1,721,334 research outputs found
Faulty Point Unit: ABI Poisoning Attacks on Intel SGX
Full text linksponsorship: Engineering and PhysicalSciences Research Council (EPSRC)|EP/R012598/1,EP/S030867/1, European Union’s Horizon 2020 researchand innovation programme|779391, Research Fund KU Leuven, Research Foundation – Flanders (FWO)status: Publishe
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Een veiligheidsanalyse van de WPA-TKIP en TLS beveiligingsprotocollen
No full textThis dissertation analyzes the security of popular network protocols. First we investigate the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and then we study the security of the RC4 stream cipher in both WPA-TKIP and the Transport Layer Security (TLS) protocol. We focus on these protocols because of their popularity. In particular, around November 2012, WPA-TKIP was used by two-thirds of encrypted Wi-Fi networks, and it is currently still used by more than half of all encrypted networks. Similarly, around 2013, RC4 was used in half of all TLS connections. Finally, with as goal to implement reliable proof-of-concepts for some of our attacks against WPA-TKIP, we also study physical layer security aspects of Wi-Fi.
In the first part of this dissertation we focus on WPA-TKIP when used to protect unicast Wi-Fi traffic. Here we demonstrate how fragmentation of Wi-Fi frames can be used to inject an arbitrary number of packets, and we show how this attack can be applied in practice by performing a portscan on any client connected to the network. Then we propose a technique to decrypt arbitrary packets sent towards a client. Our technique first resets the internal state of the Michael algorithm, and abuses this to make victims forward packets to a server under control of the adversary, effectively decrypting the packets. We also present a novel Denial of Service (DoS) attack that requires the injection of only two frames every minute. Additionally, we discover that several network cards use flawed and insecure implementations of WPA-TKIP.
In the second part of the dissertation, our goal is to attack WPA-TKIP when used to protect broadcast and multicast traffic, i.e., group traffic. This is important since, even in 2016, more than half of all encrypted Wi-Fi networks still protect group traffic using WPA-TKIP. To carry out our attack in a general setting, we must be able to reliably block certain packets from arriving at their destination, preferably using cheap commodity Wi-Fi devices. Hence we first study low-layer aspects of the Wi-Fi protocol. Surprisingly, we found that commodity devices allow us to violate several assumptions made by the Wi-Fi protocol. We show this enables us to implement a constant and selective jammer using commodity Wi-Fi devices. Although the selective jammer can block a large percentage of packets from arriving at their destination, we found that an even more effective method is to block packets by obtaining a channel-based man-in-the-middle (MitM) position. In such a position, packets are blocked by not forwarding them. Finally, we demonstrate that our MitM position allows us to attack WPA-TKIP, when used as a group cipher, within only 7 minutes.
In the last part of the dissertation we attack RC4 in both WPA-TKIP and TLS. First we search for new biases in the RC4 keystream, in hope they might be useful to improve our attacks. We empirically search for them using statistical hypothesis tests. This reveals many new biases in the initial keystream bytes, as well as several new long-term biases. Then we design algorithms that are capable of using multiple types of biases, in order to recover a repeatedly encrypted secret. These algorithms return a list of plaintext candidates in decreasing likelihood, and are applied to attack WPA-TKIP and TLS. For the WPA-TKIP scenario we first introduce a method to generate a large number of identical packets. We decrypt this packet by generating its plaintext candidate list, and use redundant packet structure to prune bad candidates. From the decrypted packet we derive the WPA-TKIP MIC key, which can be used to inject and decrypt packets. In practice the attack can be executed within an hour. In the attack against TLS, we show how to decrypt a secure HTTP cookie with a high success rate, by capturing roughly one billion ciphertexts. This is done by injecting known data around the cookie, abusing this using Mantin's ABSAB bias, and brute-forcing the cookie by traversing the plaintext candidates. Using our traffic generation technique, we are able to execute the attack, and decrypt the cookie, within merely 75 hours.status: Publishe
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Microarchitecturale zijkanaalaanvallen voor geprivilegieerde software-tegenstanders
No full textRecent developments on hardware-based trusted execution environments, such as the Software Guard Extensions (SGX) included in recent Intel x86 processors, hold the promise of securely outsourcing sensitive computations to untrusted remote platforms. The compelling aspect of these architectures is that they aim to protect small software components, called enclaves, even against a very powerful type of root adversaries that have full control over the operating system on the target device. This thesis shows, however, that the protection offered by today's trusted execution environments is not sufficiently understood and should be nuanced in terms of microarchitectural attack surface.
In the first part of this dissertation, we develop several innovative side-channel attack techniques that allow a privileged software adversary to reliably derive metadata from an enclaved execution. These results show that traditionally privileged x86 processor interfaces, such as page tables and interrupts, can be abused in new and unexpected ways to construct highly accurate side-channel oracles that reveal code and data access patterns performed by a victim enclave. In several practical attack scenarios, we furthermore demonstrate that these metadata access patterns can lead to full disclosure of application-level secrets.
In the second part, we move from metadata exposure to direct data extraction in a critical new line of transient-execution attacks. These results show that current out-of-order processors fail to safeguard enclave secrets against subtle microarchitectural leakage coming from instructions that were tentatively executed before a CPU exception is raised. Building upon these insights, we demonstrate several innovative attacks that led to a full collapse of the Intel SGX ecosystem and required extensive hardware and software updates.
