Summarize
This article summarizes 196 recent research papers dealing with the field of cybersecurity. It can be mainly divided into the following categories:
Privacy protection, involving anonymous authentication, privacy protection machine learning, etc.
Machine learning security, mainly researching issues such as adversarial examples and hidden backdoors
Browser and web security, involving fingerprinting, end-to-end encryption, site opt-in logos, and more
Embedded system security, mainly for IOT security
Operating system and software security, abuse detection and code auditing, etc.
Hybrid Encryption and Secure Multi-Party Computation
Blockchain security, including Ethereum and Bitcoin, etc.
Cryptography-related, such as zk snarks, zero-knowledge proofs, anonymous digital certificates, etc.
Popular fields:
Adversarial example research. Numerous papers analyze, model and propose new coping mechanisms for adversarial examples.
Privacy Preserving Federated Learning. Investigate how to implement federated learning while preserving privacy.
Browser security. This includes aspects such as fingerprinting, site opt-in logos, and end-to-end encryption.
Unpopular areas:
Smart home security. Although this is an important area there are relatively few lead papers.
Embedded system security. Embedded devices are popular but the related security research is still less.
Future research directions:
Improve the verifiability of secure systems through zero-knowledge proofs and hybrid encryption.
Raise security awareness and provide personalized solutions for non-technical professionals.
Model and theorize cybersecurity problems to provide complete and robust justifications.
Research proposal:
Delve into new discrete mathematics and cryptography theories to solve complex security problems.
Interdisciplinary cooperation with other fields (such as human-computer interaction, user research).
Provide verifiable and reproducible results to improve academic quality.
Pay attention to the practical feasibility and ease of use of the security system.
Keep an eye out for emerging technologies and threats while researching ways you can improve the cost-effectiveness of security systems.
1、"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain
Open source components are ubiquitous in company settings, processes and software. Utilizing these external components as building blocks enables companies to take advantage of the benefits of open source software, allowing them to focus on functionality and faster delivery rather than writing their own components. However, by introducing these components into their software stack, companies inherit unique security challenges and attack surfaces: including code from potentially unvetted contributors and the obligation to assess and mitigate the impact of external component vulnerabilities. After conducting 25 in-depth, semi-structured interviews with software developers, architects, and engineers from industry projects, we investigated the processes, decisions, and considerations for external open source code in their projects. We found that open source components play an important role in the projects of many participants, most projects have some form of company policy or at least a best practice to include external code, many developers would like to have more development time, dedicated Teams or tools to better audit included components. Based on our findings, we discuss the implications for corporate stakeholders and the OSS ecosystem. In general, we call on companies not to view the open source ecosystem as a free (software) supply chain, but to contribute to the health and security of the overall software ecosystem that they benefit from and are a part of.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbYPDlzTW/pdf
2、"How technical do you get? I'm an English teacher": Teaching and Learning Cybersecurity and AI Ethics in High School
Today's cybersecurity and AI technologies often involve ethical challenges. One promising direction is teaching cybersecurity and AI ethics to today's youth. Yet we know very little about how these subjects are taught before high school. Through interviews with US high school teachers (n = 16) and students (n = 11), we found that cybersecurity and AI ethics are often taught in non-technical courses such as social studies and language arts. We also identified related themes, with awareness norms, privacy and digital citizenship appearing most frequently. While teachers utilize traditional and novel instructional strategies, including discussions (using current events as case studies), gamified activities, and content creation, many challenges remain. For example, teachers hesitate to discuss current events for fear of being perceived as partisan and angering parents; cyber hygiene education appears to be highly ineffective at educating youth and promoting safer online behaviors; and generational differences make it difficult for teachers to connect with students. Based on the findings, we offer practical recommendations to improve the education of cybersecurity and AI ethics to youth, including educators, school administrators, and cybersecurity practitioners.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7Ykmov3G/pdf
3、"It's up to the Consumer to be Smart": Understanding the Security and Privacy Attitudes of Smart Home Users on Reddit
Smart home technology brings many benefits to users. However, they also present complex security and privacy issues that are often difficult for users to evaluate and consider when adopting them. To better understand user considerations and attitudes toward smart home security and privacy, and specifically how users develop these attitudes over time, we analyzed 180 security and privacy-related discussions from /r/homeautomation, a major Reddit smart home forum. Qualitative content analysis was performed on 4,957 comments on the topic. Our analysis reveals that users' security and privacy attitudes, manifested as levels of concern and the extent to which they adopt protection strategies, are shaped by multidimensional considerations. User attitudes change with adoption stages and their awareness of these factors. Furthermore, we describe how online discourse about security and privacy risks and protections contributes to the development of individual and collective attitudes. Based on our findings, we provide recommendations to improve smart home design, support user attitude development, facilitate information exchange, and guide future smart home security and privacy research.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7Y7STzBS/pdf
4、"We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups
Security and privacy are often overlooked in software development and are rarely a developer priority. This perception is often based on research by researchers and groups of developers living in the US, Europe, and the UK. However, software production is global, and key populations in important technology centers are understudied. The software startup scene in Turkey is influential, and understanding, knowledge, and mitigations related to software security and privacy remain understudied. To fill this research gap, we conducted a semi-structured interview study with 16 developers of Turkish software startups. The purpose of the interview study is to analyze whether and how developers ensure their software is secure and protect user privacy. Our key finding is that developers rarely make security and privacy a priority due to a lack of awareness, skills, and resources. We find that regulation can have a positive impact on security and privacy. Based on this research, we make recommendations to industry, individual developers, research, educators, and regulators. Our proposal could enable a more global approach to security and privacy in software development.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0DRrdGNi/pdf
5、3DFed: Adaptive and Extensible Framework for Covert Backdoor Attack in Federated Learning
Federated Learning (FL) is a distributed machine learning paradigm that trains datasets locally on individual devices, but is vulnerable to backdoor model pollution attacks. Attackers can manipulate the global model by destroying or impersonating these devices, uploading crafted malicious model updates, and implementing backdoor behavior under attacker-specified triggers. However, existing backdoor attacks require more information about the victim FL system, and they are usually specially designed to optimize a single target, which becomes ineffective in modern FL systems, which often employ defense-in-depth to protect from Detect backdoor models from different angles. Inspired by these issues, this paper proposes 3DFed, an adaptive, scalable and multi-layered framework for launching covert FL backdoor attacks in a black-box setting. 3DFed has three avoidance modules that can camouflage backdoor models: backdoor training with constrained loss, noise masking, and decoy models. By implanting indicators into the backdoor models, 3DFed can obtain attack feedback from previous epochs from the global model and dynamically adjust the hyperparameters of these backdoor avoidance modules. Through extensive experimental results, we show that when all its components work together, 3DFed can evade all state-of-the-art FL backdoor defenses, including Deepsight, Foolsgold, FLAME, FL-Detector, and RFLBAT. The new avoidance module can also be incorporated into 3DFed in the future, since it is an extensible framework.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZhCP5ao/pdf
6、A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs
Microarchitectural attacks threaten the security of computer systems, even in the absence of software vulnerabilities. Such attacks have been well explored on x86 and ARM CPUs, with extensive hardware countermeasures proposed but not yet deployed. With the standardization of the RISC-V instruction set architecture and major processor vendors announcing support for the architecture, RISC-V CPUs are about to become popular. However, the microarchitectural attack surface of the first commercial RISC-V hardware CPUs still needs to be explored. This paper analyzes the microarchitectural attack surface of two commercial off-the-shelf 64-bit RISC-V (hardware) CPUs used in most RISC-V systems running a full commercial Linux system. We evaluated the micro-architectural attack surface and introduced 3 new micro-architectural attack techniques: Cache+Time, a novel caching attack at the cache line granularity, which does not require shared memory; Flush+Fault, utilizing the Harvard cache architecture for Flush+ Reload; CycleDrift, exploiting privileged access to instruction retirement information. We also show that many known attacks apply to these RISC-V CPUs, mainly due to non-existent hardware countermeasures and instruction set details that do not account for the microarchitectural attack surface. We demonstrate our attacks in six case studies, including the first microarchitectural KASLR crack for RISC-V and a CycleDrift-based method for detecting kernel activity. Based on our analysis, we emphasize the consideration of the microarchitectural attack surface at every step of CPU design, including custom ISA extensions.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZEn0hmU/pdf
