Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier

Bratus, Sergey; Darley, Trey; Locasto, Michael E.; Patterson, Meredith L.; Shapiro, Rebecca Bx; Shubina, Anna

doi:10.1109/msp.2014.1

Cited by 12 publications

(8 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The current measurements are out of the control of the attacker. The language of the protocol is context-free and thus can be verified using Languagetheoretic security approaches [4]. By verifying the parser, we have an assurance that even if the attacker compromises the machine, it cannot spread to POWERALERT.…”

Section: B Poweralert's Attack Surfacementioning

confidence: 99%

POWERALERT: Integrity Checking Using Power Measurement and a Game-Theoretic Strategy

Fawaz

Noureddine

Sanders³

2018

2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

We propose POWERALERT, an efficient external integrity checker for untrusted hosts. Current attestation systems suffer from shortcomings in requiring complete checksum of the code segment, being static, use of timing information sourced from the untrusted machine, or use of timing information with high error (network round trip time). We address those shortcomings by (1) using power measurements from the host to ensure that the checking code is executed and (2) checking a subset of the kernel space over a long period of time. We compare the power measurement against a learned power model of the execution of the machine and validate that the execution was not tampered. Finally, power diversifies the integrity checking program to prevent the attacker from adapting. We implement a prototype of POWERALERT using Raspberry pi and evaluate the performance of the integrity checking program generation. We model the interaction between POWERALERT and an attacker as a game. We study the effectiveness of the random initiation strategy in deterring the attacker. The study shows that POW-ERALERT forces the attacker to trade-off stealthiness for the risk of detection, while still maintaining an acceptable probability of detection given the long lifespan of stealthy attacks.

show abstract

Section: B Poweralert's Attack Surfacementioning

confidence: 99%

POWERALERT: Integrity Checking Using Power Measurement and a Game-Theoretic Strategy

Fawaz

Noureddine

Sanders³

2018

2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

show abstract

“…Protocols that have a context-sensitive grammar, e.g., include length fields, are more susceptible to the types of defects that can be found with fuzzing, whereas regular languages are easier to parse correctly (Bratus et al, 2014). Unfortunately, formal language theory is not likely to be within the skillset of developers performing threat modelling.…”

Section: Identifying Attack Surface Through Threat Modellingmentioning

confidence: 99%

Steps Towards Fuzz Testing in Agile Test Automation

Pietikäinen

Kettunen

Röning

2016

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

Including and automating secure software development activities into agile development processes is challenging. Fuzz testing is a practical method for finding vulnerabilities in software, but has some characteristics that do not directly map to existing processes. The main challenge is that fuzzing needs to continue to show value while requiring minimal effort. The authors present experiences and practical ways to utilize fuzzing in software development, and generic ways for developers to keep security in mind.

show abstract

“…Our presented approach shares the fundamental notion with existing work on Language-theoretic security (LangSec) [24] that shotgun parsers [1], [25] will not solve the input validation problem. In addition, we perceive that input handling does not stop after parsing but is a challenge when producing output as well.…”

Section: Related Workmentioning

confidence: 99%

“…books published by O'Reilly won't work in a SQL query. 1 package de.se_rwth.format; To bypass this limitation, escape sequences are used to encode control tokens within data tokens. As mentioned before, escape sequences are context-specific, and a context corresponds to a token in the language's grammar.…”

Section: Defining Correct Unparser and Encodermentioning

confidence: 99%

See 1 more Smart Citation

Towards More Security in Data Exchange: Defining Unparsers with Context-Sensitive Encoders for Context-Free Grammars

Hermerschmidt

Kugelmann

Rumpe

2015

2015 IEEE Security and Privacy Workshops

View full text Add to dashboard Cite

Abstract-To exchange complex data structures in distributed systems, documents written in context-free languages are exchanged among communicating parties.Unparsing these documents correctly is as important as parsing them correctly because errors during unparsing result in injection vulnerabilities such as cross-site scripting (XSS) and SQL injection. Injection attacks are not limited to the web world. Every program that uses input to produce documents in a context-free language may be vulnerable to this class of attack. Even for widely used languages such as HTML and JavaScript, there are few approaches that prevent injection attacks by context-sensitive encoding, and those approaches are tied to the language.Therefore, the aim of this paper is to derive context-sensitive encoder from context-free grammars to provide correct unparsing of maliciously crafted input data for all context-free languages. The presented solution integrates encoder definition into context-free grammars and provides a generator for context-sensitive encoders and decoders that are used during (un)parsing. This unparsing process results in documents where the input data does neither influence the structure of the document nor change their intended semantics. By defining encoding during language definition, developers who use the language are provided with a clean interface for writing and reading documents written in that language, without the need to care about security-relevant encoding.

show abstract

Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier

Cited by 12 publications

References 1 publication

POWERALERT: Integrity Checking Using Power Measurement and a Game-Theoretic Strategy

POWERALERT: Integrity Checking Using Power Measurement and a Game-Theoretic Strategy

Steps Towards Fuzz Testing in Agile Test Automation

Towards More Security in Data Exchange: Defining Unparsers with Context-Sensitive Encoders for Context-Free Grammars

Contact Info

Product

Resources

About