Abstract-Malicious shellcodes are segments of binary code disguised as normal input data. Such shellcodes can be injected into a target process's virtual memory. They overwrite the process's return addresses and hijack control flow. Detecting and filtering out such shellcodes is vital to prevent damage. In this paper, we propose a new malicious shellcode detection methodology in which we take snapshots of the process's virtual memory before input data are consumed, and feed the snapshots to a malicious shellcode detector. These snapshots are used to instantiate a runtime environment that emulates the target process's input data consumption to monitor shellcodes' behaviors. The snapshots can also be used to examine the system calls that shellcodes invoke, these system call parameters, and the process's execution flow. We implement a prototype system in Debian Linux with kernel version 2.6.26. Our extensive experiments with real traces and thousands of malicious shellcodes illustrate our system's performance with low overhead and few false negatives and few false positives.
Abstract-With smartphones' meteoric growth in recent years, leaking sensitive information from them has become an increasingly critical issue. Such sensitive information can originate from smartphones themselves (e.g., location information) or from many Internet sources (e.g., bank accounts, emails). While prior work has demonstrated information flow tracking's (IFT's) effectiveness at detecting information leakage from smartphones, it can only handle a limited number of sensitive information sources. This paper presents a novel IFT tagging strategy using differentiated and dynamic tagging. We partition information sources into differentiated classes and store them in fixed-length tags. We adjust tag structure based on time-varying received information sources. Our tagging strategy enables us to track at runtime numerous information sources in multiple classes and rapidly detect information leakage from any of these sources. We design and implement D2Taint, an IFT system using our tagging strategy on real-world smartphones. We experimentally evaluate D2Taint's effectiveness with 84 real-world applications downloaded from Google Play. D2Taint reports that over 80% of them leak data to third-party destinations; 14% leak highly sensitive data. Our experimental evaluation using a standard benchmark tool illustrates D2Taint's effectiveness at handling many information sources on smartphones with moderate runtime and space overhead.
The current 802.11i standard can provide data confidentiality, integrity and mutual authentication in enterprise Wireless Local Area Networks (WLANs). However, secure communication can only be provided after successful authentication and a robust security network association is established. In general, the wireless link layer is not protected by the current standard in WLANs, which leads to many possible attacks, especially in public open-access wireless networks. We argue that regardless of the type of network under consideration, link-layer protection and data confidentiality are of great importance in wireless applications. In this paper, we first identify and analyze the security issues ignored by the current 802.11 security standard. Then we propose our solution to patch the current 802.11i standard and address all those issues with a new dummy authentication key-establishment algorithm. Dummy means no real authentication for a user. In dummy authentication, we apply public-key cryptography's key-establishment technique to the 802.11 MAC protocol. Our solution can provide link-layer data encryption in open-access wireless networks, separate session encryption keys for different users, and protection for important frames such as management and null data frames as well as Extensible Authentication Protocol (EAP) messages.
Abstract. JavaScript (JS) based shellcode injections are among the most dangerous attacks to computer systems. Existing approaches have various limitations in detecting such attacks. In this paper, we propose a new detection methodology that overcomes these limitations by fully using JS code execution environment information. We leverage this information and create a virtual execution environment where shellcodes' real behavior can be precisely monitored and detection redundancy can be reduced. Following this methodology, we implement JSGuard, a prototype malicious JS code detection system in Debian Linux with kernel version 2.6.26. Our extensive experiments show that JSGuard reports very few false positives and false negatives with acceptable overhead.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.