2,774 Hits in 1.7 sec

Detection of App Collusion Potential Using Logic Programming [article]

Jorge Blasco, Thomas M. Chen, Igor Muttik, Markus Roggenbach
2017 arXiv   pre-print
Android is designed with a number of built-in security features such as app sandboxing and permission-based access controls. Android supports multiple communication methods for apps to cooperate. This creates a security risk of app collusion. For instance, a sandboxed app with permission to access sensitive data might leak that data to another sandboxed app with access to the internet. In this paper, we present a method to detect potential collusion between apps. First, we extract from apps all
more » ... information about their accesses to protected resources and communications. Then we identify sets of apps that might be colluding by using rules in first order logic codified in Prolog. After these, more computationally demanding approaches like taint analysis can focus on the identified sets that show collusion potential. This "filtering" approach is validated against a dataset of manually crafted colluding apps. We also demonstrate that our tool scales by running it on a set of more than 50,000 apps collected in the wild. Our tool allowed us to detect a large set of real apps that used collusion as a synchronization method to maximize the effects of a payload that was injected into all of them via the same SDK.
arXiv:1706.02387v1 fatcat:om6m3an4ybdlhmnr7tyhec4ehm

InfoSec Cinema: Using Films for Information Security Teaching

Jorge Blasco, Elizabeth A. Quaglia
2018 USENIX Security Symposium  
We present InfoSec Cinema, a film-based teaching activity that uses commercial films to teach information security. We analyse ten films to verify their suitability and build a public and editable database of information security events from films. Our findings show that most films embed enough security events to be used as a teaching tool. This could be used to produce information security teaching activities for a very wide range of audiences. Our experience in running two sessions of InfoSec
more » ... Cinema was positive. Students were able to identify the most relevant events and even designed mitigations to avoid the problems that were depicted during the film. We also learned that the identification of security events greatly depends on the background and personality of the viewer.
dblp:conf/uss/BlascoQ18 fatcat:gterlnzhxfbqpjnbzwphs6u42y

argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Binaries [article]

Pallavi Sivakumaran, Jorge Blasco
2021 arXiv   pre-print
Recent high-profile attacks on the Internet of Things (IoT) have brought to the forefront the vulnerability of "smart" devices, and have resulted in numerous IoT-focused security analyses. Many of the attacks had weak device configuration as the root cause. One potential source of rich and definitive information about the configuration of an IoT device is the device's firmware. However, firmware analysis is complex and automated firmware analyses have thus far been confined to devices with more
more » ... traditional operating systems such as Linux or VxWorks. Most IoT peripherals, due to lacking traditional operating systems and implementing a wide variety of communication technologies, have only been the subject of smaller-scale analyses. Peripheral firmware analysis is further complicated by the fact that such firmware files are predominantly available as stripped binaries, without the ELF headers and symbol tables that would simplify reverse engineering. In this paper, we present argXtract, an open-source automated static analysis tool, which extracts security-relevant configuration information from stripped IoT peripheral firmware. Specifically, we focus on binaries that target the ARM Cortex-M architecture, due to its growing popularity among IoT peripherals. argXtract overcomes the challenges associated with stripped Cortex-M analysis and is able to retrieve arguments to security-relevant supervisor and function calls, enabling automated bulk analysis of firmware files. We demonstrate this via three real-world case studies. The largest case study covers a dataset of 243 Bluetooth Low Energy binaries targeting Nordic Semiconductor chipsets, while the other two focus on Nordic ANT and STMicroelectronics BlueNRG binaries. The results reveal widespread lack of security and privacy controls in IoT, such as minimal or no protection for data, fixed passkeys and trackable device addresses.
arXiv:2105.03135v1 fatcat:6pduw7t4ybbojcrisktouh5fdq

Dr. Jorge Veiga de Cabo: editor científico para la medicina y enfermería del trabajo

Jerónimo Maqueda-Blasco
2020 Medicina y Seguridad del Trabajo  
Jorge Amigo, gracias por haber sido. Jorge Editor, gracias por haber hecho.  ...  Todo gran profesional suele coincidir con una gran persona y eso, sobre todo lo demás, era Jorge. Jorge como compañero y amigo fue maravilloso.  ... 
doi:10.4321/s0465-546x2020000300001 fatcat:yf4o4s5b7fgcnkgqskbb4vv6ai

Towards Automated Android App Collusion Detection [article]

