USENIX paper 整理

USENIX Security ‘19 Technical Sessions

USENIX Security ‘19 Full Proceedings (PDF, 210.5 MB)



Keynote Address

Tackling the Trust and Safety Crisis


Alex Stamos, Adjunct Professor, Stanford University; William J. Perry Fellow, Center for International Security and Cooperation; Fellow, Hoover Institution

Around the turn of the century, the technology industry faced a pretty basic problem: we had no idea how to write secure software. Every year brought the invention of completely new classes of software flaw, there was little training available in industry or the academy, and security was considered something you added with a firewall and antivirus.

Twenty years have past and, while things are far from perfect, we at least have a great deal more understanding of how to address core information security risks in complex software projects. The tech industry is now facing a whole set of new issues, ones involving our inability to build products that are safe, trustworthy, and respectful of user privacy when deployed to billions globally. Unlike before, however, this is not just a computer science problem but one that crosses into the worlds of sociology, psychology, political science, and anthropology.

In this talk, the speaker will draw from his deep well of experience making serious mistakes in this area to lay out some of the basic challenges facing industry and academia while humbly suggesting some possible ways forward. This time, we don’t have decades to figure out how to do better.




Wireless Security

A Study of the Feasibility of Co-located App Attacks against BLE and a Large-Scale Analysis of the Current Application-Layer Security Landscape


Pallavi Sivakumaran and Jorge Blasco, Royal Holloway University of London

Bluetooth Low Energy (BLE) is a fast-growing wireless technology with a large number of potential use cases, particularly in the IoT domain. Increasingly, these use cases require the storage of sensitive user data or critical device controls on the BLE device, as well as the access of this data by an augmentative mobile application. Uncontrolled access to such data could violate user privacy, cause a device to malfunction, or even endanger lives. The BLE standard provides security mechanisms such as pairing and bonding to protect sensitive data such that only authenticated devices can access it. In this paper we show how unauthorized co-located Android applications can access pairing-protected BLE data, without the user’s knowledge. We discuss mitigation strategies in terms of the various stakeholders involved in this ecosystem, and argue that at present, the only possible option for securing BLE data is for BLE developers to implement remedial measures in the form of application-layer security between the BLE device and the Android application. We introduce BLECryptracer, a tool for identifying the presence of such application-layer security, and present the results of a large-scale static analysis over 18,900+ BLE-enabled Android applications. Our findings indicate that over 45% of these applications do not implement measures to protect BLE data, and that cryptography is sometimes applied incorrectly in those that do. This implies that a potentially large number of corresponding BLE peripheral devices are vulnerable to unauthorized data access.


Sivakumaran PDF View the slides


Jiahao Cao, Qi Li, and Renjie Xie, Tsinghua University; Kun Sun, George Mason University; Guofei Gu, Texas A&M University; Mingwei Xu and Yuan Yang, Tsinghua University

Software-Defined Networking (SDN) enables network innovations with a centralized controller controlling the whole network through the control channel. Because the control channel delivers all network control traffic, its security and reliability are of great importance. For the first time in the literature, we propose the CrossPath attack that disrupts the SDN control channel by exploiting the shared links in paths of control traffic and data traffic. In this attack, crafted data traffic can implicitly disrupt the forwarding of control traffic in the shared links. As the data traffic does not enter the control channel, the attack is stealthy and cannot be easily perceived by the controller. In order to identify the target paths containing the shared links to attack, we develop a novel technique called adversarial path reconnaissance. Both theoretic analysis and experimental results demonstrate its feasibility and efficiency of identifying the target paths. We systematically study the impacts of the attack on various network applications in a real SDN testbed. Experiments show the attack significantly degrades the performance of existing network applications and causes serious network anomalies, e.g., routing blackhole, flow table resetting and even network-wide DoS.

翻译软件定义网络(SDN)通过集中控制器以控制通道来控制整个网络,从而实现网络创新。由于控制通道可提供所有网络控制流量,因此其安全性 关重要。在文献中,我们首次提出了CrossPath攻击,该攻击通过利用控制流量和数据流量路径中的共享链接来破坏SDN控制通道。在这种攻击中,精心设计的数据流量会隐式破坏共享链接中控制流量的转发。由于数据流量没有进入控制通道,因此攻击是隐蔽的,且不容易被控制器察觉。为了确定包含共享攻击链接的目标路径,我们开发了一种称为对抗路径侦察的新技术。理论分析和实验结果均表明了其确定目标路径的可行性和效率。我们在真实的SDN测试平台中系统地研究了攻击对各种网络应用程序的影响。实验表明,这种攻击会大大降低现有网络应用程序的性能,并导致严重的网络异常,例如路由黑洞,流表重置甚至整个网络范围的DoS。

Cao Paper (Prepublication) PDF Cao PDF View the slides

为Eve和Mallory提供10亿个开放接口:通过 Apple Wireless Direct Link对iOS和macOS实施中间人,拒绝服务及跟踪攻击

Milan Stute, Technische Universität Darmstadt; Sashank Narain, Northeastern University; Alex Mariotto, Alexander Heinrich, and David Kreitschmann, Technische Universität Darmstadt; Guevara Noubir, Northeastern University; Matthias Hollick, Technische Universität Darmstadt

Apple Wireless Direct Link (AWDL) is a key protocol in Apple’s ecosystem used by over one billion iOS and macOS devices for device-to-device communications. AWDL is a proprietary extension of the IEEE 802.11 (Wi-Fi) standard and integrates with Bluetooth Low Energy (BLE) for providing services such as Apple AirDrop. We conduct the first security and privacy analysis of AWDL and its integration with BLE. We uncover several security and privacy vulnerabilities ranging from design flaws to implementation bugs leading to a man-in-the-middle (MitM) attack enabling stealthy modification of files transmitted via AirDrop, denial-of-service (DoS) attacks preventing communication, privacy leaks that enable user identification and long-term tracking undermining MAC address randomization, and DoS attacks enabling targeted or simultaneous crashing of all neighboring devices. The flaws span across AirDrop’s BLE discovery mechanism, AWDL synchronization, UI design, and Wi-Fi driver implementation. Our analysis is based on a combination of reverse engineering of protocols and code supported by analyzing patents. We provide proof-of-concept implementations and demonstrate that the attacks can be mounted using a low-cost ($20) micro:bit device and an off-the-shelf Wi-Fi card. We propose practical and effective countermeasures. While Apple was able to issue a fix for a DoS attack vulnerability after our responsible disclosure, the other security and privacy vulnerabilities require the redesign of some of their services.

