Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Network Security

Published byAarne Jaakkola Modified over 6 years ago

Similar presentations

Presentation on theme: "Advanced Network Security"— Presentation transcript:

1 Advanced Network Security
Fall 2014 Instructor: Kun Sun, Ph.D. A little background about myself.

2 Topic Area Selection Both network security and system security
Focus on new papers published in recent years Attempt to cover most active security areas Check with me if you have interests on specific security areas

3 Topic Area Selection Each student chooses two papers and the class dates; send your decision to the instructor, FCFS Instructor will present Two topics related to his research: Trustworthy computing environment and Moving target defense Other topics not selected by students

4 Rule of Slides You should write the slides from scratch.
Do not simply reuse slides from others Conference websites (e.g., NDSS, Usenix Security) provide slides You should understand all the contents in your slides.

5 Topic Areas Network Security System Security Attacks
Mobile Security Hardware Security Authentication and Identity Web Security Cloud Security Network Security Privacy and Anonymity Secure Isolation Password Management Control Flow Integrity

6 System Security "Comprehensive Kernel Instrumentation via Dynamic Binary Translation", ASPLOS XVII 2012. binary translation, static vs. dynamic, kernel instrumentation "Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing", Usenix Security 2014. memory randomization against code reuse attack vs. code sharing "ret2dir: Rethinking Kernel Isolation", Usenix Security 2014. prevent malicious kernel from access user space "Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O", S&P 2014. reduce kernel trusted computing base (TCB) for isolated I/O operations

7 Attacks "ROP is Still Dangerous: Breaking Modern Defenses", Usenix Security 2014. new discovery on return oriented programming “Framing Signals — A Return to Portable Shellcode", S&P 2014. signal-return oriented programming Persistent Data-only Malware: Function Hooks without Code, NDSS 2014. construct persistent data-only malware

8 Attacks Power Attack: An Increasing Threat to Data Centers, NDSS 2014.
attack based on power oversubscription Botcoin: Monetizing Stolen Cycles, NDSS 2014. profile the Bitcoin mining malware, botnet Exit from Hell? Reducing the Impact of Amplification DDoS Attacks, Usenix Security 2014 amplification attack Practical Timing Side Channel Attacks Against Kernel Space ASLR, S&P 2014 one way to defeat kernel space address space layout randomization.

9 Mobile Security "AirBag: Boosting Smartphone Resistance to Malware Infection", NDSS 2014. OS level virtualization to isolate malicious apps. "ASM: A Programmable Interface for Extending Android Security", Usenix Security 2014. framework with a programmable interface for defining new reference monitors for Android "AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection", CCS 2013. user intended behavior, symbolic execution

10 Hardware Security "Copker: Computing with Private Keys without RAM", NDSS 2014. Cache as RAM "iSeeYou: Disabling the MacBook Webcam Indicator LED", Usenix Security 2014. can we still trust the hardware display? "DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse", Usenix Security 2014. memory forensic analysis "FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis", CCS 2013. detect build-in backdoor in third-party hardware

11 Authentication and Identity
"On the Semantic Patterns of Passwords and their Security Impact", NDSS 2014. study the semantics of password generation pattern such as Are there preferences in the choices of concepts used in password? what’s their impact on security? "Heart-to-Heart (H2H): Authentication for Implanted Medical Devices", CCS 2013. authenticate external medical device to Implantable Medical Devices (IMD)

12 Web Security "Automating Isolation and Least Privilege in Web Services", S&P 2014. use sandboxed processes with least privilege and limit the communication between processes "Detecting Logic Vulnerabilities in E-Commerce Applications", NDSS 2014. detect logic vulnerabilities using symbolic execution. "mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations” mutation-based Cross-site scripting (XSS) in innerHTML

13 Network Security "AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks", CCS 2013. control plane saturation attack (DoS attack) "No Direction Home: The True Cost of Routing Around Decoys", NDSS 2014. Censors vs. decoy routing system, manipulating inter domain routes "CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers", NDSS 2014. active detecting malicious servers and compromised hosts, large scale

14 Secure Isolation "KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor", ASPLOS 2014. "Smartphones as Practical and Secure Location Verification Tokens for Payments", NDSS 2014. "Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains", S&P 2014. "OASIS: On Achieving a Sanctuary for Integrity and Secrecy on Untrusted Platforms", CCS 2013. "Content-Based Isolation: Rethinking Isolation Policy Design on Client Systems", CCS 2013.

15 Cloud Security "A Hybrid Architecture for Interactive Verifiable Computation", S&P 2014. "Mimesis Aegis: A Mimicry Privacy Shield–A System’s Approach to Data Privacy on Public Cloud", Usenix Security 2014. "BareCloud: Bare-metal Analysis-based Evasive Malware Detection", Usenix Security 2014.

16 Privacy and Anonymity "The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network", NDSS 2014. "Effective Attacks and Provable Defenses for Website Fingerprinting", Usenix Security 2014. "Bootstrapping Privacy Compliance in Big Data Systems", S&P 2014. "Secure Multiparty Computations on Bitcoin", S&P 2014.

17 Password Management "Password Managers: Attacks and Defenses", Usenix Security 2014. "SAuth: Protecting User Accounts from Password Database Leaks", ACM CCS 2013. "Towards Reliable Storage of 56-bit Secrets in Human Memory", Usenix Security 2014.

18 Control Flow Integrity
"Out Of Control: Overcoming Control-Flow Integrity", S&P 2014. "Practical Control Flow Integrity & Randomization for Binary Executables", S&P "CFIMon: Detecting Violation of Control Flow Integrity using Performance Counters", DSN

Download ppt "Advanced Network Security"

Similar presentations

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.
Operating System Security

Operating System Security
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.
1 September 1, 2014.  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2.

1 September 1,  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.

Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Cloud Usability Framework

Cloud Usability Framework
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.

Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Advanced Systems and Network Security

Advanced Systems and Network Security
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google