Preview: IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
The IEEE Transactions on Dependable and Secure Computing is a new quarterly that will publish archival research results focusing on research into foundations, methodologies, and mechanisms that support the achievement_through design, modeling, and evaluat
Published: Mon, 3 Nov 2014 15:36:00 GMT
PrePrint: On the Security of a Privacy-Preserving Product Calculation Scheme
Recently, Jung and Li  propose a highly efficient privacy-preserving product calculation scheme without requiring secure communication channels. Then, they present secure approaches to solve several application problems using the product calculation protocol. In this work, we observe several security flaws in their privacy-preserving product calculation scheme and some application protocols. We show the security vulnerabilities will result in the disclosure of private data. In two application protocols, almost all the private numbers will be revealed. We further suggest solutions to fix the security problems.
PrePrint: Marlin: Mitigating code reuse attacks using code randomization
Code-reuse attacks, such as return-oriented programming (ROP), are a class of buffer overflow attacks that repurpose existing executable code towards malicious purposes. These attacks bypass defenses against code injection attacks by chaining together sequence of instructions, commonly known as gadgets, to execute the desired attack logic. A common feature of these attacks is the reliance on the knowledge of memory layout of the executable code. We propose a fine grained randomization based approach that breaks these assumptions by modifying the layout of the executable code and hinders code-reuse attack. Our solution, Marlin, randomizes the internal structure of the executable code by randomly shuffling the function blocks in the target binary. This denies the attacker the necessary a priori knowledge of instruction addresses for constructing the desired exploit payload. Our approach can be applied to any ELF binary and every execution of this binary uses a different randomization. We have integrated Marlin into the bash shell that randomizes the target executable before launching it. Our work shows that such an approach incurs low overhead and significantly increases the level of security against code-reuse based attacks.
PrePrint: Invalidating Idealized BGP Security Proposals and Countermeasures
Border Gateway Protocol (BGP) is vulnerable to routing attacks because of the lack of inherent verification mechanism. Several secure BGP schemes have been proposed to prevent routing attacks by leveraging cryptographic verification of BGP routing updates. In this paper, we present a new type of attacks, called TIGER, which aims to invalidate the “proven” security of these secure BGP schemes and allow ASes to announce forged routes even under full deployment of any existing secure BGP proposal. By launching TIGER attacks, malicious ASes can easily generate and announce forged routes which can be successfully verified by the existing secure BGP schemes. Furthermore, TIGER attacks can evade existing routing anomaly detection schemes by guaranteeing routing data-plane availability and consistency of control- and data-plane. Toward a new securing BGP scheme, we propose Anti- TIGER to detect and defend against TIGER attacks. Anti-TIGER enables robust TIGER detection by collaborations between ASes. In particular, we leverage Spread Spectrum Communication technique to watermark certain special probing packets, which manifest the existence of TIGER attacks. Anti-TIGER does not require any modifications in routing data-plane, therefore it is easy to deploy and incrementally deployable. We evaluate the effectiveness of TIGER and Anti-TIGER by experiments with real AS topologies of the Internet. Our experiment results show that TIGER attacks can successfully hijack a considerable number of prefixes. In the meanwhile, Anti-TIGER can achieve 100% detection ratio of TIGER attacks.
PrePrint: Fault Injection in Virtualized Systems - Challenges and Applications
We analyze the interaction between system virtualization and fault injection: (i) use of virtualization to facilitate fault injection into non-virtualized systems, and (ii) use of fault injection to evaluate the dependability of virtualized systems. We explore the benefits of using virtualization for fault injection and discuss the challenges of implementing fault injection in virtualized systems along with resolutions to those challenges. For experimental evaluation, we use a test platform that consists of the Gigan fault injector, that we have developed, with the Xen Virtual Machine Monitor. We evaluate the degree to which fault injection results obtained from running the target system in a virtual machine are comparable to running the target system on bare hardware. We compare results when injection is done from within the target system vs. from the hosting hypervisor. We evaluate the performance benefits of leveraging system virtualization for fault injection. Finally, we demonstrate the capabilities of our injector and highlight the benefits of leveraging system virtualization for fault injection by describing deployments of Gigan to evaluate both non-virtualized and virtualized systems.