翻译Apple Wireless Direct Link(AWDL)是苹果生态系统中的一项关键协议,超过十亿的iOS和macOS设备使用该协议进行设备到设备的通信。 AWDL是IEEE 802.11(Wi-Fi)标准的专有扩展,并与低功耗蓝牙(BLE)集成以提供Apple AirDrop等服务。我们对AWDL及其与BLE的集成进行了首次安全和隐私分析。我们发现了一些安全和隐私漏洞,从设计缺陷到实现错误,导致中间人(MitM)攻击,从而使得可以对通过AirDrop传输的文件进行秘密修改,而拒绝服务(DoS)攻击则会阻止通信,用户识别泄露隐私和长期跟踪的漏洞破坏了MAC地址随机化,而DoS攻击使所有相邻设备定向的或同时崩溃。缺陷跨越了AirDrop的BLE发现机制,AWDL同步,UI设计和Wi-Fi驱动执行。我们的分析是基于协议的逆向和通过分析专利支持的代码的结合。我们提供了概念验证的实现,并演示了可以使用低成本($ 20)micro:bit设备和现成的Wi-Fi卡进行攻击。我们提出切实可行的对策。尽管苹果可以在我们负责任的披露后发布针对DoS攻击漏洞的修复程序,但其他安全和隐私漏洞则需要重新设计其某些服务。

Stute Paper (Prepublication) PDF Stute PDF View the slides

Hiding in Plain Signal: Physical Signal Overshadowing Attack on LTE


Hojoon Yang, Sangwook Bae, Mincheol Son, Hongil Kim, Song Min Kim, and Yongdae Kim, KAIST

Long-Term Evolution (LTE) communication is based on an open medium; thus, a legitimate signal can potentially be counterfeited by a malicious signal. Although most LTE signaling messages are protected from modification using cryptographic primitives, broadcast messages in LTE have never been integrity protected. In this paper, for the first time, we present a signal injection attack that exploits the fundamental weaknesses of broadcast messages in LTE and modifies a transmitted signal over the air. This attack, which is referred to as signal overshadowing (named SigOver) has several advantages and differences when compared with existing attacks using a fake base station. For example, with a 3 dB power difference from a legitimate signal, the SigOver demonstrated a 98% success rate when compared with the 80% success rate of attacks achieved using a fake base station, even with a 35 dB power difference. Given that the SigOver is a novel primitive attack, it yields five new attack scenarios and implications. Finally, a discussion on two potential countermeasures leaves practical and robust defense mechanism as a future work.

翻译长期演进(LTE)通信基于开放媒体。因此,合法信号可能会被恶意信号伪造。尽管大多数LTE信号消息都受到保护,不能使用密码原语进行修改,但LTE中的广播消息从未受到过完整性保护。在本文中,我们首次提出了一种信号注入攻击,该攻击利用LTE中广播消息的基本弱点并修改空中传输的信号。与使用伪基站的现有攻击相比,这种攻击被称为信号遮盖(称为SigOver),具有多个优点和不同之处。例如,与合法信号相比,功率差为3 dB,即使使用35 dB的功率差,SigOver的成功率为98%,而使用伪基站的攻击成功率为80%。鉴于SigOver是一种新颖的简单攻击,它会产生五个新的攻击场景和含义。最后,对两种可能的防御策略进行了讨论,把强大的防御机制做为未来的工作。

Yang PDF

UWB-ED: Distance Enlargement Attack Detection in Ultra-Wideband


Mridula Singh, Patrick Leu, AbdelRahman Abdou, and Srdjan Capkun, ETH Zurich

Mobile autonomous systems, robots, and cyber-physical systems rely on accurate positioning information. To conduct distance-measurement, two devices exchange signals and, knowing these signals propagate at the speed of light, the time of arrival is used for distance estimations. Existing distance-measurement techniques are incapable of protecting against adversarial distance enlargement—a highly devastating tactic in which the adversary reissues a delayed version of the signals transmitted between devices, after distorting the authentic signal to prevent the receiver from identifying it. The adversary need not break crypto, nor compromise any upper-layer security protocols for mounting this attack. No known solution currently exists to protect against distance enlargement. We present \textit{Ultra-Wideband Enlargement Detection} (UWB-ED), a new modulation technique to detect distance enlargement attacks, and securely verify distances between two mutually trusted devices. We analyze UWB-ED under an adversary that injects signals to block/modify authentic signals. We show how UWB-ED is a good candidate for 802.15.4z Low Rate Pulse and the 5G standard.