We conclude this dissertation with a systematization of the last five years of SGX attacks, and we outline several promising defense avenues for next-generation hardened trusted execution architectures.status: Publishe
Alphanumeric RISC ARM shellcode
No full textWith the sudden explosion of mobile devices, the ARM processor has become one of the most widespread CPU cores in the world. ARM processors offer a good trade-off between power usage and processing power, which makes it an excellent candidate for mobile and embedded devices. Most mobile phones and personal digital assistants feature an ARM processor.
Only recently, however, these devices have become powerful enough to let users connect over the internet to various services, and to share information like we are used to on desktop PCs. Unfortunately, this introduces a number of security risks.
Like PCs, native ARM applications are susceptible to attacks such as buffer overflows and other improper input validation abuse. Since up till recently only fully featured desktop computers were powerful enough to connect to the internet and disseminate information in a ubiquitous manner, most attacks have focussed on the dominant desktop processor, which is the x86 processor.
Given the increased connectivity of ARM-based devices, and given the potential for misuse of these devices (for instance, by making a hacked phone call commercial numbers), attacks on these devices will become much more common than is now the case.
A typical hurdle for exploit writers, is that the shellcode has to pass one or more filtering methods before reaching the vulnerable buffer. A filtering method is a method that does some simple input validation, for instance by stringently checking that input matches a particular predefined pattern. A popular regular expression for example is [a-zA-Z0-9] (possibly extended with "space"). Intrusion detection systems are also adding more checks to detect particular patterns of op codes to detect attacks against applications.
For educational purposes, we describe in this article how to write alphanumeric shellcode for ARM. This is important, because alphanumeric strings typically pass more of these validation checks and tend to survive more data transformations (such as conversions from one encoding to another) than non-alphanumeric shellcode. Writing alphanumeric shellcode was not considered easily doable on RISC architectures, which use 4 byte instructions.status: Publishe
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
Beveiligingstechnologiën voor webapplicaties in JavaScript
No full textBuilding secure web applications is notoriously difficult. The growing importance of JavaScript as a mainstream programming language for web applications, has led to the situation where it is heavily used, both on the client-side in the web browser as on the server-side in JavaScript application server frameworks.
The language allows to easily make programming mistakes and introduce security bugs. In addition, JavaScript web programming relies on a programming model where the application developer can, and often has to, automatically include many pieces of code from external parties. This toxic combination leads to a situation today where security issues are commonly being abused.
Although there are a plethora of ad hoc security solutions for the web browser, client-side attacks are still very common. On the server-side, the situation is even worse, because the available security technologies for JavaScript application frameworks are almost non-existent.
This thesis focuses on the design and implementation of robust client- and server-side security technologies for JavaScript web applications. In this work, we first present a web browser that is capable of enforcing secure information flows on client-side JavaScript applications. This browser can mitigate security and privacy threats by enforcing client-side specified policies. An experimental evaluation provides evidence for compatibility of our browser with sites that make intricate use of JavaScript. We also show that our browser can support powerful, yet compatible policies refining existing security technologies in browsers in a way that is compatible with existing web sites. Second, we present a security technology for server-side JavaScript web applications. This technology supports an easy deployment of web-hardening techniques and custom, fine-grained restrictions on the functionality of third-party libraries and their dependencies, by enforcing the principle of least-privilege. Our performance analysis shows a limited overhead. We analyzed and developed custom policies for a list of reported vulnerabilities to measure the effectiveness of our security technology.status: Publishe
Beveiliging van de interactie van softwaremodules over beveiligingsgrenzen heen
No full textIn the current software development culture, software modules from different parties need to work together in a single application. While this culture allows for reuse of components, using third-party software modules adds security risks. A single malicious or buggy module can compromise the whole system, and thus compromise the security of all other modules.
In this thesis we investigate how we can better secure the interactions between different software modules. We study this problem in two settings. The first is that of C software modules compiled to Intel x86-64 assembly. The second setting considers Node.js web applications, comprised of different modules written in JavaScript.
In low-level applications, hardware technology such as Intel SGX can protect software modules from an untrusted context by isolating them in an enclave. This introduces new possibilities in the software trust model. It is however not trivial to securely integrate a software module protected with Intel SGX into an untrusted application. Such a software module should be able to detect and prevent an attacker from providing malicious input to the enclave.
In Node.js web applications, different JavaScript modules can be composed together to provide the functionality needed. If a single JavaScript module contains a bug or tries to interact with another module in a malicious way, the application should be able to detect this and prevent or modify the interaction.
The solution in both cases is to protect the border between security domains with extra checks. In this thesis we propose, implement and evaluate the automatic generation of border checks for Intel SGX enclaves by using separation logic specifications. We further investigate how to create provably safe enclaves, by formalizing the interactions between the enclave and its untrusted context.
In the web application domain, we evaluate and extend the NodeSentry security architecture, which uses the membrane pattern to isolate two object graphs, and can hence isolate a JavaScript module from its context. By applying the NodeSentry architecture to several use cases in the Tearless project, we can properly evaluate if NodeSentry is also applicable in the context of larger applications. We discuss a few issues in the current implementation that prevent the current implementation from staying compatible with future versions of the ECMAScript standard without large modifications.status: Publishe
- …