7、A Theory to Instruct Differentially-Private Learning via Clipping Bias Reduction
We study the bias introduced in differentially private stochastic gradient descent (DP-SGD), where clipped or normalized per-sample gradients are employed. As one of the most popular yet artificial manipulations to ensure bounded sensitivity, gradient clipping enables compound privacy analysis of many iterative optimization methods without making additional assumptions about the learned model or the input data. Despite its broad applicability, gradient clipping also presents theoretical challenges in systematically guiding privacy or utility improvements. In general, classical convergence analysis does not apply to clipped gradient descent without bounded assumptions on the global gradient. Furthermore, many existing DP-SGD improvement methods are heuristics due to the limited understanding of utility loss, especially in the application of private deep learning. In this paper, we provide meaningful theoretical analysis and validate DP-SGD with exhaustive experimental results. We point out that the bias caused by gradient clipping has been underestimated in previous work. For general non-convex optimization via DP-SGD, we show that a key contributor to bias is the sampling noise of the stochastic gradients to be clipped. Therefore, we use the developed theory to establish a series of improvements to reduce sampling noise from various perspectives. From an optimization perspective, we investigate variance reduction techniques and propose inner and outer momentum. At the learned model (neural network) level, we propose several tricks to enhance intra-network normalization and batch pruning to carefully crop the gradient of a batch of samples. For data preprocessing, we provide theoretical proofs of recently proposed improvements through data normalization and (self-)augmentation. Combining these system improvements, private deep learning via DP-SGD can be significantly enhanced in many tasks. For example, in computer vision applications, we successfully trained ResNet20 on CIFAR10 and SVHN with test accuracies of 76.0% and 90.1%, respectively, using the DP guarantee of (epsilon=8, delta=10^-5); In terms of processing, using (epsilon=4, delta=10^-5), we successfully trained a recurrent neural network on the IMDb data with a test accuracy of 77.5%.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZvmFiw0/pdf
8、ADI: Adversarial Dominating Inputs in Vertical Federated Learning Systems
Vertical Federated Learning (VFL) systems have recently emerged as a prominent concept for processing data distributed across many individual sources without centralizing it. Multiple participants collaboratively train models based on their local data in a privacy-conscious manner. To date, VFL has become the de-facto solution for safely learning models between organizations, allowing knowledge to be shared without compromising the privacy of any individual. Despite the flourishing development of VFL systems, we find that certain inputs of the participants, Adversarial Dominating Inputs (ADIs), can dictate joint reasoning in the direction of the adversary's wishes and compel the other (victim) to participate The latter make negligible contributions, losing the rewards usually provided in federated learning scenarios. We conduct a systematic study of ADIs by first demonstrating the existence of ADIs in a typical VFL system. Then, we propose a gradient-based method to synthesize ADIs in various formats and exploit the common VFL system. We further initiate gray-box fuzzing, guided by the saliency scores of the "victim" participants, perturb the input of the adversarial control, and systematically explore the VFL attack surface in a privacy-preserving manner. We conduct an in-depth study on the impact of key parameters and settings on synthetic ADIs. Our research reveals new VFL attack opportunities, facilitating the identification of unknown threats before vulnerabilities emerge and building more secure VFL systems.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZgBwxa0/pdf
9、AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities
This paper studies the problem of cross-version exploit assessment of the Linux kernel. Specifically, given an attack vulnerability that exhibits the exploitability of a vulnerability on a particular kernel version, we aim to understand the exploitability of the same vulnerability on other kernel versions. To solve the cross-version exploit assessment problem, Automated Exploit Generation (AEG) is currently the only feasible solution. However, since AEG is template-based and ignores the capabilities of available vulnerabilities, it is less applicable. This paper presents a novel approach, Automated Vulnerability Migration (AEM), to facilitate cross-version exploit assessment of the Linux kernel. A key insight from AEM was the observation that the tactics employed by the attack generally apply to other exploitable kernel versions. Technically, we consider the kernel version on which the attack works as a reference, adjusting the attack to force other kernel versions to align with the reference version. In this way, we can reproduce the attack on other versions. To reduce cost and increase feasibility, we strategically identify enforcement points that really impact exploitation and enforce alignment only at those points. We designed and implemented a prototype of AEM. Of the 67 cases we evaluated requiring vulnerability migration, our prototype successfully migrated 56 vulnerabilities, a success rate of 83.5%.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7Yo3Ko9O/pdf
10、AI-Guardian: Defeating Adversarial Attacks using Backdoors
Deep neural networks (DNNs) have been widely used in many fields due to their increasing accuracy. However, they are also vulnerable to adversarial attacks, posing serious threats to safety-critical applications such as autonomous driving and remote diagnostics. Existing solutions have limitations in detecting/preventing such attacks and also affect the performance of the original task. This paper proposes AI-Guardian, a novel approach that exploits intentionally embedded backdoors to fail adversarial perturbations while maintaining the performance of the original main task. We extensively evaluate AI-Guardian using five popular adversarial example generation methods, and experimental results demonstrate its effectiveness in defeating adversarial attacks. Specifically, AI-Guardian reduces the attack success rate from 97.3% to 3.2%, surpassing the state-of-the-art work of 30.9%, with only a 0.9% drop in clean data accuracy. Moreover, AI-Guardian introduces only 0.36% overhead in model prediction time, which is almost negligible in most cases.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbXZPyl7W/pdf
11、AUC: Accountable Universal Composability
Accountability is a mature and widely applied security concept that incentivizes honest behavior by obtaining irrefutable cryptographic proofs. Several general accountability frameworks for formal game-based security analysis already exist. Unfortunately, this game-based framework does not support modular security analysis, an important tool for dealing with the complexity of modern protocols. The Universal Composability (UC) model provides native support for modular analysis, including the reuse and combination of safety results. So far, accountability has mainly been modeled and analyzed in UC models for special cases of MPC protocols, but a general accountability framework for UC is lacking. That said, a framework is needed that supports arbitrary protocols, broad accountability properties, handles and mixes accountability and non-accountability security properties, and modular analysis of accountability protocols. To bridge this gap, we propose AUC, the first general accountability framework for UC models, supporting all of the above, based on several new concepts. We demonstrate AUC in three case studies not covered by existing work. In particular, AUC unifies existing UC accountability approaches into a single framework.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0Eqh3vwc/pdf
12、Accuracy-Privacy Trade-off in Deep Ensemble: A Membership Inference Perspective
Deep ensemble learning has been shown to improve accuracy by training multiple neural networks and averaging their outputs. Ensemble learning has also been proposed to defend against privacy-breaking membership inference attacks. In this paper, we empirically show the trade-off between accuracy and privacy (at the expense of membership inference attacks) in deep ensembles. Using various datasets and model architectures, we show that the effectiveness of membership inference attacks increases when ensembling improves accuracy. We analyze the impact of various factors in deep integration and show the root causes of the trade-offs. We then evaluate common membership inference attack defenses based on regularization and differential privacy. We show that these defenses, while mitigating the effectiveness of membership inference attacks, also reduce the accuracy of the ensemble. We show that similar trade-offs exist in more advanced and state-of-the-art ensemble techniques, such as snapshot ensembles and diverse ensemble networks. Finally, we propose a simple yet effective deep integration defense to break this tradeoff, thereby improving both accuracy and privacy.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0Esvi9RC/pdf
13、Adaptive Risk-Limiting Comparison Audits
