Spring 2020 CS Cyber Security Reading Group
Members: Yashwanth Bandala, Yu Cai, Bo Chen (co-advisor), Niusen Chen, Siva Krishna Kakula, Vishnu Kamaraju, Alex Larkin, Jean Mayo (co-advisor), Jonah Schulte, Karan Sunchanakota, Deepthi Tankasala, Sai Venkateswaran, Yuchen Wang, Wen Xie,
Time: 4:00 – 5:00pm Friday, January 31, 2020
Location: Rekhi 217
Presenter: Bo Chen
Title: Enabling Data Recovery from Malicious Attacks in Mobile Devices
Modern mobile computing devices (e.g., smart phones, tablets, IoT devices) usually use flash memory as external storage. Compared to traditional mechanical disk drives, flash memory has a few special characteristics: programming can be performed only after an erasure has been performed; reading/programming can be performed on the basis of small pages, but erasing can only be performed on the basis of large blocks; each flash memory cell can only be programmed/erased for a limited number of times; etc.
This talk will introduce our recent research on ensuring recoverability of data from malicious attacks in mobile devices. A fundamental observation is that flash memory utilizes an out-of-place update strategy to accommodate its special hardware characteristics and, by leveraging this observation, for the first time, we are able to solve various data recovery problems in mobile devices upon malware attacks. We will introduce two recent problems we have been addressing: 1) System recovery from bare-metal malware analysis: how to recover the entire system (including memory and external storage) of a mobile device after a bare-metal malware analysis has been conducted; 2) Data recovery from ransomware: without paying the ransom, how to allow data to be recovered to the exact point right before the ransomware starts to encrypt a victim mobile device.
Time: 4:00 – 5:00pm Friday, February 14, 2020
Location: Rekhi 217
Presenter: Wen Xie
Title: PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities
Despite numerous security technologies crafted to resist buffer overflow vulnerabilities, buffer overflows continue to be the dominant form of software security vulnerability. This is because most buffer overflow defenses provide only partial coverage, and the attacks have adapted to exploit problems that are not well-defended, such as heap overflows. This paper presents PointGuard, a compiler technique to defend against most kinds of buffer overflows by encrypting pointers when stored in memory, and decrypting them only when loaded into CPU registers. Attackers attempting to corrupt pointers in memory in any way can destroy a pointer value, but cannot produce a predictable pointer value in memory because they do not have the decryption key. The paper shows that PointGuard’s overhead is low when protecting real security-sensitive applications such as OpenSSL, and show that PointGuard is effective in defending against buffer overflow vulnerabilities that are not blocked by previous defenses.
Time: 4:00 – 5:00pm Friday, February 28, 2020
Location: Rekhi 217
Presenter: Niusen Chen
Title: DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer
Mobile devices are widely used nowadays. To protect sensitive data, mobile operating systems usually incorporate a certain level of encryption to protect sensitive data. However, conventional encryption cannot defend against a coercive attacker who can capture the device owner, and force the owner to disclose keys used for decrypting sensitive information. To defend against such a coercive adversary, Plausibly Deniable Encryption (PDE) was introduced to allow the device owner to deny the very existence of sensitive data stored on his/her device. The existing PDE systems, built on flash storage devices, are problematic, since they either neglect the special nature of the underlying storage medium (which is usually NAND flash), or suffer from deniability compromises. This paper proposes DEFTL, a Deniability Enabling Flash Translation Layer for devices which use flash-based block devices as storage media. DEFTL can achieve deniability while being able to accommodate the special nature of NAND flash as well as eliminate deniability compromises from it.
Time: 4:00 – 5:00pm Friday, March 20, 2020
Presenter: Deepthi Tankasala
Title: Polymorphic & Metamorphic Malware
Malware is a pervasive problem in computer and network systems. It could be any software intentionally designed to cause damage to a computer, server, client, or computer network. In this, I will discuss two types of malware, polymorphic and metamorphic malware. I will first introduce how these two pieces of malware work, and compare their differences. Metamorphic malware is more complex and it can be treated as an advanced version of polymorphic malware. Then, I will discuss how the malware can surpass anti-virus scans by using some morphing techniques such as Packers or Crypters. At last, I will introduce some malware detection techniques, including static analysis, dynamic analysis and heuristic analysis, etc.
Time: 4:00 – 5:00pm Friday, April 3, 2020
Presenter: Jonah Schulte
Title: Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems
This paper proposes a new class of signal injection attacks on microphones based on the photoacoustic effect: converting light to sound using a microphone. They show how an attacker can inject arbitrary audio signals to the target microphone by aiming an amplitude-modulated light at the microphone’s aperture. They then proceed to show how this effect leads to a remote voice-command injection attack on voice-controllable systems. Examining various products that use Amazon’s Alexa, Apple’s Siri, Facebook’s Portal, and Google Assistant, they show how to use light to obtain full control over these devices at distances up to 110 meters and from two separate buildings. Next, they show that user authentication on these devices is often lacking or non-existent, allowing the attacker to use light-injected voice commands to unlock the target’s smartlock-protected front doors, open garage doors, shop on e-commerce websites at the target’s expense, or even locate, unlock and start various vehicles (e.g., Tesla and Ford) that are connected to the target’s Google account. Finally, they conclude with possible software and hardware defenses against those attacks.
Time: 4:00 – 5:00pm Friday, April 17, 2020
Presenter: Sai Venkateswaran
Title: A survey on attacks on voice operated devices
More than a billion voice-activated devices are now used worldwide. In this presentation, I will conduct a survey on attacks on voice operated devices. I will mainly introduce attacks from 3 levels, OS level, hardware level and machine learning level. OS level attacks contain Google Search Attack (GVS), A11Y attacks and Money attacks. Hardware level attacks include Dolphin Attack, IEMI Attack, Surfing Attack and Illuminating Attack. Machine learning level attacks consist of Cocaine Noodles, Hidden Voice Command Attack and Houdini. I will also discuss some countermeasures from both the software and hardware aspect.