Irina Mariuca Asavoae, Jorge Blasco, Thomas M. Chen, Harsha Kumara Kalutarage, Igor Muttik, Hoang Nga Nguyen, Markus Roggenbach, Siraj Ahmed Shaikh
2016 arXiv   pre-print
Android OS supports multiple communication methods between apps. This opens the possibility to carry out threats in a collaborative fashion, c.f. the Soundcomber example from 2011. In this paper we provide a concise definition of collusion and report on a number of automated detection approaches, developed in co-operation with Intel Security.
arXiv:1603.02308v1 fatcat:mie7nrhsszgf7hyxlpogmlbjzm

Bypassing information leakage protection with trusted applications

Jorge Blasco, Julio Cesar Hernandez-Castro, Juan E. Tapiador, Arturo Ribagorda
2012 Computers & security  
Insider threats are an increasing concern for most modern organizations. Information leakage is one of the most important insider threats, particularly according to its potential financial impact. Data Leakage Protection (DLP) systems have been developed to tackle this issue and they constitute the main solution to protect information systems against leaks. They work by tracking sensitive information flows and monitoring executed applications to ensure that sensitive information is not leaving
more » ... he organization. However, current DLP systems do not fully consider that trusted applications represent a threat to sensitive information confidentiality. In this paper, we demonstrate how to use common trusted applications to evade current DLP systems. Thanks to its wide range, trusted applications such as Microsoft Excel can be transformed into standardized block ciphers. Information can thus be encrypted in such a way that current DLP techniques cannot detect that sensitive information is being leaked. This method could be used by nonskilled malicious insiders and leaves almost no traces. We have successfully tested our method against a well-known DLP solution from a commercial provider (TrendMicro LeakProof). Finally, we also analyze the proposed evasion technique from the malicious insider point of view and discuss some possible countermeasures to mitigate its use to steal information.
doi:10.1016/j.cose.2012.01.008 fatcat:hbx7n7lurjh6xkyi2hijxuqlpi

"In Situ" Corneal and Contact Lens Thickness Changes with High-Resolution Optical Coherence Tomography

Jose M. González-Méijome, Alejandro Cerviño, Sofia C. Peixoto-de-Matos, David Madrid-Costa, Jorge Jorge, Teresa Ferrer-Blasco
2012 Cornea  
37 Purpose: To show the utility of high resolution spectral domain optical coherence 38 tomography (HR SOCT) for the in situ evaluation of epithelial, stromal and contact lens 39 (CL) thickness changes under closed-eye conditions without lens removal. 40 Settings: Methods: Eight young healthy patients wore a thick soft CL during 90 minutes under 43 closed-eye conditions and measures of epithelial and stromal corneal thickness were 44 obtained at regular intervals using a HR SOCT (Copernicus HR,
more » ... Optopol Tech. SA, 45 Poland). 46 Results: Minimal changes in epithelial thickness were detected with a transient 47 statistically significant increase in epithelial thickness in the fellow control eye 30 48 minutes after insertion (p=0.028). A significant and progressive increase in stromal 49 thickness up to 8% after 90 minutes of lens wear was observed at a constant rate of 2.5% 50 every 30 minutes, being statistically significant in all observations (p<0.001). Fellow 51 control eye also showed a significant increase in stromal thickness at a much lower rate 52 of 0.5% every 30 minutes. Lens thickness decreased significantly by 2% after 90 minutes 53 of lens wear under closed eye conditions (p<0.001). Individual analysis showed that all 54 eyes displayed stromal swelling, while only half of them showed epithelial swelling. 55 Conclusion: Increase in stromal thickness and a slight decrease in lens thickness were 56 observed in response to a hypoxic stimulus under closed eye conditions. High resolution 57 spectral domain HR SOCT is a powerful tool to investigate in vivo the physiological 58 interactions between cornea and contact lenses. 59
doi:10.1097/ico.0b013e31823f0905 pmid:22240923 fatcat:5km6vjn3jfdtjo6dkgrvtczwse

Collective Information Security in Large-Scale Urban Protests: the Case of Hong Kong [article]

Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, Lenka Mareková
2021 arXiv   pre-print
The Anti-Extradition Law Amendment Bill protests in Hong Kong present a rich context for exploring information security practices among protesters due to their large-scale urban setting and highly digitalised nature. We conducted in-depth, semi-structured interviews with 11 participants of these protests. Research findings reveal how protesters favoured Telegram and relied on its security for internal communication and organisation of on-the-ground collective action; were organised in small
more » ... ate groups and large public groups to enable collective action; adopted tactics and technologies that enable pseudonymity; and developed a variety of strategies to detect compromises and to achieve forms of forward secrecy and post-compromise security when group members were (presumed) arrested. We further show how group administrators had assumed the roles of leaders in these 'leaderless' protests and were critical to collective protest efforts.
arXiv:2105.14869v1 fatcat:3hoyj4w4c5godj7y5345qzsmky