Risk Limiting Audits (RLAs) are rigorous statistical procedures designed to detect invalid election results. RLAs examine paper ballots cast during elections to statistically assess the likelihood of inconsistencies between the winner determined by the ballot and the winner determined by the tally. The design of an RLA must be balanced between risk and efficiency: "risk" refers to the limit on the chances that an audit will fail to detect such differences as they occur; "efficiency" refers to the total effort required to conduct the audit. Measured from the perspective of checking the number of votes, the most effective method is "ballot comparison". However, "vote comparison" requires an (untrusted) statement about the content of each vote, rather than simply counting the total number of votes. This "vote record" (CVR) is then checked to see if it matches the ballot. In many practical cases, the cost of generating a proper CVR outweighs the cost of conducting an audit, which prevents widespread adoption of these sample-efficient techniques. We introduce a new RLA procedure: an "adaptive ballot comparison" audit. In this audit, a global CVR is never generated; instead, a three-stage process is iteratively performed: 1) selecting a batch, 2) generating a CVR for that batch, 3) sampling the votes in the batch, And compare with CVR. We demonstrate that such audits can achieve comparable risk to standard comparison audits, while generating only a fraction of the CVR. We present three main contributions: (1) a formal adversarial model of RLAs; (2) the definition and analysis of an adaptive audit procedure with strict risk constraints and estimates of occasional errors in typical audits; and (3) an efficiency analysis.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0Eyq1TUY/pdf
14、Analyzing Leakage of Personally Identifiable Information in Language Models
Language models (LMs) have been shown to leak information about training data through sentence-level membership inference and reconstruction attacks. Less attention has been paid to understanding the risk of LMs leaking personally identifiable information (PII), which can be attributed to the false assumption that dataset cleaning techniques such as scrubbing are sufficient to prevent PII leaks. Scrubbing techniques reduce but do not prevent the risk of PII leaks: In practice, scrubbing is imperfect and a trade-off must be made between minimizing disclosure and preserving the utility of the dataset. On the other hand, it is unclear to what extent algorithmic defenses, such as differential privacy, designed to guarantee sentence- or user-level privacy, can prevent the disclosure of PII. In this work, we introduce strictly game-based definitions of three PII leak types, through black-box extraction, inference, and reconstruction attacks using only LM's API access. We evaluate attacks against the GPT-2 model with and without defenses in three domains: case law, healthcare, and email. Our main contributions are: (i) the novel attack can extract up to 10 times more sequences of PII, more effective than existing attacks; (ii) show that sentence-level differential privacy reduces the risk of PII disclosure, but still leaks about 3% (iii) the subtle link between record-level membership inference and PII reconstruction. Code that can be used to reproduce all experiments in the paper can be found at https://github.com/microsoft/analysing_pii_leakage.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbXJj80H6/pdf
15、Attitudes towards Client-Side Scanning for CSAM, Terrorism, Drug Trafficking, Drug Use and Tax Evasion in Germany
In recent years, there have been growing legislative efforts and proposed technical measures to weaken privacy-preserving technology in response to serious crimes such as child abuse. One of the proposed measures is Client Side Scanning (CSS). CSS has been hotly debated both by Apple's announcement that it will deploy it in 2021 and by the EU's proposed legislation in 2022. Both sides claim to be working in the best interest of the people. To clarify the issue, we survey a representative sample of German citizens. We investigate the general acceptance of CSS vs. cloud-based scanning for different types of crime and analyze how the trust of the German government and companies such as Google and Apple influences our participants' views. We find that, overall, most participants are willing to accept CSS measures to combat serious crimes such as child abuse or terrorism, but support falls significantly for other illegal activities. However, most participants in favor of CSS are also concerned about potential abuse, with only 20% indicating they have no concerns. These results indicate that many of our participants were willing to have their devices scanned and accept some risk in hopes of helping law enforcement. In our analysis, we believe that there are good reasons to view this not as a blank check introduced by CSS, but as a call to action for the S&P community. Further research is needed on how to fulfill people's desire to prevent serious crimes online while mitigating privacy and social risks.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbXCX8M9y/pdf
16、BLEDiff : Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations
In this work, we develop an automated, scalable, property-independent and black-box protocol non-compliance inspection framework - BLEDiff, which can analyze and reveal non-conformities in Bluetooth Low Energy (BLE) protocol implementations. regular behavior. To overcome the huge manual workload required to extract BLE protocol reference behavior abstractions and security properties from large and complex BLE specifications, BLEDiff exploits the access rights of multiple BLE devices and utilizes the concept of differential testing to automatically identify non-compliant behaviors. In this regard, BLEDiff first uses an active automata learning method to automatically extract the protocol FSM implemented by BLE. To improve the scalability of active automata learning for large complex BLE protocols, BLEDiff explores the idea of using a divide and conquer approach. BLEDiff divides the BLE protocol into multiple sub-protocols, identifies the dependencies among them, and extracts the FSM of each sub-protocol separately, and finally combines them into a large-scale protocol FSM. These FSMs are then tested pairwise to automatically identify different biases. We evaluate BLEDiff using 25 different commercially available devices and demonstrate that it can reveal 13 different non-compliance behaviors, 10 of which are exploitable attacks.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0DDrcl20/pdf
17、BayBFed: Bayesian Backdoor Defense for Federated Learning
Federated learning (FL) is an emerging technology that allows participants to jointly train machine learning models without sharing private data with others. However, FL is vulnerable to contamination attacks such as backdoor attacks. Therefore, various defense measures have been proposed recently, which mainly exploit the intermediate state of the global model (i.e., logit) or the distance of the local model from the global model (i.e., the L2 norm) to detect malicious backdoors in FL. However, since these methods directly manipulate client updates (or weights), their effectiveness depends on factors such as client data distribution or adversary's attack strategy. This paper introduces BayBFed, a novel and more general backdoor defense framework that proposes to exploit the probability distribution of client updates to detect malicious updates in FL: BayBFed computes a probability metric of client updates to track any adjustments in updates, And using a novel detection algorithm, this probability metric can be exploited to efficiently detect and filter out malicious updates. Thus, it overcomes the shortcomings of previous approaches, which arise from the direct use of client-side updates; nonetheless, our probability measure will include all aspects of local client-side training strategies. BayBFed exploits two Bayesian nonparametric (BNP) extensions: (i) a hierarchical Beta-Bernoulli process to give a probability measure of client updates, and (ii) a modification of the Chinese restaurant process (CRP) , which we call CRP-Jensen, exploits this probability metric to detect and filter out malicious updates. We extensively evaluate our defense method on five benchmark datasets: CIFAR10, Reddit, IoT Intrusion Detection, MNIST, and FMNIST, and show that it can effectively detect and eliminate malicious updates in FL without degrading the global model good performance.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0Ej4gSME/pdf
18、Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale
Despite recent advances in malicious website detection and phishing mitigation, the security ecosystem has paid less attention to issues such as fraudulent e-commerce websites (FCWs) such as fraudulent shopping sites, fake charities, and cryptocurrency scam sites. Worse, there are no effective large-scale mitigation systems or publicly available datasets for FCWs. In this paper, we first propose an efficient automated method for collecting FCWs through crowdsourcing. We identified eight different types of non-phishing FCWs and derived key defining characteristics. We then found that anti-phishing mitigation systems such as Google Safe Browsing had a detection rate of only 0.46% on our dataset. We created a classifier BEYOND PHISH to identify FCWs using manually defined features based on our analysis. It is verified by user research that BEYOND PHISH has high detection rate and low false positive rate on never-seen (untrained and untested data), which are 98.34% and 1.34%, respectively. Finally, we partnered with Palo Alto Networks, a major Internet security firm, and a major financial services provider to evaluate the performance of our classifiers on manually labeled real data. The model achieves a false positive rate of 2.46% and a detection rate of 94.88%, showing the potential for practical defense in terms of FCWs.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZYi2YjC/pdf
19、Bicoptor: Two-round Secure Three-party Non-linear Computation without Preprocessing for Privacy-preserving Machine Learning
The overhead of non-linear functions dominates the performance of privacy-preserving machine learning (PPML) based on secure multi-party computation (MPC). This study introduces a series of novel secure tripartite computing (3PC) protocols Bicoptor, which improves the computational efficiency of nonlinear functions. The basis of Bicoptor is a new symbol determination protocol that relies on the clever use of the truncation protocol proposed in SecureML (S&P 2017). Our 3PC sign determination protocol requires only two communication rounds and does not involve any preprocessing. This sign-determined protocol is well suited for computing nonlinear functions in PPML, such as activation functions ReLU, Maxpool, and their variants. We develop appropriate protocols for these nonlinear functions, forming a family of GPU-friendly protocols, Bicoptor. All Bicoptor protocols require only two communication rounds and no preprocessing is required. We evaluated Bicoptor under a 3-party LAN network on a public cloud, reaching 370,000 DReLU/ReLU or 41,000 Maxpool (finding the maximum of nine inputs) operations per second. Under the same settings and environment, our ReLU protocol can improve by one or two orders of magnitude without batching compared with the latest research Falcon (PETS 2021) or Edabits (CRYPTO 2020).
