SmartPool: Practical Decentralized Pooled Mining

Papers and Proceedings The full Proceedings published by USENIX for the conference are available for download below. Individual papers can smartPool: Practical Decentralized Pooled Mining be downloaded from the presentation page. Copyright to the individual works is retained by the author. Sign in to your USENIX account to download these files.

We present the first static approach that systematically detects potential double-fetch vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90 double fetches in the Linux kernel. While a core dump carries a large amount of information, it barely serves as informative debugging aids in locating software faults because it carries information that indicates only a partial chronology of how program reached a crash site. Recently, this situation has been significantly improved.

In this work, we propose POMP, an automated tool to facilitate the analysis of post-crash artifacts. More specifically, POMP introduces a new reverse execution mechanism to construct the data flow that a program followed prior to its crash. By using the data flow, POMP then performs backward taint analysis and highlights those program statements that actually contribute to the crash. To demonstrate its effectiveness in pinpointing program statements truly pertaining to a program crash, we have implemented POMP for Linux system on x86-32 platform, and tested it against various program crashes resulting from 31 distinct real-world security vulnerabilities. We show that, POMP can accurately and efficiently pinpoint program statements that truly pertain to the crashes, making failure diagnosis significantly convenient. Existing malware analysis platforms leave detectable fingerprints like uncommon string properties in QEMU, signatures in Android Java virtual machine, and artifacts in Linux kernel profiles.

Rose Valley Port Blair Island Retreat

Many proposed defenses against such side-channel attacks capitalize on this reliance. Mozilla Firefox and the Fuzz differentially private database. Several defenses have been proposed to mitigate these attacks. We present detailed benchmarking of floating point performance for various operations based on operand values. We find that Google Chrome, Mozilla Firefox, and Apple’s Safari have insufficiently addressed the floating-point side channel, and we present attacks for each that extract pixel data cross-origin on most platforms.

We evaluate the vector-operation based defensive mechanism proposed at USENIX Security 2016 by Rane, Lin and Tiwari and find that it only reduces, not eliminates, the floating-point side channel signal. Together, these measurements and attacks cause us to conclude that floating point is simply too variable to use in a timing security sensitive context. Side-channel attacks are a serious threat to security-critical software. To mitigate remote timing and cache-timing attacks, many ubiquitous cryptography software libraries feature constant-time implementations of cryptographic primitives. In this work, we disclose a vulnerability in OpenSSL 1. Function type signatures are important for binary analysis, but they are not available in COTS binaries.

In this paper, we present a new system called EKLAVYA which trains a recurrent neural network to recover function type signatures from disassembled binary code. Rowhammer is a hardware bug that can be exploited to implement privilege escalation and remote code execution attacks. In this paper, we present the design and implementation of a practical and efficient software-only defense against rowhammer attacks. Our defense, called CATT, prevents the attacker from leveraging rowhammer to corrupt kernel memory from user mode. To do so, we extend the physical memory allocator of the OS to physically isolate the memory of the kernel and user space. We implemented CATT on x86 and ARM to mitigate rowhammer-based kernel exploits.

In this work, we present a path-sensitive variation of CFI that utilizes runtime path-sensitive point-to analysis to compute the legitimate control transfer targets. We have designed and implemented a runtime environment, PITTYPAT, that enforces path-sensitive CFI efficiently by combining commodity, low-overhead hardware monitoring and a novel runtime points-to analysis. However, there is a lack of effective kernel vulnerability detection tools, especially for closed-source OSes such as Microsoft Windows. Many kinds of memory safety vulnerabilities have been endangering software systems for decades.

Amongst other approaches, fuzzing is a promising technique to unveil various software faults. Recently, feedback-guided fuzzing demonstrated its power, producing a steady stream of security-critical software bugs. This allows us to remain independent of the target OS as we just require a small user space component that interacts with the targeted OS. While variadic functions are flexible, they are inherently not type-safe. Indirect function calls can be exploited by an adversary to divert execution through illegal paths. CFI restricts call targets according to the function prototype which, for variadic functions, does not include all the actual parameters.

However, as shown by our case study, current CFI implementations are mainly limited to nonvariadic functions and fail to address this potential attack vector. Defending against such an attack requires a stateful dynamic check. The key idea is to record metadata at the call site and verify parameters and their types at the callee whenever they are used at runtime. We show that our methodology is effective at capturing differential data-dependent effects as neighbouring instructions in a sequence vary.

Cache-based side-channel attacks are a serious problem in multi-tenant environments, for example, modern cloud data centers. We address this problem with Cloak, a new technique that uses hardware transactional memory to prevent adversarial observation of cache misses on sensitive code and data. Side-channel attacks recover secret information by analyzing the physical implementation of cryptosystems based on non-functional computational characteristics, e. In this work, we propose a novel technique to help software developers identify potential vulnerabilities that can lead to cache-based timing attacks. Our technique leverages symbolic execution and constraint solving to detect potential cache differences at each program point.

