445 Hits in 4.9 sec

Runtime Code Polymorphism as a Protection Against Side Channel Attacks [chapter]

Damien Couroussé, Thierno Barry, Bruno Robisson, Philippe Jaillon, Olivier Potin, Jean-Louis Lanet
2016 Lecture Notes in Computer Science  
Code polymorphism is defined as the ability to change the observable behaviour of a software component without changing its functional properties.  ...  We present a generic framework for runtime code polymorphism, applicable to a broad range of computing platforms including embedded systems with low computing resources (e.g. microcontrollers with few  ...  Conclusion We have presented a framework that achieves runtime code polymorphism as a generic protection against side channel attacks.  ... 
doi:10.1007/978-3-319-45931-8_9 fatcat:bcfriyt5szgrfn26t4vxg26hey

Automated Software Protection for the Masses Against Side-Channel Attacks

Nicolas Belleville, Damien Couroussé, Karine Heydemann, Henri-Pierre Charles
2018 ACM Transactions on Architecture and Code Optimization (TACO)  
We present an approach and a tool to answer the need for e ective, generic and easily applicable protections against side-channel attacks.  ...  Automated software protection for the masses against side-channel attacks.  ...  ACKNOWLEGEMENTS We thank Olivier Debicki for his fruitful help on the management of memory permissions, Philippe Jaillon for the preliminary discussions on attack paths on polymorphic implementations,  ... 
doi:10.1145/3281662 fatcat:ftmxm2xklvbfhjqr67oytzm2qi

COGITO: Code Polymorphism to Secure Devices

Damien Couroussé, Bruno Robisson, Jean-Louis Lanet, Thierno Barry, Hassan Noura, Philippe Jaillon, Philippe Lalevée
2014 Proceedings of the 11th International Conference on Security and Cryptography  
In this paper, we advocate the use of code polymorphism as an efficient means to improve security at several levels in electronic devices.  ...  We analyse the threats that polymorphism could help thwart, and present the solution that we plan to demonstrate in the scope of a collaborative research project called COGITO.  ...  We postulate that code polymorphism is able to provide an efficient solution as a general protection against 'first step' attacks.  ... 
doi:10.5220/0005113704510456 dblp:conf/secrypt/CourousseRLBNJL14 fatcat:r3echxnvz5hw7df3s3235xf56u

Compiler-based Techniques to Secure Cryptographic Embedded Software against Side Channel Attacks

Giovanni Agosta, Alessandro Barenghi, Gerardo Pelosi
2019 IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems  
Side-channel attacks are a concrete and practical threat to the security of computing systems, ranging from high performance platforms to embedded devices.  ...  We will dedicate a spotlight to a significant progress in the countermeasures techniques which is represented by the application of dynamic compilation techniques to prevent a side-channel attacker from  ...  a moving target to the side-channel attacker.  ... 
doi:10.1109/tcad.2019.2912924 fatcat:xifhtsgjzba3veg7m54zeyatjy

Automated instantiation of side-channel attacks countermeasures for software cipher implementations

Giovanni Agosta, Alessandro Barenghi, Gerardo Pelosi
2016 Proceedings of the ACM International Conference on Computing Frontiers - CF '16  
Side Channel Attacks (SCA) have proven to be a practical threat to the security of embedded systems, exploiting the information leakage coming from unintended channels concerning an implementation of a  ...  In this paper, we provide an overview of recent compiler-based techniques to protect software implementations against SCA, making them amenable to automated application in the development of secure-by-design  ...  Designing eff cient and effective countermeasures against side-channel attacks is a topic which has received warm attention by the research community.  ... 
doi:10.1145/2903150.2911707 dblp:conf/cd/AgostaBP16 fatcat:3yyn4t7srfhl5a27k7f66oglie

You Shall not Repackage! Demystifying Anti-Repackaging on Android [article]

Alessio Merlo, Antonio Ruggia, Luigi Sciolla, Luca Verderame
2020 arXiv   pre-print
Such controls activate in case of repackaging and lead the repackaged app to fail at runtime. On the other side, the attacker must detect and bypass the controls to repackage safely.  ...  The paper will also show a full-fledged attack to NRP, the only publicly-available anti repackaging tool to date.  ...  AppIS: Protect Android Apps Against Runtime Repackaging Attacks Protection scheme: Fig. 6 depicts the protection workflow of AppIS.  ... 
arXiv:2009.04718v2 fatcat:5yqqwtzr75addotc4h6zsnpgaa

Enhanced Obfuscation for Software Protection in Autonomous Vehicular Cloud Computing Platforms

Muhammad Hataba, Ahmed Sherif, Reem Elkhouly
2022 IEEE Access  
Our findings prove a considerable improvement over our previous technique, which may provide more defense against timing side-channels.  ...  Here, we focus on timing side-channel attacks which aim to leak information about running code, which can be utilized to reverse engineer the program itself.  ...  This makes our proposed mechanism a suitable for a heterogeneous platform such as the AVCC. 3) SIDE CHANNELS Side Channel Attacks (SCA) have been posing a great threat against different platforms and architectures  ... 
doi:10.1109/access.2022.3159249 fatcat:jncnl2ki7jdyhpa5lgxwyx7lli

Privacy-Preserving Genotype Imputation in a Trusted Execution Environment [article]