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0DPq2AqQ/pdf
20、Bitcoin-Enhanced Proof-of-Stake Security: Possibilities and Impossibilities
Bitcoin is the most secure blockchain in the world, backed by the enormous hash power of its proof-of-work miners. The proof-of-stake chain is efficient, energy-saving, and fast, but it faces multiple security issues: vulnerable to non-hackable long-distance security attacks, low activity resilience, and difficult to boot from low token valuations. We show that these security issues are inherent to any proof-of-stake chain without an external source of truth, and propose a new protocol, Babylon, where an off-the-shelf proof-of-stake protocol checkpoints on Bitcoin to address these issues. An impossible result proves Babylonian optimality. One use case for Babylon is reducing stake withdrawal latency: Our experimental results show that this latency can be reduced from several weeks to less than 5 hours with existing proof-of-stake chains using Babylon, at a transaction cost of less than $10K.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0Ei5Ok4U/pdf
21、BlindHub: Bitcoin-Compatible Privacy-Preserving Payment Channel Hubs Supporting Variable Amounts
Payment Channel Hub (PCH) is a promising solution to the scalability problem of first-generation blockchains or cryptocurrencies such as Bitcoin. It supports offline payments between sender and receiver through a middleman (called a tumbler). Privacy Preserving PCH's relational anonymity and value privacy are desirable features that prevent the tumbler from identifying the sender and receiver pair and the payment amount. As far as we know, all existing Bitcoin-compatible PCH constructions that guarantee relational anonymity only allow (predefined) fixed payment amounts. Therefore, to enable payments of different amounts, they will require multiple PCH systems or multiple runs of one PCH system. Neither solution is considered practical. In this paper, we propose the first Bitcoin-compatible PCH that supports variable payment amounts and achieves relational anonymity. To this end, we have several technical construct layers, each of which may have independent interests independently of the community. First, we propose BlindChannel, a novel two-way payment channel protocol for privacy-preserving payments, where {one of the channel parties} cannot see the channel balance. We then further propose BlindHub, a three-party (sender, tumbler, receiver) protocol for private conditional payments, where the tumbler pays the receiver only when the sender pays the tumbler. An appealing addition to BlindHub is the tumbler's inability to link sender and receiver while supporting variable payment amounts. To construct BlindHub, we also introduce two new cryptographic primitives as building blocks, namely Blind Adaptor Signature (BAS) and Flexible Blind Conditional Signature fbcs). BAS is an adapter signature protocol built on top of the blind signature scheme. fbcs is a new cryptographic concept that allows us to provide atomic and privacy-preserving PCHs. Finally, we instantiate the BlindChannel and BlindHub protocols and present the implementation results to demonstrate their usefulness.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0EznDFew/pdf
22、Blue Is the New Black (Market): Privacy Leaks and Re-Victimization from Police-Auctioned Cellphones
In the U.S., items in police possession are auctioned off if they are not claimed, including cellphones obtained by police through civil forfeiture, stolen or turned in to lost and found. Thousands of U.S. police departments have partnered with a website called PropertyRoom to auction off their items. We purchased 228 phones from PropertyRoom over a period of several months to determine if they contained personal information. Our results show that even for a "low effort" adversary with no forensic expertise, it is easy to gain access to a wealth of sensitive personal information: 21.5% of the phones we purchased were not locked at all, and another 4.8% used the top 40 most common A PIN code and pattern, and a police note with the password on a mobile phone. We analyzed the content on the 61 phones we had access to and found sensitive information not only about one of the phone's owners, but also about their personal contacts and sometimes the victims of crimes committed by those people. In addition, we analyzed about two years of PropertyRoom mobile phone auctions and found multiple occurrences of identifying information in photos of auctioned items, including notes with PIN numbers, owner names and phone numbers, as well as revealing how phones were obtained and access to phones Evidence sticker with the name of the police officer. Our work shows that police programs and cell phone auctions can be significant sources of personal information breaches and re-victimization. We hope that our work will call for new policies that either ban the sale of computing devices that contain user information, or at least require that phones be wiped in a way that the US federal government already does.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Nrc0IhUQ9O/pdf
23、Blue's Clues: Practical Discovery of Non-Discoverable Bluetooth Devices
Bluetooth technology is the protocol of choice for personal area networks, and the Bluetooth Classic standard has been in continuous use for over 20 years. Bluetooth devices make themselves discoverable for communication, but the best privacy practice is to ensure that the device remains in non-discoverable mode. This paper demonstrates the ineffectiveness of protecting devices by making them non-discoverable. We introduce the blue thread attack, a straightforward, non-destructive method to fully extract the permanent, unique Bluetooth MAC identifier from a target device in non-discoverable mode. We also demonstrate that we can fully describe device functionality and retrieve identifiers, some of which often contain identifying information about the device owner. We demonstrate blue cues using software-defined radios and over-the-air attacks against our own devices, as well as agency-sanctioned public buildings. We found that a wide range of Bluetooth devices can be uniquely identified in less than 10 seconds on average, with affected devices ranging from smartphones and headsets to gas station cash dispensers and nanny cameras, across all versions of the Bluetooth Classic standard. While we offer possible mitigations for the attack, the blue thread forces a reassessment of over 20 years of best practices for protecting devices from discovery.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7Yja1AYM/pdf
24、Breaking Security-Critical Voice Authentication
Voice authentication (VA) has recently become an integral part of many safety-critical operations, such as banking transactions and call center conversations. The vulnerability of automatic speaker verification systems (ASVs) to spoofing attacks has prompted the development of countermeasures (CMs) whose task is to distinguish authentic and spoofed utterances. Together, ASVs and CMs form today's VA systems and are advertised as unbreakable access control mechanisms. We develop the first practical attack against spoofing countermeasures and show how malicious actors can effectively craft audio samples against these defenses. Previous adversarial attacks against VAs are mainly designed for white-box scenarios that assume knowledge of system internals or require large query and time budgets to launch attacks against specific targets. These assumptions do not hold when attacking safety-critical systems. On the other hand, our attack targets common failure points shared by all spoofing countermeasures, making it real-time, model-agnostic, and completely black-box without interacting with the target to craft attack samples. The key message of our work is that CMs mistakenly learn to distinguish spoofed and real audio based on easily recognizable and faked cues. The effect of our attack is subtle enough to guarantee that these adversarial examples can still bypass ASV and preserve their original text content. These properties combine to form a powerful attack that can bypass security-critical VAs, yielding up to 99% success rate in its strictest form, requiring only 6 attempts. Finally, we performed the first targeted attack on CMs against a telephony network, bypassing several known challenges and opening up a variety of potential threats, given the increased use of voice biometrics in call centers . Our results question the security of modern VA systems and urge users to reconsider trust in them, given the real threat of attackers bypassing these measures to gain access to their most valuable resources.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbYmtLXB6/pdf
25、CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer
This paper presents CSI:Rowhammer, a combined hardware and software Rowhammer mitigation with cryptographic security and integrity guarantees, without focusing on any specific properties of Rowhammer. We design a novel memory error detection mechanism based on a low-latency cryptographic MAC and an exception mechanism that initiates software-level error correction routines. Exception handlers use a new instruction set extension to perform error correction and resume execution afterwards. Unlike regular ECC-DRAM, which is still exploitable if more than 2 bits are flipped, CSI:Rowhammer maintains the security level of the encrypted MAC. We evaluated CSI:Rowhammer in a gem5 proof-of-concept implementation. Under normal conditions, we see a latency overhead of less than 0.75% with no memory overhead compared to off-the-shelf ECC-DRAM. Although the average latency to correct a single bit flip is below 20 nanoseconds (compared to state-of-the-art ECC memories, ranging from a few nanoseconds to a few milliseconds), CSI:Rowhammer can detect any number of bits with extremely high probability Flip, and correct at least 8 bit flips within realistic time constraints.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7XXJASeQ/pdf
26、Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning
Recovering the call graphs of binary programs is crucial for cross-process analysis tasks and applications based on them. One of the core challenges is to identify the target of an indirect call (ie, the indirect callee). Existing solutions all suffer from high false positives and false negatives, resulting in inaccurate call graphs. In this paper, we propose a new solution CALLEE that combines transfer learning and contrastive learning. The key insight is that deep neural networks (DNNs) can automatically recognize patterns about indirect calls, which may be more effective than designing approximation algorithms or heuristic rules to handle various situations. Inspired by advances in question answering applications, we exploit contrastive learning to answer call-site-callee questions. However, one of the biggest challenges is that DNNs require large datasets to achieve high performance, and collecting large-scale indirect calls to ground truth can be computationally expensive. Since direct and indirect calls share similar calling conventions, knowledge learned from direct calls can be transferred to indirect calls. Therefore, we leverage transfer learning to pre-train a DNN with easily collected direct calls and further fine-tune the DNN with indirect calls. We evaluate CALLEE on several sets of targets and show that our solution can match call-site and callee with 94.6% F1 metric, much better than the existing best solutions. Furthermore, we apply CALLEE to binary code similarity detection and hybrid fuzzing and find that it can greatly improve their performance.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0Evrf2eY/pdf
27、Characterizing Everyday Misuse of Smart Home Devices
Discussions of Internet of Things (IoT) security often focus on the threats posed by external and tech-savvy attackers. While it's important to understand these most extreme scenarios, it's also important to understand the most likely risks of harm that smart device ownership can present. This article explores how smart devices can be misused - used without permission in a way that causes harm - by the device owner's everyday associates such as friends, family and lovers. In an initial characterization survey (n = 100), we broadly captured the kinds of unauthorized use and abuse incidents that participants experienced or participated in. We then assessed the prevalence of these events in the population in a representative census survey (n = 483). Our findings suggest that unauthorized use of smart devices is common (experienced by 43% of participants) and misuse is common (experienced by at least 19% of participants). However, highly individual factors determine whether these incidents of unauthorized use constitute abuse. By focusing on everyday misuse rather than serious but unlikely attacks, this work sheds light on the most prevalent security and privacy threats facing smart device owners today.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0E7l2zxm/pdf
28、Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts
We introduce the Clockwork Finance Framework (CFF), a general, formal verification framework for mechanized reasoning about the economic security properties of synthetic decentralized finance (DeFi) smart contracts. CFF has three key properties. It is contract complete, which means it can emulate any smart contract platform and all its contracts - be it Turing complete or otherwise. It can be achieved with an asymptotically constant model overhead. It is also attack-exhaustive, which means that it can automatically and mechanically extract all possible economic attacks on the user's cryptocurrency in the simulated contract. Due to its compositionality, CFF can support multiple goals such as developers' analysis of the economic security of contracts, users' analysis of DeFi transaction risks, fee UX, and optimization of arbitrage opportunities by robots or miners. Because CFF provides composability, it can support these goals by reasoning about any desired model of underlying interacting smart contracts. We instantiate CFF as an executable Ethereum contract model that includes a state-of-the-art deductive validator. Building on previous work, we introduce Extractable Value (EV), a new formalized concept for the economic security of synthetic DeFi contracts, which is both the foundation of CFF and of general interest. We built modular, human-readable, composable CFF models of four popular, deployed Ethereum DeFi protocols: Uniswap, Uniswap V2, Sushiswap, and MakerDAO, which together have a value of 240 in March 2022 One hundred million U.S. dollars. Using these models, as well as other common models such as flash loans, airdrops, and voting, we experimentally show that CFF is practical and can drive useful, data-based EV insights from real-world transactional activity. In the absence of any explicitly programmed attack strategy, CFF has historically generated an average monthly expected EV of $56 million.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7Yru4ls4/pdf
29、Collaborative Ad Transparency: Promises and Limitations
Some targeted advertising platforms offer transparency mechanisms, but researchers and civil society have repeatedly shown that these mechanisms have significant limitations. In this paper, we propose a collaborative advertising transparency approach to infer the targeting parameters advertisers use to target their ads without the cooperation of advertising platforms. The idea is to ask users to donate data about their properties and the ads they receive, and use this data to infer targeting properties for advertising campaigns. We propose a maximum likelihood estimator based on a simplified Bernoulli ad placement model. We first conduct controlled ad experiments on Facebook to test our inference method. To further investigate the potential and limitations of collaborative advertising transparency, we propose a simulation framework that allows variation of key parameters. We validate that our framework delivers accuracy consistent with real observations, so insights from our simulations are transferable to the real world. We then conduct an extensive simulation study of advertising campaigns targeting combinations of the two attributes. Our results show that we can achieve good accuracy as long as at least ten monitored users receive ads. This typically requires several thousand monitored users, regardless of population size. Our simulation framework is based on a novel approach to generate synthetic populations with statistical properties similar to real populations, which could be an independent research direction.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0DUPysb6/pdf
30、Confident Monte Carlo: Rigorous Analysis of Guessing Curves for Probabilistic Password Models
In password security, defenders want to identify and warn users of weak passwords. Similarly, defenders may also wish to predict how many passwords will be broken as the attacker's guessing budget B varies from small (online attackers) to large (offline attackers). To achieve these goals, defenders want to quickly estimate the number of guesses for each user's password pwd, assuming the attacker uses a password cracking model M, that is, how many password guesses Z_pwdpwd_Z the attacker will check before cracking each user's password. Since naive brute-force enumeration can be too expensive when the number of guesses is very large, Dell'Amico and Filippone developed an efficient Monte Carlo algorithm to estimate the number of guesses for a given password pwd. Although Dell'Amico and Filippone demonstrated that their estimator is unbiased, the accuracy of the Monte Carlo estimate is not guaranteed, nor does the method provide a confidence interval for the estimated number of guesses, nor does it even indicate when there is a higher uncertainty. Our contributions are as follows: First, we identify theoretical examples where Monte Carlo intensity estimation produces highly inaccurate individual guess quantity estimates as well as entire guess curves with high probability. Second, we introduce confident Monte Carlo intensity estimation as an extension of Dell'Amico and Filippone. Given a password, our estimator generates an upper and lower bound that guarantees that the true number of guesses is within a given confidence bound (except in the case of probability delta). Our technique can also be used to characterize an attacker's guessing curve. In particular, given a probabilistic password-breaking model M, we can generate high-confidence upper and lower bounds for the fraction of passwords that an attacker will crack as the guessing budget B varies.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbXWpNA5O/pdf
31、Continual Observation under User-level Differential Privacy
In their fundamental work on persistent observation in differential privacy, Dwork et al. proposed two privacy models: event-level DP and user-level DP. The latter offers stronger privacy protections as it allows users to contribute to any number of projects. At the event level DP, their mechanism matches the optimal utility bound under the static setting of all functions that preserve the joint up to log polynomial factors. Unfortunately, their user-level DP mechanism has weaker utility guarantees and imposes many constraints on the data compared to the strong results of event-level DP. In this paper, we design a continuous observation mechanism for multiple basic functions under user-level DP by using a specific example method. Our mechanism does not require any a priori data constraints, while providing progressively decreasing utility guarantees as data difficulty increases. For the count and sum functions, our mechanism is lower-neighbor optimal, matching the static setting up to log polynomial factors. For other functions, they do not match the static case, but we show that this is unavoidable, the first separation result of sustained observation under differential privacy.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZwal6hi/pdf