翻译移动自主系统,机器人和网络物理系统依赖于准确的定位信息。为了进行距离测量,两个设备交换信号,并且知道这些信号以光速传播,因此将到达时间用于距离估计。现有的距离测量技术无法防止对抗距离的增大,这是一种极具破坏性的策略,在这种策略中,对手会在使真实信号失真之后重新发出设备之间传输的信号的延迟版本,以防止接收方对其进行识别。攻击者无需破坏加密货币,也无需破坏任何上层安全协议来发起这种攻击。当前不存在已知的解决方案以防止距离增大。我们介绍\ textit {超宽带放大检测}(UWB-ED),这是一种新的调制技术,可以检测距离扩大攻击,并安全地验证两个相互信任的设备之间的距离。我们在注入信号以阻止/修改真实信号的对手下分析UWB-ED。我们展示了UWB-ED如何成为802.15.4z低速率脉冲和5G标准的良好候选者。

Singh Paper (Prepublication) PDF Singh PDF

Protecting Users Everywhere

Computer Security and Privacy in the Interactions Between Victim Service Providers and Human Trafficking Survivors


Christine Chen, University of Washington; Nicola Dell, Cornell Tech; Franziska Roesner, University of Washington

A victim service provider, or VSP, is a crucial partner in a human trafficking survivor’s recovery. VSPs provide or connect survivors to services such as medical care, legal services, employment opportunities, etc. In this work, we study VSP-survivor interactions from a computer security and privacy perspective. Through 17 semi-structured interviews with staff members at VSPs and survivors of trafficking, we surface the role technology plays in VSP-survivor interactions as well as related computer security and privacy concerns and mitigations. Our results highlight various tensions that VSPs must balance, including building trust with their clients (often by giving them as much autonomy as possible) while attempting to guide their use of technology to mitigate risks around revictimization. We conclude with concrete recommendations for computer security and privacy technologists who wish to partner with VSPs to support and empower trafficking survivors.

翻译受害者服务提供商(VSP)是人口贩运幸存者康复中的关键合作伙伴。 VSP为幸存者提供服务或将其连接到医疗,法律服务,就业机会等服务。在这项工作中,我们从计算机安全性和隐私性角度研究VSP幸存者之间的互动。 通过对VSP和贩运幸存者的工作人员进行的17次半结构化访谈,我们了解了技术在VSP与幸存者互动以及相关的计算机安全性和隐私问题以及缓解措施中的作用。 我们的结果强调了VSP必须平衡的各种紧张局势,包括与客户建立信任(通常是通过给予他们尽可能多的自治权),同时试图指导他们使用技术来减轻重新获得补偿的风险。 最后,我们为希望与VSP合作以支持和增强贩运幸存者能力的计算机安全和隐私技术人员提供具体建议。

Chen Paper (Prepublication) PDF Chen PDF

Clinical Computer Security for Victims of Intimate Partner Violence


Sam Havron, Diana Freed, and Rahul Chatterjee, Cornell Tech; Damon McCoy, New York University; Nicola Dell and Thomas Ristenpart, Cornell Tech

Digital insecurity in the face of targeted, persistent attacks increasingly leaves victims in debilitating or even life-threatening situations. We propose an approach to helping victims, what we call clinical computer security, and explore it in the context of intimate partner violence (IPV). IPV is widespread and abusers exploit technology to track, harass, intimidate, and otherwise harm their victims. We report on the iterative design, refinement, and deployment of a consultation service that we created to help IPV victims obtain in-person security help from a trained technologist. To do so we created and tested a range of new technical and non-technical tools that systematize the discovery and investigation of the complicated, multimodal digital attacks seen in IPV. An initial field study with 44 IPV survivors showed how our procedures and tools help victims discover account compromise, exploitable misconfigurations, and potential spyware.

翻译面对有针对性的持续攻击所面临的数字不安全状况越来越多地使受害者处于使人衰弱甚至危及生命的境地。 我们提出一种帮助受害者的方法,即所谓的临床计算机安全,并在亲密伴侣暴力(IPV)的背景下进行探讨。 IPV广泛存在,滥用者利用技术来跟踪,骚扰,恐吓或以其他方式伤害受害者。 我们报告了我们为帮助IPV受害人从训练有素的技术人员那里获得现场安全帮助而创建的咨询服务的迭代设计,完善和部署。 为此,我们创建并测试了一系列新的技术和非技术工具,这些工具将对IPV中复杂的多模式数字攻击的发现和调查系统化。 最初对44名IPV幸存者进行了现场研究,结果表明我们的程序和工具如何帮助受害者发现帐户遭到破坏,可利用的错误配置以及潜在的间谍软件。

Havron PDF

Evaluating the Contextual Integrity of Privacy Regulation: Parents’ IoT Toy Privacy Norms Versus COPPA


Noah Apthorpe, Sarah Varghese, and Nick Feamster, Princeton University

Increased concern about data privacy has prompted new and updated data protection regulations worldwide. However, there has been no rigorous way to test whether the practices mandated by these regulations actually align with the privacy norms of affected populations. Here, we demonstrate that surveys based on the theory of contextual integrity provide a quantifiable and scalable method for measuring the conformity of specific regulatory provisions to privacy norms. We apply this method to the U.S. Children’s Online Privacy Protection Act (COPPA), surveying 195 parents and providing the first data that COPPA’s mandates generally align with parents’ privacy expectations for Internet-connected “smart” children’s toys. Nevertheless, variations in the acceptability of data collection across specific smart toys, information types, parent ages, and other conditions emphasize the importance of detailed contextual factors to privacy norms, which may not be adequately captured by COPPA.

