Existing memory attacks against SGX use the enclave interface, such as ECALLs and OCALLs, to inject malicious data into the enclave’s trusted memory to trigger memory corruption vulnerabilities therein. Therefore, en...
Existing memory attacks against SGX use the enclave interface, such as ECALLs and OCALLs, to inject malicious data into the enclave’s trusted memory to trigger memory corruption vulnerabilities therein. Therefore, enclave interface security becomes a key issue in defending against such attacks. However, a comprehensive static analysis of source SGX programs is currently lacking to obtain sufficient a priori knowledge to provide effective runtime interface protection for the enclave. In view of this, we identify 8 types of unsafe input data of enclave and design a new interface cropping method, SGXCrop. This method extracts critical interface information from source SGX programs, including ECALLs in use and unsafe input data, which are cropped at runtime of SGX programs. Tests in real SGX environment verify that the proposed method can effectively crop illegal ECALLs and unsafe input data.
Recently, American National Institute of Standards and Technology (NIST) announced Kyber as the first KEM candidate to be standardized. The security of Kyber is based on the modular learning with errors (MLWE) problem...
Recently, American National Institute of Standards and Technology (NIST) announced Kyber as the first KEM candidate to be standardized. The security of Kyber is based on the modular learning with errors (MLWE) problem, which achieves excellent efficiency and size. This work proposes an improved key mismatch on Kyber, which can reduce the number of queries required to recover the secret key. We first transform the problem of finding a certain parameter of ciphertexts into a quantum ordered search problem. Then we give the procedure of finding the value of a parameter in the ciphertexts by the quantum method. Finally, we instantiate this attack method on Kyber512, Kyber768 and Kyber1024. Compared with the existing attack algorithm, our improved attack reduces the number of queries for Kyber512, Kyber768 and Kyber1024 by 63%, 59% and 45%, respectively.
At present, the network security of embedded devices has received more and more attention. However, the existing dynamic analysis tools can’t performance in embedded devices as common softwares. The main reason is th...
At present, the network security of embedded devices has received more and more attention. However, the existing dynamic analysis tools can’t performance in embedded devices as common softwares. The main reason is that the internal state information of the embedded device can not be directly obtained, and the debugging interface usually shields the device after the manufacturer produces it. Thus, this paper introduces rehosting techniques for embedded systems and the differences between each way. Then we talk about the Deficiencies and future works in emulate execution.
The difference between real devices and virtual environments causes a low success rate of application-layer program emulation when the firmware is operating in full-system emulation during the dynamic analysis of the ...
The difference between real devices and virtual environments causes a low success rate of application-layer program emulation when the firmware is operating in full-system emulation during the dynamic analysis of the firmware of embedded devices. In this paper, we propose ALEmu, an emulation framework for application-layer programs, which can effectively improve the emulation success rate of application-layer programs in embedded device firmware through automatic preprocessing of target programs, building configuration libraries, and hooking external program calls. When we test ALEmu on a variety of real-world devices, including routers and IP cameras, we find that it performs more successfully and accurately than the current state-of-the-art full-system emulation frameworks like Firmadyne and FirmAE.
Directed greybox fuzzing directs fuzzers to specified code areas and has gained great achievements in 1-day vulnerability detection. However, existing directed graybox fuzzers fail to generate the crash sample even if...
Directed greybox fuzzing directs fuzzers to specified code areas and has gained great achievements in 1-day vulnerability detection. However, existing directed graybox fuzzers fail to generate the crash sample even if they found a testcase reaching the target site. There are mainly two questions that affect the effectiveness of directed greybox fuzzing: basic block-level target is coarse enough for 1-day vulnerability detection and the fuzzers follow a specific rule to select operators regardless of the vulnerability itself. This paper points out that only a few vulnerability-related variables are related to the vulnerability triggering. Based on the vulnerability-related variables, this paper proposes critical variable guided mutation, a mutation scheduling method to enhance the crash reproduction capability of directed greybox fuzzing. We implemented a prototype MDGF based on the critical variable guided mutation and evaluate it on real world programs. Evaluation of MDGF on various real-world programs showed that MDGF found vulnerabilities faster than the mainstream directed greybox fuzzers. The experimental results showed that the speed of MDGF is 6.18 times faster than that of AFLGo and 1.40 times faster than Beacon, and MDGF can find 1.71x more bugs than AFLGo.
Software vulnerability detection is crucial for maintaining the security and stability of software systems. In this paper, we propose a novel neural network model called TS-GGNN to address the problem of vulnerability...
Software vulnerability detection is crucial for maintaining the security and stability of software systems. In this paper, we propose a novel neural network model called TS-GGNN to address the problem of vulnerability detection in source code slices. The TS-GGNN model effectively captures both local and global features of vulnerable code by fusing sequence features with graph features. To achieve this, we utilize graph structure and sequence structure learning approaches to comprehensively extract valuable information from the source code slices. Our experiments are conducted on the SARD dataset, which consists of 61,638 code samples annotated for the presence or absence of vulnerabilities. The results demonstrate that TS-GGNN has the best vulnerability detection performance, with an accuracy of 99.4%, a precision of 98.81%, and an F1 score as high as 99.4% thereby validating the effectiveness of the TS-GGNN model in capturing features relevant to software vulnerabilities.
Device simulation is an important method of embedded device security analysis, due to the extensive and heterogeneous nature of the current peripherals, the existing simulation technology for peripheral simulation is ...
详细信息
Device simulation is an important method of embedded device security analysis, due to the extensive and heterogeneous nature of the current peripherals, the existing simulation technology for peripheral simulation is mostly fuzzy, to find the input and output that meet the firmware requirements as the main goal. In order to construct a template based on IO interface identification to extend the peripheral simulation scheme, this paper identifies the IO interface without firmware source code based on the characteristics of the IO configuration process in MCU firmware. Through experimental comparison, this method has a certain effect in MCU firmware interface recognition.
Targeted at the situation of rampant attack on UEFI Platform Firmware, this paper systematically analyzes the Security mechanisms of UEFI platform firmware. Then the vulnerability factors of UEFI firmware are describe...
详细信息
Knowledge graph representation learning provides a lot of help for subsequent tasks such as knowledge graph completion, information retrieval, and intelligent question answering. By representing the knowledge graph as...
详细信息
As the existing malware intelligent detection methods have shortcomings and low accuracy of manual feature extraction and feature processing, a Malware Detection Framework with Attention mechanism based on Bi-directio...
详细信息
暂无评论