32、Continuous Intrusion: Characterizing the Security of Continuous Integration Services
Continuous integration (CI) is a widely adopted software development practice for automated code integration. A typical CI workflow involves multiple independent stakeholders, including the code hosting platform (CHP), CI platform (CP), and third-party services. While CI can significantly increase development productivity, unfortunately, it also exposes new attack surfaces. Since the code executed by CI tasks may come from an untrustworthy user, improperly configured CI, weak isolation mechanisms may allow attackers to inject malicious code into victim software by triggering CI tasks. Also, one insecure stakeholder can affect the entire process. This paper systematically examines potential security threats considered by multiple stakeholders and major CP components in the CI workflow. We design and develop an analysis tool, CInspector, to study potential vulnerabilities in seven popular CPs when integrated with three mainstream CHPs. We found that all CPs have the risk of token leakage caused by improper resource sharing and isolation, and many CPs use tokens with high privileges and inappropriate expiration dates. We further reveal four new attack vectors that allow attackers to escalate their privileges and covertly inject malicious code by executing a piece of code in a CI task. To understand the potential impact, we performed large-scale measurements across three mainstream CHPs, examining more than 1.69 million repositories. Our quantitative analysis shows that some very popular repositories and large organizations are affected by these attacks. We have reported the discovered vulnerabilities to CP and received a positive response.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbYRw0Ims/pdf
33、Control Flow and Pointer Integrity Enforcement in a Secure Tagged Architecture
Control flow attacks exploit software vulnerabilities to divert control flow to unexpected paths, eventually executing attack code. This paper explores instruction and data tagging as a general means to defend against such control flow attacks, including attacks that rely on violations of pointer integrity. The use of specific types of narrowband data markers along with narrowband instruction markers embedded in the binary facilitates the desired security policy, leading to a practically feasible solution. Placing instruction tags adjacent to their corresponding instructions in the cache line removes the need for a separate mechanism for instruction tag access. Information obtained during the compiler's analysis phase is augmented and used to generate instruction and data tokens. A full stack implementation is demonstrated, including a modified LLVM compiler, a modified Linux operating system supporting flags, and an FPGA-implemented CPU hardware prototype for enforcing CFI, data pointer, and code pointer integrity. With modest hardware enhancements, the execution time of the benchmark application on the prototype system was shown to be low single-digit percentages, compared to the baseline system without markings.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0El5ao12/pdf
34、Could you clean up the Internet with a Pit of Tar? Investigating tarpit feasibility on Internet worms
Botnets typically spread through widespread internet scanning, identifying and infecting vulnerable internet-facing devices to expand their network. Shutting down these networks is often difficult for law enforcement, and some have proposed tarpits as a method of defense because it doesn't require seizing the infrastructure or relying on device owners to ensure their devices are well configured and protected. These tarpits are network services designed to keep malware-infected devices busy, slowing down or eliminating malicious behavior. This paper identifies a network tarpitting vulnerability based on stateless scanning malware and develops a tarpitting exploit. We apply this technique to malware based on Mirai scanning routines to determine whether scaled tarpitting is effective in curbing the spread of self-propagating malware. We demonstrate that we can effectively trap thousands of devices even in a single tarpit, which significantly slows the propagation of botnets across the Internet and provides a model for simulating malware propagation under various network conditions framework to evaluate beforehand the impact of tarpits on specific malware. We demonstrate that self-propagating malware can be contained with only a few thousand tarpittings, without measurable negative impact on infected routers or ISPs, and present our tarpitting solution to the community as an open platform Post to achieve this.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7XRLrWCI/pdf
35、D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling
ARM binary analysis has wide applications in ARM system security. A fundamental challenge is ARM disassembly. ARM, and AArch32 in particular, have a number of unique features that make disassembly different from x86 disassembly, such as a mix of ARM and Thumb instruction modes, implicit mode switching inside applications, and more generally use of inline data. Existing techniques cannot achieve high accuracy when the binary becomes complex and obfuscated. We present a novel disassembly technique for ARM binaries, specifically designed to address challenges in legacy code for 32-bit ARM binaries. It employs a lightweight superset instruction interpretation approach to derive rich semantic information, and a graph theory-based approach to aggregate this information to produce the final result. We compared several state-of-the-art disassemblers such as Ghidra, IDA, P-Disasm, XDA, D-Disasm, and Spedi on thousands of binaries from SPEC2000 and SPEC2006, as well as various settings of real applications collected online. The comparative evaluation of , the results show that our technique D-ARM significantly outperforms the baseline.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7YAtQ82Q/pdf
36、D-DAE: Defense-Penetrating Model Extraction Attacks
Recent studies have shown that machine learning models are vulnerable to model extraction attacks, where an attacker can query a victim model to construct an alternative model that nearly achieves the same performance. To prevent such attacks, a series of methods have been proposed to corrupt query results before returning them, greatly reducing the performance of existing model extraction attacks. In this paper, we make the first attempt to develop a defense-penetration model extraction attack framework, named D-DAE, aimed at breaking breach-based defenses. The key of D-DAE is to design two modules, breach detection and breach recovery, which can be integrated with general model extraction attacks. More specifically, after obtaining query results from the victim model, the breach detection module infers the defense mechanism employed by the defender. We design a meta-learning based vandalism detection algorithm that learns fundamental differences between vandalized and non-corrupted query result distributions. Even if we do not have access to the original training dataset of the victim model, the algorithm has good generalization properties. After detecting the defense mechanism, the corruption recovery module tries to recover clean query results from broken query results using well-designed generative models. We conduct extensive evaluations on MNIST, FashionMNIST, CIFAR-10, GTSRB, and ImageNette datasets, and show that D-DAE can combine existing Alternative model accuracy increases up to 82.24% for model extraction attacks. We also validate the effectiveness of D-DAE in penetrating unknown defenses in real-world APIs hosted on Microsoft Azure and Face++.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7YbsiH4c/pdf
37、DBREACH: Stealing from Databases Using Compression Side-Channels
We present new compression side-channel attacks against database storage engines that support both database page compression and encryption at rest. With only limited, indirect access to encrypted and compressed database tables, our attack can extract arbitrary plaintext with high accuracy. We demonstrate accurate and efficient attacks against variants of the InnoDB storage engine in MariaDB and MySQL, as well as MongoDB's WiredTiger storage engine. Our attack overcomes unique obstacles in database settings that render previous techniques for attacking TLS ineffective. Unlike the web setting, where the exact length of compressed and encrypted messages can be observed, we only exploit approximate ciphertext size information obtained from disk file sizes. We amplify this noisy signal and combine it with a new attack heuristic tailored to the database setting to extract the secret plaintext. Our attack can detect with >90% accuracy whether a random string is present in a table, and extract a 10-character random string from an encrypted table with >95% success.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0DYPDRRu/pdf
38、DEVFUZZ: Automatic Device Model-Guided Device Driver Fuzzing
Device driver security is critical to overall operating system reliability. However, it is still very challenging to verify that a device driver can properly handle potentially malicious input from a hardware device. Unfortunately, symbolic execution-based solutions often do not scale, and fuzzing solutions require real devices or manual device models, resulting in many device drivers that are not adequately tested and unsafe. This paper introduces DEVFUZZ, a new model-guided fuzzing framework for device drivers without actual devices. DEVFUZZ uses symbolic execution to automatically generate probe models to guide the fuzzer to properly initialize the device driver under test. DEVFUZZ also uses static and dynamic program analysis to build MMIO, PIO and DMA device models to further improve the effect of fuzzing. DEVFUZZ successfully tested 191 device drivers of various bus types (PCI, USB, RadpiIO, I2C) from different operating systems (Linux, FreeBSD and Windows) and detected 72 defects, 41 of which were fixed and merged into the mainstream.