PrePrint: Time-Delayed Broadcasting for Defeating Inside Jammers
We address the problem of jamming-resistant broadcast communications under an internal threat model. We propose a timedelayed broadcast scheme (TDBS), which implements the broadcast operation as a series of unicast transmissions distributed in frequency and time. TDBS does not rely on commonly shared secrets, or the existence of jamming-immune control channels for coordinating broadcasts. Instead, each node follows a unique pseudo-noise (PN) frequency hopping sequence. Contrary to conventional PN sequences designed for multi-access systems, the PN sequences in TDBS exhibit correlation to enable broadcast. Moreover, they are designed to limit the information leakage due to the exposure of a subset of sequences by compromised nodes. We map the problem of constructing such PN sequences to the 1-factorization problem for complete graphs. We further accommodate dynamic broadcast groups by mapping the problem of updating the assigned PN sequences to the problem of constructing rainbow paths in proper edge-colored graphs.
PrePrint: An OS-level Framework for Anomaly Detection in Complex Software Systems
Revealing anomalies at the operating system (OS) level to support online diagnosis activities of complex software systems is a promising approach when traditional detection mechanisms (e.g., based on event logs, probes and heartbeats) are inadequate or cannot be applied. In this paper we propose a configurable detection framework to reveal anomalies in the OS behavior, related to system misbehaviors. The detector is based on online statistical analyses techniques, and it is designed for systems that operate under variable and non-stationary conditions. The framework is evaluated to detect the activation of software faults in a complex distributed system for Air Traffic Management (ATM). Results of experiments with two different OSs, namely Linux Red Hat EL5 and Windows Server 2008, show that the detector is effective for mission-critical systems. The framework can be configured to select the monitored indicators so as to tune the level of intrusivity. A sensitivity analysis of the detector parameters is carried out to show their impact on the performance and to give to practitioners guidelines for its field tuning.
PrePrint: A Reliability Improvement Method for SOA-Based Applications
As SOA gains more traction through various implementations, building reliable service compositions remains one of the principal research concerns. Widely researched reliability assurance methods, often rely on applying redundancy or complex optimization strategies that can make them less applicable when it comes to designing service compositions on a larger scale. To address this issue, we propose a design time reliability improvement method that enables selective service composition improvements by focusing on the most reliability-critical workflow components, named weak points. With the aim of detecting most significant weak points, we introduce a method based on a suite of recommendation algorithms that leverage a belief network reliability model. The method is made scalable by using heuristic algorithms that achieve better computational performance at the cost of recommendation accuracy. Although less accurate heuristic algorithms on average require more improvement steps, they can achieve better overall performance in cases when the additional step-wise overhead of applying improvements is low. We confirm the soundness of the proposed solution by performing experiments on data sets of randomly generated service compositions.
PrePrint: VM-μCheckpoint: Design, Modeling, and Assessment of Lightweight In-Memory VM Checkpointing
Checkpointing and rollback techniques enhance reliability and availability of virtual machines and their hosted IT services. This paper proposes VM-μCheckpoint, a lightweight pure-software mechanism for high-frequency checkpointing and rapid recovery for VMs. Compared with existing techniques of VM checkpointing, VM-μCheckpoint tries to minimize checkpoint overhead and speed up recovery by means of copy-on-write, dirty-page prediction and in-place recovery, as well as saving incremental checkpoints in volatile memory. Moreover, VM- μCheckpoint deals with the issue that latency in error detection potentially results in corrupted checkpoints, particularly when checkpointing frequency is high. We also constructed Markov models to study the availability improvements provided by VM-μCheckpoint (from 99% to 99.98% on reasonably reliable hypervisors). We designed and implemented VM-μCheckpoint in the Xen VMM. The evaluation results demonstrate that VM-μCheckpoint incurs an average of 6.3% overhead (in terms of program execution time) for 50ms checkpoint intervals when executing the SPEC CINT 2006 benchmark. Error injection experiments demonstrate that VM-μCheckpoint, combined with error detection techniques in RMK, provides high coverage of recovery.
PrePrint: Risk Aware Query Replacement Approach For Secure Databases Performance Management.
Large amount of data and increased de- mand to extract, analyze and derive knowledge from data are impairing nowadays performance of enterprise mission- critical systems such as databases. For databases, the chal- lenging problem is to manage complex and sometimes non- optimized queries executed on enormous datasets stored across several tables. This generally results in increased query response time and loss of employees productivity. In this paper, we investigate the problem of enterprise computing resources availability. Our goal is to minimize performance degradation arising from resource intensive queries. We propose a risk aware approach that decou- ples the process of analyzing resource requirements of sql queries from their execution. We leverage XACML to con- trol users' requests and to monitor database loads. This allows us to adjust available resources in a database sys- tem to computing resource needs of queries. A query can therefore run in a database if it does not severely impact the performance of the database. Otherwise, we propose to the requester a replacement query denoted what-if-query. Such query proposes results that are similar to the results of the requester's query, is secure and provides acceptable answers when it executes without compromising the per- formance of the database.