses on using signature based algorithms on file content level to detect malware. Unfortunately, there is a simple way to circumvent this detection method: The malware author applies a code transformation algorithm (e.g. a packing or encryption scheme) to his malware plaintext and saves the reverse transformation algorithm along with the unsuspicious looking block of transformed malware. Malware, which is obfuscated in that way, is called polymorphic malware. We call the transformation of the plaintext to the transformed malware as encoding and the reverse operation as decoding. Although current malware detection systems adopted and implemented several techniques to counter this, these methods are mostly either unreliable or suffer heavy performance drawbacks. We present a non-intrusive and lightweight method to monitor any executable code in real-time, which allows efficient detection of polymorphic malware.
Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities that affect a large number of hosts. Because of the speed at which worms spread to large computer population...
详细信息
ISBN:
(纸本)3540317783
Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities that affect a large number of hosts. Because of the speed at which worms spread to large computer populations, countermeasures based on human reaction time are not feasible. Therefore, recent research has focused on devising new techniques to detect and contain network worms without the need of human supervision. In particular, a number of approaches have been proposed to automatically derive signatures to detect network worms by analyzing a number of worm-related network streams. Most of these techniques, however, assume that the worm code does not change during the infection process. Unfortunately, worms can be polymorphic. That is, they can mutate as they spread across the network. To detect these types of worms, it is necessary to devise new techniques that are able to identify similarities between different mutations of a worm. This paper presents a novel technique based on the structural analysis of binary code that allows one to identify structural similarities between different worm mutations. The approach is based on the analysis of a worm's control flow graph and introduces an original graph coloring technique that supports a more precise characterization of the worm's structure. The technique has been used as a basis to implement a worm detection system that is resilient to many of the mechanisms used to evade approaches based on instruction sequences only.
暂无评论