PDF download: https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Nrc0AgBCgM/pdf
39、DEVIOUS: Device-Driven Side-Channel Attacks on the IOMMU
Modern computer systems utilize Input/Output Memory Management Units (IOMMUs) to protect memory from DMA attacks, or to achieve strong isolation in virtualization. Although IOMMU has many advantages, it can also become a new security threat. Similar to the MMU, the IOMMU also has a translation lookaside cache called the IOTLB, which is an address translation cache that keeps recent translations. Therefore, IOTLB can be the target of timing side-channel attacks, revealing the victim's confidential information. In this paper, we propose a novel device-driven side-channel attack DEVIOUS, exploiting DMA-capable PCIe devices such as GPUs and RDMA-enabled NICs (RNICs) for attacks. Therefore, our attack has no effect on the CPU cache or TLB in the victim machine. Implementing DEVIOUS is not easy because the microarchitectural internals of the Intel processor's IOTLB are hidden. We overcome this by reverse engineering IOTLB and revealing its hidden architectural properties. Based on this, we construct two timing attack primitives based on IOTLB using GPU and RNIC. We then demonstrate practical attacks against co-existing VMs under hardware-assisted isolation and remote machines connected via RDMA networks. We also discuss possible countermeasures to guard against the proposed side-channel attacks.
PDF download: https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZBqLNRu/pdf
40、DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data
The recent Hertzbleed disclosure demonstrates how remote timing analysis can reveal secret information previously only available through local power analysis. At worst, this constitutes a fundamental break with the principles of constant-time programming and the many deployed programs that depend on them. But not all hope is lost. Hertzbleed relies on a rough, noisy channel that is difficult to exploit. In fact, the Hertzbleed paper requires tailor-made cryptanalysis to attack a specific cryptosystem (SIKE). As such, it's unclear whether Hertzbleed is a threat to the broader security ecosystem. In this paper, we show that Hertzbleed has a broad reach, affecting not only cryptosystems beyond SIKE, but also programs outside of cryptography, and even computations that occur outside of CPU cores. First, we show how potential gadgets in other cryptosystem implementations (notably "constant-time" ECDSA and Classic McEliece) can be guided with Hertzbleed attacks in conjunction with existing cryptanalysis. Second, we show how power consumption on the integrated GPU affects frequency on the CPU, and how this can be exploited to perform the first cross-origin pixel-stealing attack on Google Chrome, exploiting "constant-time" SVG filters.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZDx3Gz6/pdf
41、DeHiREC: Detecting Hidden Voice Recorders via ADC Electromagnetic Radiation
Unauthorized covert voice recording poses a significant threat to privacy-sensitive scenarios such as confidential meetings and private conversations. Due to the miniaturization and camouflage properties, the hidden tape recorder is difficult to be detected by the surrounding environment. In this paper, we present DeHiREC, the first proof-of-concept system that can detect offline hidden voice recorders from their electromagnetic radiation (EMR). We first characterized the unique pattern of the emitted EMR signal and then localized the source of the EMR, the analog-to-digital converter (ADC) module embedded in mixed-signal system-on-chips (MSoCs). Because these unexpected EMR signals can be extremely noisy and weak, accurately detecting them can be challenging. To address this issue, we first design an EMR-catalyzed method to actively stimulate EMR signals, and then employ an adaptive folding algorithm to improve the signal-to-noise ratio (SNR) of the sensed EMR. Once the sensed EMR changes correspond to our active stimuli, we can determine the presence of a hidden voice recorder. We evaluate the performance of DeHiREC on 13 commercial recorders, including interference from other devices. Experimental results show that DeHiREC is able to effectively detect all 13 recorders and achieve an overall success rate of 92.17% and a recall rate of 86.14% at a distance of 0.2 m.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7Yvurmgw/pdf
42、Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognition
End-to-End Encryption (E2EE) provides individuals with strong technical protection against third-party interference. However, governments and law enforcement agencies around the world are concerned that E2EE could also allow illegal content to be shared without detection. Client-side scanning (CSS) employing perceptual hashing (PH) to detect known illegal content before it is shared is considered a promising solution to prevent the proliferation of illegal content while protecting encryption. While the proposals have raised strong privacy concerns, supporters of the solutions argue that the risks are limited because of the limited scope of the technology, which is to detect known illegal content. In this paper, we show that modern perceptual hashing algorithms are actually quite flexible techniques, and this flexibility can be exploited by attackers to add a minor stealth function to client-side scanning systems. More specifically, we show that an attacker providing a PH algorithm can hide the secondary purpose of facial recognition of a targeted individual while preserving its primary purpose of image duplication detection. We first propose a procedure to train a dual-purpose depth-aware hashing model by jointly optimizing image duplication detection and target face recognition tasks. Second, we perform an extensive evaluation of our dual-use model and show that it can reliably identify target individuals with a probability of 67% without compromising its performance in detecting illegal content. We also show that our model is neither a general-purpose face detection model nor a face recognition model, allowing its secondary purpose to be hidden. Finally, we show that a secondary purpose can be enabled by adding an illegal-looking image to the database. Taken together, our results raise concerns that CSS systems based on depth-aware hashing could turn billions of user devices into tools for locating targeted individuals.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbXDL6b2U/pdf
43、Deepfake Text Detection: Limitations and Opportunities
In recent years, advances in language generation models have made it possible to create realistic synthetic text or deepfakes. Previous research has shown that the misuse of deepfake text can mislead content consumers. Therefore, deepfake detection, the task of distinguishing between human-generated and machine-generated text, becomes increasingly critical. Several defense methods for deepfake text detection have been proposed. However, we lack a comprehensive understanding of their applicability in the real world. In this paper, we collect deepfake text from 4 Transformer-based tool-driven online services to evaluate the generalization ability of defenses to content in the wild. We develop several low-cost adversarial attacks and study the robustness of existing defenses against adaptive attackers. We find that many defenses exhibit significant performance degradation in our evaluation scenarios compared to their original claimed performance. Our evaluation shows that exploiting semantic information in text content is a promising approach to improve the robustness and generalization performance of deepfake text detection schemes.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7XJaERtC/pdf
44、DepthFake: Spoofing 3D Face Authentication with a 2D Photo
Face recognition has been widely used in access control, and the latest 3D face recognition system uses 3D liveness detection technology to deal with photo replay attacks, that is, attackers use 2D photos to bypass authentication. This paper analyzes the security of the 3D liveness detection system using the structured light depth camera, and discovers a new attack method for the 3D face recognition system. We propose the DepthFake attack, which can fool 3D face recognition using only a 2D photo. To achieve this, DepthFake first estimates the 3D depth information of the target victim's face from a 2D photo of it. DepthFake then projects elaborate scattering patterns embedded with facial depth information to give 2D photos 3D authentication properties. We overcome a series of practical challenges, such as depth estimation errors from 2D photos, depth image forgery based on structured light, align RGB images and depth images for faces, and implement DepthFake in a laboratory setting. We validate DepthFake on three commercial face recognition systems (i.e., Tencent Cloud, Baidu Cloud, and 3DiVi) and one commercial access control device. Results from 50 users show that DepthFake has a real-world success rate of 79.4% for depth attacks and 59.4% for RGB-D attacks.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0EgNcf8A/pdf
45、Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments
