June 2024
·
13 Reads
·
5 Citations
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
June 2024
·
13 Reads
·
5 Citations
May 2024
·
6 Reads
May 2024
·
3 Reads
October 2023
·
12 Reads
·
4 Citations
December 2022
·
17 Reads
·
4 Citations
November 2022
·
9 Reads
·
3 Citations
November 2022
·
22 Reads
·
26 Citations
January 2019
·
38 Reads
·
7 Citations
ACM Transactions on Privacy and Security
The abundance of memory corruption and disclosure vulnerabilities in kernel code necessitates the deployment of hardening techniques to prevent privilege escalation attacks. As stricter memory isolation mechanisms between the kernel and user space become commonplace, attackers increasingly rely on code reuse techniques to exploit kernel vulnerabilities. Contrary to similar attacks in more restrictive settings, as in web browsers, in kernel exploitation, non-privileged local adversaries have great flexibility in abusing memory disclosure vulnerabilities to dynamically discover, or infer, the location of code snippets in order to construct code-reuse payloads. Recent studies have shown that the coupling of code diversification with the enforcement of a “read XOR execute” (R∧X) memory safety policy is an effective defense against the exploitation of userland software, but so far this approach has not been applied for the protection of the kernel itself. In this article, we fill this gap by presenting kR∧X: a kernel-hardening scheme based on execute-only memory and code diversification. We study a previously unexplored point in the design space, where a hypervisor or a super-privileged component is not required. Implemented mostly as a set of GCC plugins, kR∧X is readily applicable to x86 Linux kernels (both 32b and 64b) and can benefit from hardware support (segmentation on x86, MPX on x86-64) to optimize performance. In full protection mode, kR∧X incurs a low runtime overhead of 4.04%, which drops to 2.32% when MPX is available, and 1.32% when memory segmentation is in use.
January 2019
·
80 Reads
·
2 Citations
The huge growth of e-shopping has brought convenience to customers and increased revenue to merchants and financial entities. Moreover, e-shopping has evolved to possess many functions, features, and requirements (e.g., regulatory ones). However, customer privacy has been mostly ignored, and while it is easy to add simple privacy to an existing system, this typically causes loss of functions. What is needed is enhanced privacy on one hand, and retaining the critical functions and features on the other hand. This is a dilemma which typifies the “privacy versus utility” paradigm, especially when it is applied to an established primitive with operational systems, where applying conventional privacy-by-design principles is not possible and completely altering information flows and system topologies is not an option. This dilemma is becoming more problematic with the advent of regulations such as the European GDPR, which requires companies to provide better privacy guarantees whenever and wherever personal information is involved. In this chapter, we put forward a methodology for privacy augmentation design that is specially suitable for real-world engineering processes that need to adhere to the aforementioned constraints. We call this the “utility, privacy, and then utility again” paradigm. In particular, we start from the state-of-the-art industry systems that we need to adapt; then we add privacy enhancing mechanisms, reducing functionality in order to tighten privacy to the fullest (privacy); and finally, we incorporate tools which add back lost features, carefully relaxing privacy this time (utility again). Specifically, we apply this process to current e-shopping infrastructures, making them privacy respectful without losing functionality. This gives an e-shopping system with enhanced privacy features, presents a set of “utility-privacy trade-offs,” and showcases a practical approach implementing the notion of “privacy by design” while maintaining as much compatibility as possible with current infrastructures. Finally, we note that we implemented and tested performance of our design, verifying its reasonable added costs.
October 2018
·
16 Reads
Social networking services have attracted millions of users, including individuals, professionals, and companies, that upload massive amounts of content, such as text, pictures, and video, every day. Content creators retain the intellectual property (IP) rights on the content they share with these networks, however, very frequently they implicitly grant them, a sometimes, overly broad license to use that content, which enables the services to use it in possibly undesirable ways. For instance, Facebook claims a transferable, sub-licensable, royalty-free, worldwide license on all user-provided content. Professional content creators, like photographers, are particularly affected. In this paper we propose a design for decoupling user data from social networking services without any loss of functionality for the users. Our design suggests that user data are kept off the social networking service, in third parties that enable the hosting of user-generated content under terms of service and overall environment (e.g., a different location) that better suit the user's needs and wishes. At the same time, indirection schemata are seamlessly integrated in the social networking service, without any cooperation from the server side necessary, so that users can transparently access the off-site data just as they would if hosted in-site. We have implemented our design as an extension for the Chrome Web browser, called Redirect2Own, and show that it incurs negligible overhead on accessing 'redirected' content. We offer the extension as free software and its code as an open-source project.
... Lastly, they investigate the effectiveness of LLMs in mitigating existing vulnerabilities within designs. Kokolakis et al. [8] explored the potential of LLMs in the offensive hardware security domain, specifically examining their assistance to attackers in inserting HTs into complex designs like CPUs. They tested a general-purpose LLM's ability to correlate systemlevel security concepts with specific module abstractions in hardware designs, overcoming context length limitations. ...
June 2024
... This step has tree limitations. First, some CAs do not always perform Domain Validation step 2 [29], so domains with certificates less than 398 days old may no longer exist ( §4). Second, zone file publication may be delayed by days, leading to inaccurate inference of domain existence. ...
October 2023
... Highly repeatable and targeted bit flips bypass authentication mechanisms [17] and break cryptosystems [39]. There are numerous other exploits [7,14,20,44], making Rowhammer protection in software a moving target. ...
November 2022
... XOM is a lightweight but effective control flow protection [64]. Although PKS does not perform hardware-enforced checks on execution permission, we set the AD bit in PKRS for all kernel code regions to disable any write or read access, which is required by code injection or code reusing. ...
January 2019
ACM Transactions on Privacy and Security
... Companies track the movements of consumers on the internet based on web clicks and their navigations between different websites. This may be without the consent of customers which makes the collection of information unethical (Diaz et al., 2019). Subsequently, companies analyze the behavior of customers on the web and target advertisements to them based on their browsing and social networking behavior. ...
January 2019
... • The ones which use only positive or negative examples for repair • The ones which use both kinds together Various techniques have been proposed to identify ReDoS-vulnerabilities, which can be mainly classified into two paradigms: static analysis [24,46,47,53,61] and dynamic fuzzing [41,54]. ...
August 2017
... This technique has been successfully applied in various domains, including compilers (McKeeman 1998;Yang et al. 2011;Le et al. 2014), virtual machines (Chen et al. 2016), network protocols (Chen and Su 2015), and more (Petsios et al. 2017). It can uncover subtle (semantic) bugs, security vulnerabilities, and compatibility issues that may go unnoticed with traditional testing methods. ...
May 2017
... In [21], a revised version of the original key exchange process in WPA/WPA2 protocol is proposed to reduce the vulnerabilities in authentication schemes. A black-box verification approach is adopted in [22] to tackle impersonation attacks that weaken authentication procedures. ...
May 2017
... eXclusive Page Frame Ownership manages the attribution separation of the page between the user and kernel modes to protect the direct mapping region attacks [37]. kRˆX controls the exclusive mechanism across the access and execution privileges of the kernel code and kernel data [38]. ...
April 2017
... In practical software diversification (Pappas et al., 2013), a novel in-place code randomization method has been presented to help third-party applications against return-oriented programming (ROP) attacks. Through randomly choosing and applying different transformations, such as atomic instruction substitution, instruction reordering, and register reassignment, to each instance of the protected application, multiple variants of the application can be created. ...
August 2013