A Survey of Wearable Biometric Recognition Systems

Jorge Blasco, Thomas M. Chen, Juan Tapiador, Pedro Peris-Lopez
2016 ACM Computing Surveys  
This is the accepted version of the paper. This version of the publication may differ from the final published version. Permanent repository link: Link to published version: http://dx.The growing popularity of wearable devices is leading to new ways to interact with the environment, with other smart devices, and with other people. Wearables equipped with an array of sensors are able to capture the owner's physiological and behavioural traits, and thus are
more » ... suited for biometric authentication to control other devices or access digital services. However, wearable biometrics have substantial differences from traditional biometrics for computer systems, such as fingerprints, eye features, or voice. In this paper we discuss these differences and analyse how researchers are approaching the wearable biometrics field. We review and provide a categorization of wearable sensors useful for capturing biometric signals. We analyse the computational cost of the different signal processing techniques, an important practical factor in constrained devices such as wearables. Finally, we review and classify the most recent proposals in the field of wearable biometrics in terms of the structure of the biometric system proposed, their experimental setup, and their results. We also present a critique of experimental issues such as evaluation and feasibility aspects, and offer some final thoughts on research directions that need attention in future work.
doi:10.1145/2968215 fatcat:z7qa5lyx5bei7ivdbdcvcgkpa4

Accelerated geroncogenesis in hereditary breast-ovarian cancer syndrome

Javier A. Menendez, Núria Folguera-Blasco, Elisabet Cuyàs, Salvador Fernández-Arroyo, Jorge Joven, Tomás Alarcón
2016 OncoTarget  
The geroncogenesis hypothesis postulates that the decline in metabolic cellular health that occurs naturally with aging drives a "field effect" predisposing normal tissues for cancer development. We propose that mutations in the cancer susceptibility genes BRCA1/2 might trigger "accelerated geroncogenesis" in breast and ovarian epithelia. By speeding up the rate at which the metabolic threshold becomes "permissive" with survival and expansion of genomically unstable pretumoral epithelial cells,
more » ... BRCA haploinsufficiency-driven metabolic reprogramming would operate as a bona fide oncogenic event enabling malignant transformation and tumor formation in BRCA carriers. The metabolic facet of BRCA1 one-hit might involve tissue-specific alterations in acetyl-CoA, α-ketoglutarate, NAD + , FAD, or S-adenosylmethionine, critical factors for de/methylation or de/acetylation dynamics in the nuclear epigenome. This in turn might induce faulty epigenetic reprogramming at the "install phase" that directs cell-specific differentiation of breast/ovarian epithelial cells, which can ultimately determine the penetrance of BRCA defects during developmental windows of susceptibility. This model offers a framework to study whether metabolic drugs that prevent or revert metabolic reprogramming induced by BRCA haploinsufficiency might displace the "geroncogenic risk" of BRCA carriers to the age typical for those without the mutation. The identification of the key nodes that directly communicate changes in cellular metabolism to the chromatin in BRCA haploinsufficient cells may allow the epigenetic targeting of genomic instability using exclusively metabolic means. The validation of accelerated geroncogenesis as an inherited "one-hit" metabolic "field effect" might offer new strategies to therapeutically revisit the apparently irreversible genetic-hereditary fate of women with hereditary breast-ovarian cancer syndrome.
doi:10.18632/oncotarget.7867 pmid:26943589 pmcid:PMC4914261 fatcat:c4mnkp24l5d7vmis7o2dq6e2pa

Analysis of update delays in signature-based network intrusion detection systems

Hugo Gascon, Agustin Orfila, Jorge Blasco
2011 Computers & security  
Network Intrusion Detection Systems (NIDS) play a fundamental role on security policy deployment and help organizations in protecting their assets from network attacks. Signature-based NIDS rely on a set of known patterns to match malicious traffic. Accordingly, they are unable to detect a specific attack until a specific signature for the corresponding vulnerability is created, tested, released and deployed. Although vital, the delay in the updating process of these systems has not been
more » ... in depth. This paper presents a comprehensive statistical analysis of this delay in relation to the vulnerability disclosure time, the updates of vulnerability detection systems (VDS), the software patching releases and the publication of exploits. The widely deployed NIDS Snort and its detection signatures release dates have been used. Results show that signature updates are typically available later than software patching releases. Moreover, Snort rules are generally released within the first 100 days from the vulnerability disclosure and most of the times exploits and the corresponding NIDS rules are published with little difference. Implications of these results are drawn in the context of security policy definition. This study can be easily kept up to date due to the methodology used.
doi:10.1016/j.cose.2011.08.010 fatcat:qzbxh3jvmjgbphddtxsrtslnde

