Filters








143 Hits in 4.5 sec

Security bugs in embedded interpreters

Haogang Chen, Cody Cutler, Taesoo Kim, Yandong Mao, Xi Wang, Nickolai Zeldovich, M. Frans Kaashoek
2013 Proceedings of the 4th Asia-Pacific Workshop on Systems - APSys '13  
As another example, the RAR archive format allows embedding bytecode in compressed files to describe reversible transformations for decompression.  ...  Because embedded interpreters offer flexibility and performance, they are becoming more prevalent, and can be found at nearly every level of the software stack.  ...  Acknowledgments Thanks to the anonymous reviewers for their feedback.  ... 
doi:10.1145/2500727.2500747 dblp:conf/apsys/ChenCKMWZK13 fatcat:u4k5jqebrneczaqdyeuzyduzua

SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses [article]

Ruimin Sun, Alejandro Mera, Long Lu, David Choffnes
2021 arXiv   pre-print
Vulnerabilities in PLC programs might lead to attacks causing devastating consequences to the critical infrastructure, as shown in Stuxnet and similar attacks.  ...  We performed systematization on these studies, and found attacks that can compromise a full chain of control and evade detection.  ...  Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding agencies or sponsors.  ... 
arXiv:2006.04806v3 fatcat:axupsga555gbhpe7wou5p7ggni

Everything Old is New Again: Binary Security of WebAssembly

Daniel Lehmann, Johannes Kinder, Michael Pradel
2020 USENIX Security Symposium  
An empirical risk assessment on real-world binaries and SPEC CPU programs compiled to WebAssembly shows that our attack primitives are likely to be feasible in practice.  ...  In this paper, we analyze to what extent vulnerabilities are exploitable in WebAssembly binaries, and how this compares to native code.  ...  To show that our attack primitives are applicable in practice, we then discuss a set of vulnerable example WebAssembly applications and demonstrate end-to-end exploits against each one of them.  ... 
dblp:conf/uss/0002KP20 fatcat:ofl2a27nu5e7jdltik2xzx47pu

Realizable Universal Adversarial Perturbations for Malware [article]

Raphael Labaca-Castro, Luis Muñoz-González, Feargus Pendlebury, Gabi Dreo Rodosek, Fabio Pierazzi, Lorenzo Cavallaro
2022 arXiv   pre-print
We additionally show how our method can be adapted to more restrictive domains such as Windows malware.  ...  Machine learning classifiers are vulnerable to adversarial examples -- input-specific perturbations that manipulate models' output.  ...  Acknowledgments This research has been partially supported by the EC H2020 Project CONCORDIA (GA 830927) and the UK EP/L022710/2 and EP/P009301/1 EPSRC research grants.  ... 
arXiv:2102.06747v2 fatcat:2tlsyq3ojbdyviumrbvwzm7ipu

A Survey on Ethereum Systems Security

Huashan Chen, Marcus Pendleton, Laurent Njilla, Shouhuai Xu
2020 ACM Computing Surveys  
We systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses.  ...  We draw insights into vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.  ...  In what follows, we only discuss how Casper FFG defends against the attacks mentioned above.  ... 
doi:10.1145/3391195 fatcat:7ixyzcqdubgrldtbhvqm4owygy

EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts [article]

Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi
2020 arXiv   pre-print
They also manage considerable amounts of assets, which are at risk and often beyond recovery after an attack. Existing solutions to upgrade smart contracts depend on manual and error-prone processes.  ...  EVMPatch features a bytecode rewriting engine for the popular Ethereum blockchain, and transparently/automatically rewrites common off-the-shelf contracts to upgradable contracts.  ...  Acknowledgment The authors would like to thank the reviewers-and especially our shepherd Yinzhi Cao-for their valuable feedback, and the developers for taking the time to participate in our study.  ... 
arXiv:2010.00341v2 fatcat:tc7sw65p2rgxvc5fgo5fzdzyuq

Smart Contract: Attacks and Protections

Sarwar Sayeed, Hector Marco-Gisbert, Tom Caira
2020 IEEE Access  
Smart contracts are programs that reside within decentralized blockchains and are executed pursuant to triggered instructions.  ...  We then focus on smart contract vulnerabilities, analyzing the 7 most important attack techniques to determine the real impact on smart contract technology.  ...  An experiment on Oyente's vulnerability detection capability suggests that it is only able to defend against attacks such as Reentrancy and Time manipulation [63] .  ... 
doi:10.1109/access.2020.2970495 fatcat:5ewcato5b5csxohptp3k5c6tp4

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing [article]

William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, Manuel Egele
2020 arXiv   pre-print
Meanwhile, Algorithmic Complexity (AC)vulnerabilities, which are a common attack vector for denial-of-service attacks, remain an understudied threat.  ...  Contemporary fuzz testing techniques focus on identifying memory corruption vulnerabilities that allow adversaries to achieve either remote code execution or information disclosure.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as representing the official policies or endorsements, either expressed or implied, of any government agency  ... 
arXiv:2002.03416v1 fatcat:zb72iomeabdmjiig2yn5vdgsz4

SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks [chapter]

Wenhao Wang, Benjamin Ferrell, Xiaoyang Xu, Kevin W. Hamlen, Shuang Hao
2018 Lecture Notes in Computer Science  
Evaluation shows that the approach is more robust than current static code analysis defenses, which are susceptible to code obfuscation attacks.  ...  A method of detecting and interrupting unauthorized, browserbased cryptomining is proposed, based on semantic signature-matching.  ...  Acknowledgments This research was supported in part by NSF award #1513704, ONR award N00014-17-1-2995, AFOSR award FA9550-14-1-0173, and an NSF I/UCRC award from Lockheed-Martin.  ... 
doi:10.1007/978-3-319-98989-1_7 fatcat:ubgcajsf4zfwpbcr762fclrlni

Secure execution of Java applets using a remote playground

D. Malkhi, M.K. Reiter
2000 IEEE Transactions on Software Engineering  
Prior to execution the applet is transformed to use the downloading user's web browser as a graphics terminal for its input and output, and so the user has the illusion that the applet is running on her  ...  In reality, however, mobile code runs only in the sanitized environment of the playground, where user les cannot be mounted and from which only limited network connections are a c cepted b y m achines  ...  Acknowledgements We are grateful to Drew Dean, Ed Felten, Li Gong and the anonymous referees for helpful comments.  ... 
doi:10.1109/32.888632 fatcat:6ht6pmbjzrf4hbmpbdhlo7ipxy

Secure Execution of Java Applets using a Remote Playground [article]

Dahlia Malkhi, Michael Reiter
1999 arXiv   pre-print
Prior to execution the applet is transformed to use the downloading user's web browser as a graphics terminal for its input and output, and so the user has the illusion that the applet is running on her  ...  In reality, however, mobile code runs only in the sanitized environment of the playground, where user files cannot be mounted and from which only limited network connections are accepted by machines in  ...  We are grateful to Drew Dean, Ed Felten, Li Gong and the anonymous referees of the 1998 IEEE Symposium on Security and Privacy and IEEE Transactions on Software Engineering for helpful comments.  ... 
arXiv:cs/9908009v1 fatcat:ccf2hjayind77e2teeu7aaudx4

A Service-oriented Approach to Mobile Code Security

Micah Jones, Kevin W. Hamlen
2011 Procedia Computer Science  
An XML format for specifying these policies is outlined, and preliminary experiments demonstrate the feasibility of the approach.  ...  The service-oriented approach therefore provides defenders a means to quickly and comprehensively react to zero-day attacks for which no patch yet exists, and to protect users of legacy software who may  ...  Method accesses are usually of greatest practical significance in real policies, so we support several different kinds of pointcuts for matching them.  ... 
doi:10.1016/j.procs.2011.07.069 fatcat:h62sfopk7jahxgfhc5ncnmf5pu

A Survey of DeFi Security: Challenges and Opportunities [article]

Wenkai Li, Jiuyang Bu, Xiaoqi Li, Hongli Peng, Yuanzheng Niu, Yuqing Zhang
2022 arXiv   pre-print
Additionally, application-level vulnerabilities are also analyzed. Then we classify and analyze real-world DeFi attacks based on the principles that correlate to the vulnerabilities.  ...  The DeFi system use blockchain technology to execute user transactions, such as lending and exchanging.  ...  Accounts are the entities that perform transactions, and in the real world, users use them to send transactions to the blockchain.  ... 
arXiv:2206.11821v2 fatcat:5z4ew5bbpngarabdocenndp4jm

Raksha

Michael Dalton, Hari Kannan, Christos Kozyrakis
2007 SIGARCH Computer Architecture News  
Second, it supports multiple active security policies that can protect the system against concurrent attacks.  ...  First, it supports flexible and programmable security policies that enable software to direct hardware analysis towards a wide range of high-level and low-level attacks.  ...  that provides protection against memory corruption attacks.  ... 
doi:10.1145/1273440.1250722 fatcat:gdo5x6x7xrdgje3tq44pt6ohxu

Raksha

Michael Dalton, Hari Kannan, Christos Kozyrakis
2007 Proceedings of the 34th annual international symposium on Computer architecture - ISCA '07  
Second, it supports multiple active security policies that can protect the system against concurrent attacks.  ...  First, it supports flexible and programmable security policies that enable software to direct hardware analysis towards a wide range of high-level and low-level attacks.  ...  that provides protection against memory corruption attacks.  ... 
doi:10.1145/1250662.1250722 dblp:conf/isca/DaltonKK07 fatcat:6ve3ir4yq5epxh5dkq5oqtmhma
« Previous Showing results 1 — 15 out of 143 results