Spring 2020 CS Cyber Security Reading Group
Members: Yashwanth
Bandala, Yu Cai, Bo Chen (co-advisor), Niusen Chen,
Siva Krishna Kakula, Vishnu Kamaraju, Alex Larkin, Jean Mayo (co-advisor),
Jonah Schulte, Karan Sunchanakota, Deepthi Tankasala,
Sai Venkateswaran, Yuchen
Wang, Wen Xie,
Detailed schedule:
Time: 4:00 – 5:00pm Friday, January 31, 2020
Location: Rekhi 217
Presenter: Bo Chen
Title: Enabling Data Recovery from Malicious Attacks in Mobile Devices
Abstract:
Modern mobile computing devices (e.g., smart phones, tablets, IoT devices) usually use flash memory as external storage. Compared to traditional mechanical disk drives, flash memory has a few special characteristics: programming can be performed only after an erasure has been performed; reading/programming can be performed on the basis of small pages, but erasing can only be performed on the basis of large blocks; each flash memory cell can only be programmed/erased for a limited number of times; etc.
This talk will introduce our recent research on ensuring recoverability of data from malicious attacks in mobile devices. A fundamental observation is that flash memory utilizes an out-of-place update strategy to accommodate its special hardware characteristics and, by leveraging this observation, for the first time, we are able to solve various data recovery problems in mobile devices upon malware attacks. We will introduce two recent problems we have been addressing: 1) System recovery from bare-metal malware analysis: how to recover the entire system (including memory and external storage) of a mobile device after a bare-metal malware analysis has been conducted; 2) Data recovery from ransomware: without paying the ransom, how to allow data to be recovered to the exact point right before the ransomware starts to encrypt a victim mobile device.
Time: 4:00 – 5:00pm Friday, February 14, 2020
Location: Rekhi 217
Presenter: Wen Xie
Title: PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities
Abstract:
Despite numerous security technologies crafted to resist buffer
overflow vulnerabilities, buffer overflows continue to be the dominant form of
software security vulnerability. This is because most buffer overflow defenses
provide only partial coverage, and the attacks have adapted to exploit problems
that are not well-defended, such as heap overflows. This
paper presents PointGuard, a compiler technique to
defend against most kinds of buffer overflows by encrypting pointers when
stored in memory, and decrypting them only when loaded into CPU registers.
Attackers attempting to corrupt pointers in memory in any way can destroy a
pointer value, but cannot produce a predictable pointer value in memory because
they do not have the decryption key. The paper shows that PointGuard’s
overhead is low when protecting real security-sensitive applications such as
OpenSSL, and show that PointGuard is effective in
defending against buffer overflow vulnerabilities that are not blocked by
previous defenses.
Time:
4:00 – 5:00pm Friday, February 28, 2020
Location:
Rekhi 217
Presenter: Niusen Chen
Title: DEFTL: Implementing
Plausibly Deniable Encryption in Flash Translation Layer
Abstract:
Mobile
devices are widely used nowadays. To protect sensitive data, mobile operating
systems usually incorporate a certain level of encryption to protect sensitive
data. However, conventional encryption cannot defend against a coercive
attacker who can capture the device owner, and force the owner to disclose keys
used for decrypting sensitive information. To defend against such a coercive
adversary, Plausibly Deniable Encryption (PDE) was introduced to allow the
device owner to deny the very existence of sensitive data stored on his/her
device. The existing PDE systems, built on flash storage devices, are
problematic, since they either neglect the special nature of the underlying
storage medium (which is usually NAND flash), or suffer from deniability
compromises. This paper proposes
DEFTL, a Deniability Enabling Flash Translation Layer for devices which
use flash-based block devices as storage media. DEFTL can achieve deniability while
being able to accommodate the special nature of NAND flash as well as eliminate
deniability compromises from it.
Time: 4:00 – 5:00pm Friday, March 20, 2020
Location: Zoom
Presenter: Deepthi Tankasala
Title: Polymorphic & Metamorphic Malware
Abstract:
Malware is a pervasive problem in computer and
network systems. It could be any software intentionally designed to cause
damage to a computer, server, client, or computer network. In this, I will
discuss two types of malware, polymorphic and metamorphic malware. I will first
introduce how these two pieces of malware work, and compare their differences.
Metamorphic malware is more complex and it can be treated as an advanced
version of polymorphic malware. Then, I will discuss how the malware can
surpass anti-virus scans by using some morphing techniques such as Packers or Crypters. At last, I will introduce some malware detection
techniques, including static analysis, dynamic analysis and heuristic analysis,
etc.
Time: 4:00 – 5:00pm Friday, April 3, 2020
Location: Zoom
Presenter: Jonah Schulte
Title: Light Commands: Laser-Based Audio Injection Attacks on
Voice-Controllable Systems
Abstract:
This paper proposes a new class of signal
injection attacks on microphones based on the photoacoustic effect: converting
light to sound using a microphone. They show how an attacker can inject arbitrary
audio signals to the target microphone by aiming an amplitude-modulated light
at the microphone’s aperture. They then proceed to show how this effect leads
to a remote voice-command injection attack on voice-controllable systems.
Examining various products that use Amazon’s Alexa, Apple’s Siri, Facebook’s
Portal, and Google Assistant, they show how to use light to obtain full control
over these devices at distances up to 110 meters and from two separate
buildings. Next, they show that user authentication on these devices is often
lacking or non-existent, allowing the attacker to use light-injected voice
commands to unlock the target’s smartlock-protected
front doors, open garage doors, shop on e-commerce websites at the target’s
expense, or even locate, unlock and start various vehicles (e.g., Tesla and
Ford) that are connected to the target’s Google account. Finally, they conclude
with possible software and hardware defenses against those attacks.
Time: 4:00 – 5:00pm Friday, April 17, 2020
Location: Zoom
Presenter: Sai Venkateswaran
Title: A survey on attacks on voice operated devices
Abstract:
More than a billion voice-activated devices are
now used worldwide. In this presentation, I will conduct a survey on attacks on
voice operated devices. I will mainly introduce attacks from 3 levels, OS
level, hardware level and machine learning level. OS level attacks contain
Google Search Attack (GVS), A11Y attacks and Money attacks. Hardware level
attacks include Dolphin Attack, IEMI Attack, Surfing Attack and Illuminating
Attack. Machine learning level attacks consist of Cocaine Noodles, Hidden Voice
Command Attack and Houdini. I will also discuss some countermeasures from both the
software and hardware aspect.