There Are More Hard Forks Where These Came From

We adopt a cache model that is general enough to capture various threat models that are employed in practical timing attacks. Why do products still enter the market with easily-found security issues? Why are people still falling for phishing emails? Why do we still have trouble convincing people to patch their systems?

The Meaning of Bitcoin | LinkedIn

Why do companies and governments keep leaking out important PII? We security experts sometimes think that pointing out the obvious flaws will prevent these issues, but somehow that isn’t always the case. This talk will examine why implementing good security and security practices is so hard, and the tradeoffs that cause people to invest less than we think they should. We will cover how we can close the gap between discovery and action, including real world examples of people adopting useful solutions.

We will go through specific methods of how to engage people on security in a way that leads to action. Privacy means many things to many people, things that every system and product needs to understand and support. Although many solutions have been proposed, recent works have highlighted some common drawbacks, such as parser-confusion and classifier-evasion attacks. In response to this, we propose a new perspective for maldoc detection: platform diversity. We further prototype PLATPAL to systematically harvest platform diversity.

PLATPAL hooks into Adobe Reader to trace internal PDF processing and also uses sandboxed execution to capture a maldoc’s impact on the host system. It’s an essential step to understand malware’s behaviors for developing effective solutions. Though a number of systems have been proposed to analyze Android malware, they have been limited by incomplete view of inspection on a single layer. Despite the pervasive nature of Internet censorship and the continuous evolution of how and where censorship is applied, measurements of censorship remain comparatively sparse. Understanding the scope, scale, and evolution of Internet censorship requires global measurements, performed at regular intervals. Facing abusive traffic from the Tor anonymity network, online service providers discriminate against Tor users. Large, routing-capable adversaries such as nation-states have the ability to censor and launch powerful deanonymization attacks against Tor circuits that traverse their borders.

Unfortunately, because few users act based upon, or even comprehend, permission screens, malicious or careless apps can become overprivileged by requesting unneeded permissions. System designers have long struggled with the challenge of determining how to control when untrusted applications may perform operations using privacy-sensitive sensors securely and effectively. Don’t miss the USENIX Security ’17 Reception, featuring dinner, drinks, and the chance to connect with other attendees, speakers, and conference organizers. This is intended as an informal session for short and engaging presentations on recent unpublished results, work in progress, or other topics of interest to the USENIX Security attendees. As in the past, talks do not always need to be serious and funny talks are encouraged! In this work, we demonstrate a novel attack in SDN networks, Persona Hijacking, that breaks the bindings of all layers of the networking stack and fools the network infrastructure into believing that the attacker is the legitimate owner of the victim’s identifiers, which significantly increases persistence. Bootstrapping trust between wireless devices without entering or preloading secrets is a fundamental security problem in many applications, including home networking, mobile device tethering, and the Internet-of-Things.

Because SDN controllers are serving as the brain of the entire network, their security and reliability are of extreme importance. Distinguished Paper Award Winner and winner of the 2017 Internet Defense Prize! We present a new approach for detecting credential spearphishing attacks in enterprise settings. Our method uses features derived from an analysis of fundamental characteristics of spearphishing attacks, combined with a new non-parametric anomaly scoring technique for ranking alerts.

We present an approach and system for real-time reconstruction of attack scenarios on an enterprise host. To meet the scalability and real-time needs of the problem, we develop a platform-neutral, main-memory based, dependency graph abstraction of audit-log data. Success stories in usable security are rare. Through survey data from 118 participating journalists, as well as in-depth, semi-structured interviews with the designers and implementers of the systems underpinning the collaboration, we investigate the factors that supported this effort. We find that the tools developed for the project were both highly useful and highly usable, motivating journalists to use the secure communication platforms provided instead of seeking workarounds.

Selecting Your Leverage

To answer this question, we comprehensively analyze exploitation techniques against vulnerabilities inside enclaves. We demonstrate a practical exploitation technique, called Dark-ROP, which can completely disarm the security guarantees of SGX. However Dark-ROP differs significantly from traditional ROP attacks because the target code runs under solid hardware protection. SGX hardware into disclosing the enclave’s encryption keys and producing measurement reports that defeat remote attestation. The root cause of this attack is that SGX does not clear branch history when switching from enclave to non-enclave mode, leaving fine-grained traces for the outside world to observe, which gives rise to a branch-prediction side channel. Phones are used to confirm some of our most sensitive transactions. From coordination between energy providers in the power grid to corroboration of high-value transfers with a financial institution, we rely on telephony to serve as a trustworthy communications path.

Mobile off-line payment enables purchase over the counter even in the absence of reliable network connections. In the paper, we report a new type of over-the-counter payment frauds on mobile off-line payment, which exploit the designs of existing schemes that apparently fail to consider the adversary capable of actively affecting the payment process. Papers and Proceedings The full Proceedings published by USENIX for the conference are available for download below. Individual papers can also be downloaded from the presentation page. Copyright to the individual works is retained by the author. Sign in to your USENIX account to download these files. We present the first static approach that systematically detects potential double-fetch vulnerabilities in the Linux kernel.