Natnatee Dokmai, Can Kockan, Kaiyuan Zhu, XiaoFeng Wang, S. Cenk Sahinalp, Hyunghoon Cho
2021 bioRxiv   pre-print
SMac achieves imputation accuracies virtually identical to those of Minimac and provides protection against known attacks on SGX while maintaining scalability to large datasets.  ...  Our solution features SMac, an efficient, side-channel-resilient imputation algorithm designed for Intel SGX, which employs the hidden Markov model (HMM)-based imputation strategy also utilized by a state-of-the-art  ...  Acknowledgements We thank Hongbo Chen and Weijie Liu for their comments on the known attack surfaces of SGX technology and mitigation strategies.  ... 
doi:10.1101/2021.02.02.429428 fatcat:aljbsfyv2vgahoesvouelvzgsu

Spin-Orbit Torque Devices for Hardware Security: From Deterministic to Probabilistic Regime [article]

Satwik Patnaik and Nikhil Rangarajan and Johann Knechtel and Ozgur Sinanoglu and Shaloo Rakheja
2019 arXiv   pre-print
Finally, we also discuss side-channel attacks and invasive monitoring, which are arguably even more concerning threats than SAT attacks.  ...  Protecting intellectual property (IP) has become a serious challenge for chip designers.  ...  side channel attacks.  ... 
arXiv:1904.00421v1 fatcat:7uke4ieylfcd3fxi5lg2k7egly

DOVE: A Data-Oblivious Virtual Environment [article]

Hyun Bin Lee
2021 arXiv   pre-print
However, this creates a trade-off between programming convenience versus the risk of attacks using microarchitectural side channels.  ...  This can even be done with applications coded in high-level languages with complex programming stacks such as R, Python, and Ruby.  ...  This provides a powerful strategy for protecting complex, high-level programming stacks against side channel attacks.  ... 
arXiv:2102.05195v1 fatcat:zuw4thcyjnbrxnqzv5plsprdlu

Toward Engineering a Secure Android Ecosystem

Meng Xu, Chenxiong Qian, Sangho Lee, Taesoo Kim, Chengyu Song, Yang Ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee
2016 ACM Computing Surveys  
Unfortunately, these properties also leave Android vulnerable, attracting attacks for profit or fun. To mitigate these threats, numerous issue-specific solutions have been proposed.  ...  Based on our collection of knowledge, we envision a blueprint for engineering a secure, next-generation Android ecosystem.  ...  SIDE CHANNELS AND COVERT CHANNELS All operating systems are subject to side-channel attacks as well as information leakage via covert channels, and Android is no exception.  ... 
doi:10.1145/2963145 fatcat:d5vhxpdywrevvbh4as6vvt576q

Comprehensive shellcode detection using runtime heuristics

Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos
2010 Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10  
A promising method for the detection of previously unknown code injection attacks is the identification of the shellcode that is part of the attack vector using payload execution.  ...  We have implemented our technique in Gene, a code injection attack detection system based on passive network monitoring.  ...  Gene, our prototype implementation of the proposed technique for the detection of server-side code injection attacks detected 116,513 attacks against production systems in a period of almost five months  ... 
doi:10.1145/1920261.1920305 dblp:conf/acsac/PolychronakisAM10 fatcat:a7ctpzkh65fxpprcalorhewrdq

Type-safe distributed programming for OCaml

John Billings, Peter Sewell, Mark Shinwell, Rok Strniša
2006 Proceedings of the 2006 workshop on ML - ML '06  
Existing ML-like languages guarantee type-safety, ensuring memory safety and protecting the invariants of abstract types, but only within single executions of single programs.  ...  by type-passing, requiring us to build compositional runtime type names and revisit the OCaml relaxed value restriction.  ...  Acknowledgements We acknowledge support from a Royal Society University Research Fellowship (Sewell), EPSRC grant GRT11715, and APPSEM 2.  ... 
doi:10.1145/1159876.1159881 dblp:conf/ml/BillingsSSS06 fatcat:gn5y6wjperc5jdzem77yuusuxq

Uncovering the Dilemmas on Antivirus Software Design in Modern Mobile Platforms [chapter]

Heqing Huang, Kai Chen, Peng Liu, Sencun Zhu, Dinghao Wu
2015 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
However, as mobile systems are specially designed, we consider that the power of AVDs' should also be evaluated based on their runtime malware detection capabilities.  ...  In this work, we performed a comprehensive study on ten popular Android AVDs to evaluate the effectiveness of their scanning operations.  ...  Side/timing channel issue [15] [24] [29] [6] [21] is also an active research aspect in both mobile and PC era.  ... 
doi:10.1007/978-3-319-23802-9_27 fatcat:o5htbkbwffh73hrcsa5ehk6qfq

Exploiting an antivirus interface

Kevin W. Hamlen, Vishwath Mohan, Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham
2009 Computer Standards & Interfaces  
We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces.  ...  Protecting against signature information leaks through covert channels is a more challenging problem.  ...  Polymorphic malware encrypts the majority of its code and data using a random key. This payload is then decrypted at runtime and executed.  ... 
doi:10.1016/j.csi.2009.04.004 fatcat:eyt7am33kbf27myws3mbfv7zwm
« Previous Showing results 1 — 15 out of 445 results