翻译对数据隐私的日益关注促使世界各地出现了新的和更新的数据保护法规。 但是,没有严格的方法来测试这些法规所要求的实践是否确实符合受影响人群的隐私规范。 在这里,我们证明了基于上下文完整性理论的调查提供了一种可量化和可扩展的方法,用于测量特定法规条款对隐私规范的符合性。 我们将此方法应用于《美国儿童在线隐私保护法》(COPPA),调查了195个父母,并提供了COPPA的授权通常与父母对互联网连接的“智能”儿童玩具的隐私期望相一致的第一批数据。 然而,跨特定智能玩具,信息类型,父母年龄和其他条件的数据收集的可接受性差异,突显了详细的上下文因素对隐私规范的重要性,COPPA可能无法充分体现这一点。

Apthorpe Paper (Prepublication) PDF Apthorpe PDF

Secure Multi-User Content Sharing for Augmented Reality Applications


Kimberly Ruth, Tadayoshi Kohno, and Franziska Roesner, University of Washington

Augmented reality (AR), which overlays virtual content on top of the user’s perception of the real world, has now begun to enter the consumer market. Besides smartphone platforms, early-stage head-mounted displays such as the Microsoft HoloLens are under active development. Many compelling uses of these technologies are multi-user: e.g., in-person collaborative tools, multiplayer gaming, and telepresence. While prior work on AR security and privacy has studied potential risks from AR applications, new risks will also arise among multiple human users. In this work, we explore the challenges that arise in designing secure and private content sharing for multi-user AR. We analyze representative application case studies and systematize design goals for security and functionality that a multi-user AR platform should support. We design an AR content sharing control module that achieves these goals and build a prototype implementation (ShareAR) for the HoloLens. This work builds foundations for secure and private multi-user AR interactions.

翻译将虚拟内容叠加在用户对现实世界的感知之上的增强现实(AR)现在已经开始进入消费市场。除智能手机平台外,诸如Microsoft HoloLens的早期头戴式显示器也在积极开发中。这些技术有许多引人注目的用途是多用户:例如,面对面的协作工具,多人游戏和网真。尽管先前有关AR安全性和隐私的工作已经研究了AR应用程序带来的潜在风险,但多个人类用户之间也会出现新的风险。在这项工作中,我们探索了为多用户AR设计安全和私有内容共享时出现的挑战。我们分析了代表性的应用案例研究,并将多用户AR平台应支持的安全性和功能性设计目标系统化。我们设计了实现这些目标的AR内容共享控制模块,并为HoloLens构建了原型实现(ShareAR)。这项工作为安全和私有的多用户AR交互奠定了基础。

Ruth PDF View the slides

Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study


Eric Zeng and Franziska Roesner, University of Washington

Smart homes face unique security, privacy, and usability challenges because they are multi-user, multi-device systems that affect the physical environment of all inhabitants of the home. Current smart home technology is often not well designed for multiple users, sometimes lacking basic access control and other affordances for making the system intelligible and accessible for all users. While prior work has shed light on the problems and needs of smart home users, it is not obvious how to design and build solutions. Such questions have certainly not been answered for challenging adversarial situations (e.g., domestic abuse), but we observe that they have not even been answered for tensions in otherwise functional, non-adversarial households. In this work, we explore user behaviors, needs, and possible solutions to multi-user security and privacy issues in generally non-adversarial smart homes. Based on design principles grounded in prior work, we built a prototype smart home app that includes concrete features such as location-based access controls, supervisory access controls, and activity notifications, and we tested our prototype though a month-long in-home user study with seven households. From the results of the user study, we re-evaluate our initial design principles, we surface user feedback on security and privacy features, and we identify challenges and recommendations for smart home designers and researchers.


Zeng PDF

Invited Talks

Embracing the “Hack.” A Better Strategy for Team-Defense

拥抱“黑客”。 更好的团队防守策略

Haroon Meer, Founder of Thinkst Applied Research

This talk suggests that custom detection and response capabilities are a key component for enterprise defense. It posits that maybe, defense needs to take a step back and embrace “hackyness” to prevail.

Historically, offense has embraced “hacky solutions” while team-Defense has often shied away from them. We argue that this delta, on a fluid battlefield, gives attackers a distinct advantage and we suggest it is time for this to change.

Using the free Canarytokens service as a lens, we will step through several examples of these “hacks” and will explain how they (and the thinking behind them) can lead to safer enterprises and networks. We also hope to identify areas we believe are ripe for deeper technical dives and ongoing research efforts.

翻译该演讲表明,自定义检测和响应功能是企业防御的关键组成部分。 它认为,防御可能需要退后一步,接受“ hackyness”才能取得胜利。

从历史上看,进攻是采用“ hacky解决方案”,而防卫队经常躲避它们。 我们认为,在变化多端的战场上,这种变化为攻击者提供了明显的优势,我们建议现在是时候对此进行改变。

我们将以免费的Canarytokens服务作为一个镜头,逐步介绍这些“黑客”的几个例子,并说明它们(及其背后的思想)如何导致更安全的企业和网络。 我们还希望确定我们认为更深层次的技术探索和正在进行的研究工作已经成熟的领域。

Evaluating Mobile Messengers for Implementation Vulnerabilities


Natalie Silvanovich, Security Engineer, Google

Mobile Messaging applications are a valuable target for attackers because vulnerabilities in these applications have the potential to allow a mobile device to be compromised without any user interaction. This talk describes Project Zero’s work evaluating mobile messaging applications for security-impacting bugs. It will share techniques for finding vulnerabilities in mobile applications and give some examples of the bugs discovered using them. It will also explain how design and development decisions impacted the frequency and severity of these vulnerabilities. It will then discuss the importance of considering implementation in design, and how academic researchers can give more consideration to the implementation aspects of new technologies.