Due to the challenges of detecting and filtering phishing emails, it is still possible for some phishing emails to reach users' inboxes. As a result, email providers like Gmail have implemented phishing warnings to help users better identify phishing attempts. Existing research has focused on phishing warnings for sighted users, but little is known about how visually impaired people interact with phishing emails and warnings. In this paper, we work with a group of visually impaired users (N = 41) to study the effectiveness of existing warnings and explore more inclusive designs (using the Gmail warning design as a baseline for comparison). We took a multi-pronged approach, including exploratory research (to understand the challenges users face), user participatory design and prototyping, and primary research (to assess the impact of design choices). Our results show that visually impaired users often miss existing Gmail warnings because the current design (e.g. warning location, HTML markup used) does not match the reading habits of screen reader users. Inconsistencies in warnings (e.g. between standard view and HTML view) also create barriers for users. We show that an inclusive design (combining audio warnings, shortcut keys, and warning page overlays) can effectively increase attention to warnings. Based on our results, we make some recommendations for email providers.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0DKe9sVG/pdf
46、Detection of Inconsistencies in Privacy Practices of Browser Extensions
All major web browsers support extensions to provide additional functionality and enhance the user's browsing experience, but these extensions can access and collect user data while the user browses the web. While web extensions inform users about their data practices through multiple forms of notifications, previous research has overlooked important gaps between actual data practices and the privacy statements issued by browser extensions. To fill this gap, we propose ExtPrivA, which automatically detects inconsistencies between data collection and privacy disclosure by browser extensions. From the privacy policy and dashboard disclosure, ExtPrivA extracts the privacy statement to clearly explain the extension's privacy practices. It simulates user interactions to trigger the extension's functionality and analyzes the originator of network requests to accurately extract user data transmitted from the browser to external servers. Our end-to-end evaluation shows that ExtPrivA can detect inconsistencies between privacy disclosure and data collection behavior with 85% accuracy. In a large-scale study of 47.2k extensions on the Chrome Web Store, we found 820 extensions with 1,290 streams inconsistent with their privacy statements. To make matters worse, we found 525 pairs of conflicting privacy statements in the dashboard disclosure and privacy policies of 360 extensions. The inconsistency between these privacy disclosures and actual data collection practices is considered a serious violation of Store policy. Our findings highlight key issues in browser extension privacy disclosures that have the potential to mislead end users and even present high-risk privacy concerns.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7XKorLcQ/pdf
47、Discop: Provably Secure Steganography in Practice Based on “Distribution Copies”
Steganography is the act of disguising the transmission of secret information as a seemingly innocuous act. Although provably secure steganography has been proposed for decades, it has not been used in this field due to its strict requirements (such as perfect sampler and unambiguous data distribution) that are difficult to meet in traditional data environments. common. The increasing popularity of deep generative models can provide a good opportunity to address this problem. In recent years, several approaches to provably secure steganography based on deep generative models have been proposed. However, they cannot achieve the desired security in practice due to unrealistic conditions such as balanced grouping of discrete elements and perfect matching of message to channel distribution. In this paper, we propose a new provably secure practical steganography method called Discop, which builds several "distributed copies" during the generation process. At each generation time step, the message determines which "distribution copy" to sample from. As long as the receiver agrees on some shared information with the sender, he can extract the message without error. To further increase the embedding rate, we recursively construct more "distribution copies" by creating Huffman trees. We demonstrate that Discop can strictly maintain the original distribution such that an attacker cannot guess better than random. Furthermore, we conduct experiments on multiple generative tasks for various digital media, and show that Discop outperforms previous methods in terms of safety and efficiency.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZyUEqk0/pdf
48、Disguising Attacks with Explanation-Aware Backdoors
Explainable machine learning has great potential for analyzing and understanding learning-based systems. However, these methods can be manipulated to provide unreliable explanations, creating powerful and stealthy adversaries. In this paper, we show how to completely mask the adversarial operations of machine learning models. Similar to neural backdoors, we modify the model's predictions in the presence of triggers, but at the same time cheat the interpretation method for subsequent analysis. This allows an adversary to hide the presence of a trigger, or direct the interpretation to an entirely different part of the input, introducing a redfish. We perform an analysis of the different performances of these explanation-aware backdoors for gradient and propagation explanation methods in the image domain, and then proceed to Redfish for malware classification.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0DygrC36/pdf
49、EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation
Embedded systems consist of low-power microcontrollers and cover computing systems ranging from IoT nodes to supercomputers. Unfortunately, due to low power constraints, the security of these systems is often overlooked, leaving a large attack surface. For example, an attacker can access any kernel data structure, including user tasks. Existing works have applied isolation techniques to reduce the threat surface, but these systems either require high runtime overhead or require significant modifications to existing firmware. This paper presents a comprehensive automated isolation toolchain named Embedded Isolator (EC) for real-time operating systems (RTOS) and bare-metal firmware. EC provides the Embedded Isolator Compiler (ECC) to automatically partition the firmware into different isolation regions and enforce memory protection between them using the Embedded Isolator Kernel (ECK). ECK is a formally verified microkernel implementing a novel architecture for isolating firmware. Our evaluation shows that EC can achieve up to 96.2% ROP gadget reduction in firmware. ECK is 1.2 times faster than the state-of-the-art isolation technology. EC provides a low-cost, practical and effective isolation solution for embedded systems.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Nrc0irhBLy/pdf
50、ELSA: Secure Aggregation for Federated Learning with Malicious Actors
Federated Learning (FL) is an increasingly popular approach to machine learning (ML) where the training dataset is highly distributed. The client trains locally on its dataset, then aggregates the updates into the global model. Existing aggregation protocols are either inefficient or do not take into account the situation of malicious actors in the system. This is the main obstacle that makes FL an ideal solution for privacy-sensitive ML applications. We propose ELSA, a secure FL aggregation protocol that breaks this barrier - it is efficient and considers the existence of malicious actors at the core of its design. Similar to previous work by Prio and Prio+, ELSA provides a novel secure aggregation protocol consisting of distributed trust over two servers that keeps individual client updates private as long as one server is honest, defending against Malicious client, and efficient from start to finish. The distinguishing theme of ELSA compared to previous work is that the client acts as an untrusted dealer of these correlations without compromising the security of the protocol, rather than the server interactively generating encrypted correlations. This results in a faster protocol while achieving stronger security than previous work. We introduce new techniques that preserve privacy at little additional cost (less than the increased communication in the case of semi-honest servers) even if the server is malicious. Our work substantially improves the end-to-end runtime of previous work with similar security guarantees—up to 305x for a single aggregator RoFL and up to 8x for distributed trust Prio for the models we consider.
PDF download:
https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0E8t9uFi/pdf