Using a pattern-based analysis, we identified 90 double fetches in the Linux kernel. While a core dump carries a large amount of information, it barely serves as informative debugging aids in locating software faults because it carries information that indicates only a partial chronology of how program reached a crash site. Recently, this situation has been significantly improved. In this work, we propose POMP, an automated tool to facilitate the analysis of post-crash artifacts. More specifically, POMP introduces a new reverse execution mechanism to construct the data flow that a program followed prior to its crash.

By using the data flow, POMP then performs backward taint analysis and highlights those program statements that actually contribute to the crash. To demonstrate its effectiveness in pinpointing program statements truly pertaining to a program crash, we have implemented POMP for Linux system on x86-32 platform, and tested it against various program crashes resulting from 31 distinct real-world security vulnerabilities. We show that, POMP can accurately and efficiently pinpoint program statements that truly pertain to the crashes, making failure diagnosis significantly convenient. Existing malware analysis platforms leave detectable fingerprints like uncommon string properties in QEMU, signatures in Android Java virtual machine, and artifacts in Linux kernel profiles. Many proposed defenses against such side-channel attacks capitalize on this reliance. Mozilla Firefox and the Fuzz differentially private database. Several defenses have been proposed to mitigate these attacks.

We present detailed benchmarking of floating point performance for various operations based on operand values. We find that Google Chrome, Mozilla Firefox, and Apple’s Safari have insufficiently addressed the floating-point side channel, and we present attacks for each that extract pixel data cross-origin on most platforms. We evaluate the vector-operation based defensive mechanism proposed at USENIX Security 2016 by Rane, Lin and Tiwari and find that it only reduces, not eliminates, the floating-point side channel signal. Together, these measurements and attacks cause us to conclude that floating point is simply too variable to use in a timing security sensitive context. Side-channel attacks are a serious threat to security-critical software.

To mitigate remote timing and cache-timing attacks, many ubiquitous cryptography software libraries feature constant-time implementations of cryptographic primitives. In this work, we disclose a vulnerability in OpenSSL 1. Function type signatures are important for binary analysis, but they are not available in COTS binaries. In this paper, we present a new system called EKLAVYA which trains a recurrent neural network to recover function type signatures from disassembled binary code. Rowhammer is a hardware bug that can be exploited to implement privilege escalation and remote code execution attacks.

In this paper, we present the design and implementation of a practical and efficient software-only defense against rowhammer attacks. Our defense, called CATT, prevents the attacker from leveraging rowhammer to corrupt kernel memory from user mode. To do so, we extend the physical memory allocator of the OS to physically isolate the memory of the kernel and user space. We implemented CATT on x86 and ARM to mitigate rowhammer-based kernel exploits. In this work, we present a path-sensitive variation of CFI that utilizes runtime path-sensitive point-to analysis to compute the legitimate control transfer targets. We have designed and implemented a runtime environment, PITTYPAT, that enforces path-sensitive CFI efficiently by combining commodity, low-overhead hardware monitoring and a novel runtime points-to analysis.

Exciting Q2 Start: Bitcoin Cash Up 137%, Ethereum Up 86% & Ripple Up 83%

However, there is a lack of effective kernel vulnerability detection tools, especially for closed-source OSes such as Microsoft Windows. Many kinds of memory safety vulnerabilities have been endangering software systems for decades. Amongst other approaches, fuzzing is a promising technique to unveil various software faults. Recently, feedback-guided fuzzing demonstrated its power, producing a steady stream of security-critical software bugs. This allows us to remain independent of the target OS as we just require a small user space component that interacts with the targeted OS.

While variadic functions are flexible, they are inherently not type-safe. Indirect function calls can be exploited by an adversary to divert execution through illegal paths. CFI restricts call targets according to the function prototype which, for variadic functions, does not include all the actual parameters. However, as shown by our case study, current CFI implementations are mainly limited to nonvariadic functions and fail to address this potential attack vector. Defending against such an attack requires a stateful dynamic check. The key idea is to record metadata at the call site and verify parameters and their types at the callee whenever they are used at runtime.

We show that our methodology is effective at capturing differential data-dependent effects as neighbouring instructions in a sequence vary. Cache-based side-channel attacks are a serious problem in multi-tenant environments, for example, modern cloud data centers. We address this problem with Cloak, a new technique that uses hardware transactional memory to prevent adversarial observation of cache misses on sensitive code and data. Side-channel attacks recover secret information by analyzing the physical implementation of cryptosystems based on non-functional computational characteristics, e. In this work, we propose a novel technique to help software developers identify potential vulnerabilities that can lead to cache-based timing attacks. Our technique leverages symbolic execution and constraint solving to detect potential cache differences at each program point.

We adopt a cache model that is general enough to capture various threat models that are employed in practical timing attacks. Why do products still enter the market with easily-found security issues? Why are people still falling for phishing emails? Why do we still have trouble convincing people to patch their systems?