My UW
|
UW Search
Computer Science Home Page
|
 |
|
Computer Security and Cryptography Reading Group
July 2005 List
Thursday, July 7, 2005
1 PM - 2 PM
7331 CS
|
K. G. Anagnostakis
K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytis
University of Pennsylvania / Columbia University / Institute of Computer Science - FORTH / Columbia University
Detecting Targeted Attacks Using Shadow Honeypots
USENIX'05
URL: http://www.cis.upenn.edu/~anagnost/papers/sec05-replay.pdf
We present Shadow Honeypots, a novel hybrid
architecture that combines the best features of
honeypots and anomaly detection. At a high level, we
use a variety of anomaly detectors to monitor all
traffic to a protected network/ service. Traffic
that is considered anomalous is processed by a
"shadow honeypot" to determine the accuracy of the
anomaly prediction. The shadow is an instance of the
protected software that shares all internal state
with a regular ("production") instance of the
application, and is instrumented to detect potential
attacks. Attacks against the shadow are caught, and
any incurred state changes are discarded. Legitimate
traffic that was misclassified will be validated by
the shadow and will be handled correctly by the
system transparently to the end user. The outcome of
processing a request by the shadow is used to filter
future attack instances and could be used to update
the anomaly detector.
Our architecture allows system designers to
fine-tune systems for performance, since false
positives will be filtered by the shadow. Contrary
to regular honeypots, our architecture can be used
both for server and client applications. We
demonstrate the feasibility of our approach in a
proof-of-concept implementation of the Shadow
Honeypot architecture for the Apache web server and
the Mozilla Firefox browser. We show that despite a
considerable overhead in the instrumentation of the
shadow honeypot (up to 20% for Apache), the overall
impact on the system is diminished by the ability to
minimize the rate of false-positives.
|
Thursday, July 14, 2005
1 PM - 2 PM
7331 CS
|
C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, J. H. Hartman
University of Arizona
Protecting Against Unexpected System Calls
USENIX Security'05
This paper proposes a comprehensive set of
techniques which limit the scope of remote code
injection attacks. These techniques prevent any
injected code from making system calls and thus
restrict the capabilities of an attacker. In
defending against the traditional ways of harming a
system these techniques significantly raise the bar
for compromising the host system forcing the attack
code to take extraordinary steps that may be
impractical in the context of a remote code
injection attack. There are two main aspects to our
approach. The first is to embed semantic information
into executables identifying the locations of
legitimate system call instructions; system calls
from other locations are treated as intrusions. The
modifications we propose are transparent to user
level processes that do not wish to use them (so
that, for example, it is still possible to run
unmodified third-party software), and add more
security at minimal cost for those binaries that
have the special information present. The second is
to back this up using a variety of techniques,
including a novel approach to encoding system call
traps into the OS kernel, in order to deter mimicry
attacks. Experiments indicate that our approach is
effective against a wide variety of code injection
attacks.
|
Thursday, July 21, 2005
1 PM - 2 PM
7331 CS
|
J. Xu
P. Gauriar
R. K. Iyer
S. Chen, J. Xu, E. C. Sezer, P. Gauriar, R. K. Iyer
UIUC / NCSU
Non-Control-Data Attacks Are Realistic Threats
USENIX Security'05
URL: http://www.csc.ncsu.edu/faculty/junxu/Papers/usenix05data_attack.pdf
Most memory corruption attacks and Internet worms
follow a familiar pattern known as the control-data
attack. Hence, many defensive techniques are
designed to protect program control flow
integrity. Although earlier work did suggest the
existence of attacks that do not alter control flow,
such attacks are generally believed to be rare
against real-world software. The key contribution of
this paper is to show that non-control-data attacks
are realistic. We demonstrate that many real-world
applications, including FTP, SSH, Telnet, and HTTP
servers, are vulnerable to such attacks. In each
case, the generated attack results in a security
compromise equivalent to that due to the
control-data attack exploiting the same security
bug. Non-control-data attacks corrupt a variety of
application data including user identity data,
configuration data, user input data, and
decision-making data. The success of these attacks
and the variety of applications and target data
suggest that potential attack patterns are
diverse. Attackers are currently focused on
control-data attacks, but it is clear that when
control flow protection techniques shut them down,
they have incentives to study and employ
non-control-data attacks. This paper emphasizes the
importance of future research efforts to address
this realistic threat.
|
Thursday, July 28, 2005
1 PM - 2 PM
7331 CS
|
C. Karlof
N. Sastry
D. Wagner
C. Karlof, N. Sastry, D. Wagner
Berkeley
Cryptographic Voting Protocols: A Systems Perspective
USENIX Security'05
URL: http://www.cs.berkeley.edu/~nks/papers/cryptovoting-usenix05.pdf
Cryptographic voting protocols offer the promise of
verifiable voting without needing to trust the
integrity of any software in the system. However,
these cryptographic protocols are only one part of a
larger system composed of voting machines, software
implementations, and election procedures, and we
must analyze their security by considering the
system in its entirety. In this paper, we analyze
the security properties of two different
cryptographic protocols, one proposed by Andrew Neff
and another by David Chaum. We discovered several
potential weaknesses in these voting protocols which
only became apparent when considered in the context
of an entire voting system. These weaknesses
include: subliminal channels in the encrypted
ballots, problems resulting from human unreliability
in cryptographic protocols, and denial of
service. These attacks could compromise election
integrity, erode voter privacy, and enable vote
coercion. Whether our attacks succeed or not will
depend on how these ambiguities are resolved in a
full implementation of a voting system, but we
expect that a well designed implementation and
deployment may be able to mitigate or even eliminate
the impact of these weaknesses. However, these
protocols must be analyzed in the context of a
complete specification of the system and surrounding
procedures before they are deployed in any
large-scale public election.
|
< Back to the Sec & Crypto reading group page
Created and maintained by Mihai Christodorescu ( http://www.cs.wisc.edu/~mihai)
Created: Fri Feb 04 16:32:13 2005
Last modified: Tue Aug 02 11:43:07 Central Daylight Time 2005
|
|
|
 |