翻译移动消息传递应用程序是攻击者的重要目标,因为这些应用程序中的漏洞有可能允许在没有任何用户交互的情况下破坏移动设备。 这篇演讲描述了零号项目评估移动消息传递应用程序中是否有影响安全的bug的工作。 它将分享在移动应用程序中查找漏洞的技术,并提供一些使用它们发现的错误的示例。 它还将说明设计和开发决策如何影响这些漏洞的频率和严重性。 然后,它将讨论在设计中考虑实施的重要性,以及学术研究人员如何才能更多地考虑新技术的实施方面。

Hardware Security

PAC it up: Towards Pointer Integrity using ARM Pointer Authentication

PAC it up:使用ARM指针身份验证实现指针完整性

Hans Liljestrand, Aalto University, Huawei Technologies Oy; Thomas Nyman, Aalto University; Kui Wang, Huawei Technologies Oy, Tampere University of Technology; Carlos Chinea Perez, Huawei Technologies Oy; Jan-Erik Ekberg, Huawei Technologies Oy, Aalto University; N. Asokan, Aalto University

Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasures against specific classes of run-time attacks. An example is the recently added support for pointer authentication (PA) in the ARMv8-A processor architecture, commonly used in devices like smartphones. PA is a low-cost technique to authenticate pointers so as to resist memory vulnerabilities. It has been shown to enable practical protection against memory vulnerabilities that corrupt return addresses or function pointers. However, so far, PA has received very little attention as a general purpose protection mechanism to harden software against various classes of memory attacks. In this paper, we use PA to build novel defenses against various classes of run-time attacks, including the first PA-based mechanism for data pointer integrity. We present PARTS, an instrumentation framework that integrates our PA-based defenses into the LLVM compiler and the GNU/Linux operating system and show, via systematic evaluation, that PARTS provides better protection than current solutions at a reasonable performance overhead.

翻译对以不安全内存的编程语言(例如C和C ++)编写的程序的运行时攻击仍然是对计算机系统的主要威胁。在攻击真实世界的系统中,诸如面向返回的编程(ROP)之类的技术非常流行,促使主要的处理器制造商设计针对特定类型的运行时攻击的基于硬件的对策。一个示例是最近在ARMv8-A处理器体系结构中添加的对指针身份验证(PA)的支持,该体系结构通常在智能手机等设备中使用。 PA是一种低成本的身份验证指针技术,可以抵抗内存漏洞。它显示出可以针对损坏返回地址或函数指针的内存漏洞提供切实的保护。但是,到目前为止,PA作为用于保护软件以抵抗各种类型的内存攻击的通用保护机制,很少受到关注。在本文中,我们使用PA构建针对各种类型的运行时攻击的新颖防御措施,包括第一个基于PA的数据指针完整性机制。我们介绍PARTS,这是一种仪器框架,将基于PA的防御功能集成到LLVM编译器和GNU / Linux操作系统中,并通过系统评估显示,PARTS在合理的性能开销下提供了比当前解决方案更好的保护。

Liljestrand Paper (Prepublication) PDF Liljestrand PDF View the slides

Origin-sensitive Control Flow Integrity


Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, and Jie Yang, Florida State University

CFI is an effective, generic defense against control-flow hijacking attacks, especially for C/C++ programs. However, most previous CFI systems have poor security as demonstrated by their large equivalence class (EC) sizes. An EC is a set of targets that are indistinguishable from each other in the CFI policy; i.e., an attacker can “bend”‘ the control flow within an EC without being detected. As such, the large ECs denote the weakest link in a CFI system and should be broken down in order to improve security.

An approach to improve the security of CFI is to use contextual information, such as the last branches taken, to refine the CFI policy, the so-called context-sensitive CFI. However, contexts based on the recent execution history are often inadequate in breaking down large ECs due to the limited number of incoming execution paths to an indirect control transfer instruction (ICT).

In this paper, we propose a new context for CFI, origin sensitivity, that can effectively break down large ECs and reduce the average and largest EC size. Origin-sensitive CFI (OS-CFI) takes the origin of the code pointer called by an ICT as the context and constrains the targets of the ICT with this context. It supports both C-style indirect calls and C++ virtual calls. Additionally, we leverage common hardware features in the commodity Intel processors (MPX and TSX) to improve both security and performance of OS-CFI. Our evaluation shows that OS-CFI can substantially reduce the largest and average EC sizes (by 98% in some cases) and has strong performance – 7.6% overhead on average for all C/C++ benchmarks of SPEC CPU2006 and NGINX.

翻译CFI是针对控制流劫持攻击的有效,通用防御,尤其是对于C / C ++程序而言。但是,大多数以前的CFI系统的安全性很差,这由其较大的等价类(EC)规模证明。 EC是CFI政策中彼此无法区分的一组目标。也就是说,攻击者可以在不被检测到的情况下“弯曲” EC中的控制流。因此,大型EC表示CFI系统中最薄弱的环节,应该对其进行分解以提高安全性。


在本文中,我们提出了CFI的新背景,即起源敏感性,可以有效地分解大型EC,并减小平均和最大EC大小。起源敏感的CFI(OS-CFI)将ICT调用的代码指针的起源作为上下文,并在此上下文中约束ICT的目标。它支持C风格的间接调用和C ++虚拟调用。此外,我们利用商用英特尔处理器(MPX和TSX)中的通用硬件功能来提高OS-CFI的安全性和性能。我们的评估表明,OS-CFI可以显着减小最大和平均EC大小(在某些情况下减少98%),并具有强大的性能-SPEC CPU2006和NGINX的所有C / C ++基准平均开销为7.6%。

Khandaker PDF View the slides

HardFails: Insights into Software-Exploitable Hardware Bugs


Ghada Dessouky and David Gens, Technische Universität Darmstadt; Patrick Haney and Garrett Persyn, Texas A&M University; Arun Kanuparthi, Hareesh Khattri, and Jason M. Fung, Intel Corporation; Ahmad-Reza Sadeghi, Technische Universität Darmstadt; Jeyavijayan Rajendran, Texas A&M University

Modern computer systems are becoming faster, more efficient, and increasingly interconnected with each generation. Thus, these platforms grow more complex, with new features continually introducing the possibility of new bugs. Although the semiconductor industry employs a combination of different verification techniques to ensure the security of System-on-Chip (SoC) designs, a growing number of increasingly sophisticated attacks are starting to leverage cross-layer bugs. These attacks leverage subtle interactions between hardware and software, as recently demonstrated through a series of real-world exploits that affected all major hardware vendors.