Steganalysis of Hydan [chapter]

Jorge Blasco, Julio C. Hernandez-Castro, Juan M. E. Tapiador, Arturo Ribagorda, Miguel A. Orellana-Quiros
2009 IFIP Advances in Information and Communication Technology  
This is the accepted version of the paper. This version of the publication may differ from the final published version. Permanent repository link: Link to published version: http://dx. Abstract Hydan is a steganographic tool which can be used to hide any kind of information inside executable files. In this work, we present an efficient distinguisher for it: We have developed a system that is able to detect executable files with embedded information through
more » ... an. Our system uses statistical analysis of instruction set distribution to distinguish between files with no hidden information and files that have been modified with Hydan. We have tested our algorithm against a mix of clean and stego-executable files. The proposed distinguisher is able to tell apart these files with a 0 ratio of false positives and negatives, thus detecting all files with hidden information through Hydan.
doi:10.1007/978-3-642-01244-0_12 fatcat:n4iwx5fuljf2lj464xnnjvismq

On the Feasibility of Low-Cost Wearable Sensors for Multi-Modal Biometric Verification

Jorge Blasco, Pedro Peris-Lopez
2018 Sensors  
Biometric systems designed on wearable technology have substantial differences from traditional biometric systems. Due to their wearable nature, they generally capture noisier signals and can only be trained with signals belonging to the device user (biometric verification). In this article, we assess the feasibility of using low-cost wearable sensors—photoplethysmogram (PPG), electrocardiogram (ECG), accelerometer (ACC), and galvanic skin response (GSR)—for biometric verification. We present a
more » ... prototype, built with low-cost wearable sensors, that was used to capture data from 25 subjects while seated (at resting state), walking, and seated (after a gentle stroll). We used this data to evaluate how the different combinations of signals affected the biometric verification process. Our results showed that the low-cost sensors currently being embedded in many fitness bands and smart-watches can be combined to enable biometric verification. We report and compare the results obtained by all tested configurations. Our best configuration, which uses ECG, PPG and GSR, obtained 0.99 area under the curve and 0.02 equal error rate with only 60 s of training data. We have made our dataset public so that our work can be compared with proposals developed by other researchers.
doi:10.3390/s18092782 pmid:30149511 fatcat:gjzvvcz5mbgonaamhuddqx6ifi

Hindering data theft with encrypted data trees

Jorge Blasco, Juan E. Tapiador, Pedro Peris-Lopez, Guillermo Suarez-Tangil
2015 Journal of Systems and Software  
Data theft is a major threat for modern organizations with potentially large economic consequences. Although these attacks may well originate outside an organization's information systems, the attacker-or else an insider-must eventually make contact with the system where the information resides and extract it. In this work, we propose a scheme that hinders unauthorized data extraction by modifying the basic file system primitives used to access files. Intuitively, our proposal emulates the
more » ... s used to protect valuable items in certain clothing shopping centers, where shoplifting is prevented by forcing the thief to steal the whole rack of items. We achieve this by encrypting sensitive files using nonces (i.e., pseudorandom numbers used only once) as keys. Such nonces are available, also in encrypted form, in other objects of the file system. The system globally resembles a distributed Merkle hash tree, in such a way that getting access to a file requires previous access to a number of other files. This forces any potential attacker to extract not only the targeted sensitive information, but also all the files chained to it that are necessary to compute the associated key. Furthermore, our scheme incorporates a probabilistic rekeying mechanism to limit the damage that might be caused by patient extractors. We report experimental results measuring the time overhead introduced by our proposal and compare it with the effort an attacker would need to successfully extract information from the system. Our results show that the scheme increases substantially the effort required by an insider, while the introduced overhead is feasible for standard computing platforms.
doi:10.1016/j.jss.2014.11.050 fatcat:c4gl3vuxlzhytmkzvkhiy4nfma

Automated generation of colluding apps for experimental research

Jorge Blasco, Thomas M. Chen
2017 Journal in Computer Virology and Hacking Techniques  
Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of
more » ... colluding and noncolluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps.
doi:10.1007/s11416-017-0296-4 fatcat:hbxspcstsbhj3oacjywmg352v4
« Previous Showing results 1 — 15 out of 2,774 results