In this paper, we take a deep dive into microarchitectural security from a hardware designer’s perspective by reviewing state-of-the-art approaches used to detect hardware vulnerabilities at design time. We show that a protection gap currently exists, leaving chip designs vulnerable to software-based attacks that can exploit these hardware vulnerabilities. Inspired by real-world vulnerabilities and insights from our industry collaborator (a leading chip manufacturer), we construct the first representative testbed of real-world software-exploitable RTL bugs based on RISC-V SoCs. Patching these bugs may not always be possible and can potentially result in a product recall. Based on our testbed, we conduct two extensive case studies to analyze the effectiveness of state-of-the-art security verification approaches and identify specific classes of vulnerabilities, which we call HardFails, which these approaches fail to detect. Through our work, we focus the spotlight on specific limitations of these approaches to propel future research in these directions. We envision our RISC-V testbed of RTL bugs providing a rich exploratory ground for future research in hardware security verification and contributing to the open-source hardware landscape.


在本文中,我们将从硬件设计者的角度深入研究微体系结构安全性,方法是回顾在设计时用于检测硬件漏洞的最新方法。我们表明,目前存在保护缺口,使芯片设计容易受到可利用这些硬件漏洞的基于软件的攻击。受现实漏洞和行业合作伙伴(领先的芯片制造商)的启发,我们构建了基于RISC-V SoC的第一个具有代表性的真实世界软件可利用RTL错误测试平台。修补这些错误并非总是可能的,并且可能导致产品召回。基于我们的测试平台,我们进行了两个广泛的案例研究,以分析最新安全验证方法的有效性,并确定这些方法无法检测到的特定类别的漏洞(我们称为HardFails)。通过我们的工作,我们将注意力集中在这些方法的特定局限性上,以推动这些方向的未来研究。我们设想我们的RTL错误的RISC-V测试平台将为硬件安全验证的未来研究提供丰富的探索性基础,并有助于开源硬件的发展。

Dessouky PDF

uXOM: Efficient eXecute-Only Memory on ARM Cortex-M

uXOM:基于ARM Cortex-M的高效只执行内存

Donghyun Kwon, Jangseop Shin, and Giyeol Kim, Seoul National University; Byoungyoung Lee, Seoul National University, Purdue University; Yeongpil Cho, Soongsil University; Yunheung Paek, Seoul National University

Code disclosure attacks are one of the major threats to a computer system, considering that code often contains security sensitive information, such as intellectual properties (e.g., secret algorithm), sensitive data (e.g., cryptographic keys) and the gadgets for launching code reuse attacks. To stymie this class of attacks, security researchers have devised a strong memory protection mechanism, called eXecute-Only-Memory (XOM), that defines special memory regions where instruction execution is permitted but data reads and writes are prohibited. Reflecting the value of XOM, many recent high-end processors have added support for XOM in their hardware. Unfortunately, however, low-end embedded processors have yet to provide hardware support for XOM.

In this paper, we propose a novel technique, named uXOM, that realizes XOM in a way that is secure and highly optimized to work on Cortex-M, which is a prominent processor series used in low-end embedded devices. uXOM achieves its security and efficiency by using special architectural features in Cortex-M: unprivileged memory instructions and an MPU. We present several challenges in making XOM non-bypassable under strong attackers and introduce our code analysis and instrumentation to solve these challenges. Our evaluation reveals that uXOM successfully realizes XOM in Cortex-M processor with much better efficiency in terms of execution time, code size and energy consumption compared to a software-only XOM implementation for Cortex-M.

翻译考虑到代码通常包含对安全敏感的信息,例如知识产权(例如,秘密算法),敏感数据(例如,加密密钥)和用于发起代码重用攻击的小工具,因此代码公开攻击是对计算机系统的主要威胁之一。 。为了阻止此类攻击,安全研究人员设计了一种强大的内存保护机制,称为eXecute-Only-Memory(XOM),该机制定义了允许执行指令但禁止数据读写的特殊内存区域。反映XOM的价值,许多最新的高端处理器在其硬件中增加了对XOM的支持。但是,不幸的是,低端嵌入式处理器尚未为XOM提供硬件支持。

在本文中,我们提出了一种名为uXOM的新颖技术,该技术以一种安全且经过高度优化的方式实现XOM以在Cortex-M上工作,Cortex-M是在低端嵌入式设备中使用的著名处理器系列。 uXOM通过使用Cortex-M中的特殊架构功能(无特权的内存指令和MPU)来实现其安全性和效率。在使XOM在强大的攻击者下不可旁路时,我们提出了一些挑战,并介绍了我们的代码分析和工具来解决这些挑战。我们的评估表明,与仅针对Cortex-M的软件XOM实现相比,uXOM在执行时间,代码大小和能耗方面以更高的效率成功地在Cortex-M处理器中成功实现了XOM。

Kwon PDF USENIX Security ‘19 Errata Slip View the slides

A Systematic Evaluation of Transient Execution Attacks and Defenses


Claudio Canella, Graz University of Technology; Jo Van Bulck, imec-DistriNet, KU Leuven; Michael Schwarz, Moritz Lipp, Benjamin von Berg, and Philipp Ortner, Graz University of Technology; Frank Piessens, imec-DistriNet, KU Leuven; Dmitry Evtyushkin, College of William and Mary; Daniel Gruss, Graz University of Technology

Research on transient execution attacks including Spectre and Meltdown showed that exception or branch misprediction events might leave secret-dependent traces in the CPU’s microarchitectural state. This observation led to a proliferation of new Spectre and Meltdown attack variants and even more ad-hoc defenses (e.g., microcode and software patches). Both the industry and academia are now focusing on finding effective defenses for known issues. However, we only have limited insight on residual attack surface and the completeness of the proposed defenses.

In this paper, we present a systematization of transient execution attacks. Our systematization uncovers 6 (new) transient execution attacks that have been overlooked and not been investigated so far: 2 new exploitable Meltdown effects: Meltdown-PK (Protection Key Bypass) on Intel, and Meltdown-BND (Bounds Check Bypass) on Intel and AMD; and 4 new Spectre mistraining strategies. We evaluate the attacks in our classification tree through proof-of-concept implementations on 3 major CPU vendors (Intel, AMD, ARM). Our systematization yields a more complete picture of the attack surface and allows for a more systematic evaluation of defenses. Through this systematic evaluation, we discover that most defenses, including deployed ones, cannot fully mitigate all attack variants.


在本文中,我们提出了瞬时执行攻击的系统化。我们的系统化过程发现了6个(新的)暂时执行攻击,这些攻击到目前为止都没有被忽视,并且尚未得到调查:2种新的可利用的Meltdown效果:Intel上的Meltdown-PK(保护密钥绕过),Intel和上一代的Meltdown-BND(边界检查绕过) AMD;和4种新的Spectre错误训练策略我们通过在3个主要CPU供应商(英特尔,AMD,ARM)上进行的概念验证实施,评估分类树中的攻击。我们的系统化可以对攻击面进行更全面的描述,并可以对防御进行更系统的评估。通过这种系统的评估,我们发现大多数防御措施(包括已部署的防御措施)无法完全缓解所有攻击变型。

Canella PDF View the slides

Machine Learning Applications

The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks


Nicholas Carlini, Google Brain; Chang Liu, University of California, Berkeley; Úlfar Erlingsson, Google Brain; Jernej Kos, National University of Singapore; Dawn Song, University of California, Berkeley

This paper describes a testing methodology for quantitatively assessing the risk that rare or unique training-data sequences are unintentionally memorized by generative sequence models—a common type of machine-learning model. Because such models are sometimes trained on sensitive data (e.g., the text of users’ private messages), this methodology can benefit privacy by allowing deep-learning practitioners to select means of training that minimize such memorization.

In experiments, we show that unintended memorization is a persistent, hard-to-avoid issue that can have serious consequences. Specifically, for models trained without consideration of memorization, we describe new, efficient procedures that can extract unique, secret sequences, such as credit card numbers. We show that our testing strategy is a practical and easy-to-use first line of defense, e.g., by describing its application to quantitatively limit data exposure in Google’s Smart Compose, a commercial text-completion neural network trained on millions of users’ email messages.


在实验中,我们表明意外记忆是一个持续存在的,难以避免的问题,可能会造成严重后果。具体来说,对于不考虑记忆而训练的模型,我们描述了可以提取独特的秘密序列(例如信用卡号)的新型高效程序。我们证明了我们的测试策略是实用且易于使用的第一道防线,例如,通过描述其用于定量限制Google的Smart Compose中的数据暴露的应用,Smart Compose是一种以数百万用户的电子邮件进行训练的商业文本完成神经网络消息。

Carlini PDF

Improving Robustness of ML Classifiers against Realizable Evasion Attacks Using Conserved Features


Liang Tong, Washington University in St. Louis; Bo Li, UIUC; Chen Hajaj, Ariel University; Chaowei Xiao, University of Michigan; Ning Zhang and Yevgeniy Vorobeychik, Washington University in St. Louis

Machine learning (ML) techniques are increasingly common in security applications, such as malware and intrusion detection. However, ML models are often susceptible to evasion attacks, in which an adversary makes changes to the input (such as malware) in order to avoid being detected. A conventional approach to evaluate ML robustness to such attacks, as well as to design robust ML, is by considering simplified feature-space models of attacks, where the attacker changes ML features directly to effect evasion, while minimizing or constraining the magnitude of this change. We investigate the effectiveness of this approach to designing robust ML in the face of attacks that can be realized in actual malware (realizable attacks). We demonstrate that in the context of structure-based PDF malware detection, such techniques appear to have limited effectiveness, but they are effective with content-based detectors. In either case, we show that augmenting the feature space models with conserved features (those that cannot be unilaterally modified without compromising malicious functionality) significantly improves performance. Finally, we show that feature space models enable generalized robustness when faced with a variety of realizable attacks, as compared to classifiers which are tuned to be robust to a specific realizable attack.


Tong PDF View the slides

ALOHA: Auxiliary Loss Optimization for Hypothesis Augmentation


Ethan M. Rudd, Felipe N. Ducau, Cody Wild, Konstantin Berlin, and Richard Harang, Sophos

Malware detection is a popular application of Machine Learning for Information Security (ML-Sec), in which an ML classifier is trained to predict whether a given file is malware or benignware. Parameters of this classifier are typically optimized such that outputs from the model over a set of input samples most closely match the samples’ true malicious/benign (1/0) target labels. However, there are often a number of other sources of contextual metadata for each malware sample, beyond an aggregate malicious/benign label, including multiple labeling sources and malware type information (e.g. ransomware, trojan, etc.), which we can feed to the classifier as auxiliary prediction targets. In this work, we fit deep neural networks to multiple additional targets derived from metadata in a threat intelligence feed for Portable Executable (PE) malware and benignware, including a multi-source malicious/benign loss, a count loss on multi-source detections, and a semantic malware attribute tag loss. We find that incorporating multiple auxiliary loss terms yields a marked improvement in performance on the main detection task. We also demonstrate that these gains likely stem from a more informed neural network representation and are not due to a regularization artifact of multi-target learning. Our auxiliary loss architecture yields a significant reduction in detection error rate (false negatives) of 42.6% at a false positive rate (FPR) of 10-3 when compared to a similar model with only one target, and a decrease of 53.8% at 10-5 FPR.

翻译恶意软件检测是机器学习在信息安全(ML- sec)中的一个流行应用,其中一个ML分类器被训练来预测给定的文件是恶意软件还是恶意软件。该分类器的参数通常经过优化,使模型在一组输入样本上的输出最接近样本的真正恶意/良性(1/0)目标标签。然而,对于每个恶意软件样本,除了一个聚合的恶意/良性标签之外,通常还有许多其他的上下文元数据来源,包括多个标签来源和恶意软件类型信息(例如,勒索软件、木马等),我们可以将这些信息作为辅助预测目标提供给分类器。在这项工作中,我们将深度神经网络与可移植可执行恶意软件和善意软件威胁情报源中的元数据衍生的多个附加目标相匹配,包括多源恶意/善意损失、多源检测计数损失和语义恶意软件属性标签损失。我们发现,在主检测任务中加入多个辅助损耗项可以显著提高性能。我们也证明这些增益可能来自于一个更有信息的神经网络表示,而不是由于多目标学习的正则化伪迹。与只有一个靶点的类似模型相比,我们的辅助损失架构可显著降低检测错误率(假阴性)42.6%,假阳性率(FPR)为10-3,并在10-5 FPR时降低53.8%。

Rudd PDF

Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks

为什么对抗攻击会转移? 解释逃逸和投毒攻击的可转移性

Ambra Demontis, Marco Melis, and Maura Pintor, University of Cagliari, Italy; Matthew Jagielski, Northeastern University; Battista Biggio, University of Cagliari, Italy, and Pluribus One; Alina Oprea and Cristina Nita-Rotaru, Northeastern University; Fabio Roli, University of Cagliari, Italy, and Pluribus One

Transferability captures the ability of an attack against a machine-learning model to be effective against a different, potentially unknown, model. Empirical evidence for transferability has been shown in previous work, but the underlying reasons why an attack transfers or not are not yet well understood. In this paper, we present a comprehensive analysis aimed to investigate the transferability of both test-time evasion and training-time poisoning attacks. We provide a unifying optimization framework for evasion and poisoning attacks, and a formal definition of transferability of such attacks. We highlight two main factors contributing to attack transferability: the intrinsic adversarial vulnerability of the target model, and the complexity of the surrogate model used to optimize the attack. Based on these insights, we define three metrics that impact an attack’s transferability. Interestingly, our results derived from theoretical analysis hold for both evasion and poisoning attacks, and are confirmed experimentally using a wide range of linear and non-linear classifiers and datasets.


Demontis PDF View the slides

Stack Overflow Considered Helpful! Deep Learning Security Nudges Towards Stronger Cryptography

Stack Overflow 是有帮助的! 深度学习安全推动更强大的密码学

Felix Fischer, Technical University of Munich; Huang Xiao, Bosch Center for Artificial Intelligence; Ching-Yu Kao, Fraunhofer AISEC; Yannick Stachelscheid, Benjamin Johnson, and Danial Raza, Technical University of Munich; Paul Fawkesley and Nat Buckley, Projects by IF; Konstantin Böttinger, Fraunhofer AISEC; Paul Muntean and Jens Grossklags, Technical University of Munich

Stack Overflow is the most popular discussion platform for software developers. Recent research found a large amount of insecure encryption code in production systems that has been inspired by examples given on Stack Overflow. By copying and pasting functional code, developers introduced exploitable software vulnerabilities into security-sensitive high-profile applications installed by millions of users every day. Proposed mitigations of this problem suffer from usability flaws and push developers to continue shopping for code examples on Stack Overflow once again. This points us to fighting the proliferation of insecure code directly at the root before it even reaches the clipboard. By viewing Stack Overflow as a market, implementation of cryptography becomes a decision-making problem: i. e. how to simplify the selection of helpful and secure examples. We focus on supporting software developers in making better decisions by applying nudges, a concept borrowed from behavioral science. This approach is motivated by one of our key findings: for 99.37% of insecure code examples on Stack Overflow, similar alternatives are available that serve the same use case and provide strong cryptography. Our system design is based on several nudges that are controlled by a deep neural network. It learns a representation for cryptographic API usage patterns and classification of their security, achieving average AUC-ROC of 0.992. With a user study we demonstrate that nudge-based security advice significantly helps tackling the most popular and error-prone cryptographic use cases in Android.

翻译Stack Overflow是软件开发人员最受欢迎的讨论平台。最近的研究发现生产系统中存在大量不安全的加密代码,这是受Stack Overflow上的示例启发的。通过复制和粘贴功能代码,开发人员将可利用的软件漏洞引入了每天由数百万用户安装的对安全敏感的,备受关注的应用程序中。建议缓解此问题的方法存在可用性缺陷,并促使开发人员再次在Stack Overflow上再次购买代码示例。这表明我们要在不安全代码甚至到达剪贴板之前就直接在根源处进行对抗。通过将Stack Overflow视为一个市场,密码学的实施成为一个决策问题: e。如何简化对有用和安全示例的选择。我们专注于支持软件开发人员通过应用微调做出更好的决策,这种微调是从行为科学中借鉴来的。这种方法是由我们的一项主要发现所激发的:对于Stack Overflow上99.37%的不安全代码示例,可以使用类似的替代方法来服务相同的用例并提供强大的加密技术。我们的系统设计基于由深度神经网络控制的多个微调。它学习了加密API使用模式的表示形式及其安全性分类,从而实现了0.992的平均AUC-ROC。通过一项用户研究,我们证明了基于轻推的安全建议可以极大地帮助解决Android中最流行且易于出错的加密用例。

Fischer Paper (Prepublication) PDF Fischer PDF