Zhisheng Hu,Ping Chen,Yang Lu,Minghui Zhu,Peng Liu

DOI: https://doi.org/10.1109/cic.2016.027

2016-01-01

Abstract:Suffering from the big "hit" by the Heartbleed attack, the society has learned one hard lesson, namely, the severity of zero-day continuous buffer over-read attacks. According to a survey on Heartbleed, 24-55% of HTTPS servers in the Alexa Top 1 Million were initially vulnerable to Heartbleed, including 44 of the Alexa Top 100. The Heartbleed attack is continuous buffer over-read: it usually lasts several hours, involving hundreds of thousands of probing (buffer over-read) requests. In most cases, a short period of time is insufficient for the attacker to achieve his/her goal. This paper presents our recent work on the development of adaptive defense systems which can practically defend against zero-day continuous buffer over-read attacks; i.e., Heartbleed-like attacks and data structure manipulation attacks, and meanwhile whose cost-effectiveness is mathematically provable.

Zili Shao,Chun Jason Xue,Qingfeng Zhuge,Edwin H.‐M. Sha,Bin Xiao

DOI: https://doi.org/10.1109/itcc.2004.1286489

2004-01-01

Abstract:With more embedded systems networked, it becomes an important research problem to effectively defend embedded systems against buffer overflow attacks and efficiently check if systems have been protected. In this paper, we propose the HSDefender (hardware/software Defender) technique that considers the protection and checking together to solve this problem. Our basic idea is to design a secure instruction set and require third-party software developers to use secure instructions to call functions. Then the security checking can be easily performed by system integrators even without the knowledge of the source code. We first classify buffer overflow attacks into two categories, stack smashing attacks and function pointer attacks, and then provide two corresponding defending strategies. We analyze the HSDefender technique in respect of hardware cost, security, and performance, and experiment with it on the SimpleScalar/ARM simulator using benchmarks from MiBench. The results show that HSDefender can defend a system against more types of buffer overflow attacks with less overhead compared with the previous work.

Yue Zhuo,Zhiqiang Ge

DOI: https://doi.org/10.1109/tii.2021.3103765

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recently, data-driven industrial monitoring systems have been rapidly developed and significantly improved the performance on industrial monitoring tasks. However, the widely deployed data-driven models expose industrial data to more unsecured links, which significantly increase the safety risk of safe-critical industrial systems. The research about adversarial attacks has shown that the potential attackers can utilize tiny crafted perturbations on the input data to mislead the machine learning models’ output. In this article, a novel cross-domain data protection scheme named “Data Guardian” is proposed to authenticate and correct industrial data under potential attacks on data-driven monitoring systems. “Data Guardian” embeds designed redundancy information into the data least significant bits, based on $q$ -ary low-density parity-check (LDPC) codes over the Galois field (finite field). The data are encoded at the secured industrial sites and then decoded before being input into the monitoring systems, in which the security risk is usually higher. The decoding capability of $q$ -ary LDPC codes is improved by the data statistical characteristics, with a new proposed prior estimation method. In the experiments, “Data Guardian” is tested under the attacks to the fault diagnosis models on the Tennessee Eastman process and rolling element bearing from Case Western Reserve University. The results show that “Data Guardian” can efficiently reduce the success rate of adversarial attacks, especially when the attack variable ratio is small.

Bowen Xu,Mengxiang Liu,Rui Zhong,Ke Zuo,Ruilong Deng

DOI: https://doi.org/10.1109/tii.2024.3457037

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:In recent years, numerous studies have explored how to allocate limited defense resource among meters to increase difficulties for launching attacks in power systems. However, existing studies often simplify this problem by assuming the linearity of attack cost functions, which creates an inevitable gap between theoretical analysis and practical scenarios. In this article, general nonlinear attack cost functions are considered in the formulation of the optimal defense resource problem, resulting in a mixed-integer nonlinear programming problem. This poses a challenging task for numerical methods or popular commercial solvers. To address this issue, an advanced slime mould algorithm with specialized initialization and evolutionary schemes is proposed. Specifically, a customized initialization strategy is designed such that the population can be easily initialized within the nonconvex feasible region aligning with the nonlinear constraints. Besides, in the evolutionary process, the fitness function is well-designed to encourage the individuals violating nonlinear constraints to evolve toward feasible directions. Comprehensive case studies verify that, compared to the state-of-the-art solvers, the proposed approach can achieve satisfactory defense resource allocation results in terms of feasibility, optimality, and real-time performance.

Xiaoguang Wang,Yong Qi,Chi Zhang,Saiyu Qi,Peijian Wang

DOI: https://doi.org/10.1109/COMPSAC.2017.206

2017-01-01

Abstract:Software memory disclosure attacks, such as buffer over-read, often work quietly and would cause secret data leakage. The well-known OpenSSL Heartbleed vulnerability leaked out millions of servers' private keys, which caused most of the Internet services insecure at that time. Existing solutions are either hard to apply to large code bases (e.g., through formal verification [20] or symbolic execution [8] on program code), or too heavyweight (e.g., by involving a hypervisor software [23], [24] or a modified operating system kernel [17]). In this paper, we propose SecretSafe, a lightweight and easy-to-use system which leverages the traditional x86 segmentation mechanism to isolate the application secrets from the remaining data. Software developers could prevent the secrets from being leaked out by simply declaring the secret variables with SECURE keyword. Our customized compiler will automatically separate the secrets from the remaining non-secret data with an isolated memory segment. Any legal instructions that have to access the secrets will be automatically instrumented to enable accesses to the isolated segment. We have implemented a SecretSafe prototype with the open source LLVM compiler framework. The evaluation shows that SecretSafe is both secure and efficient.

Zili Shao,Chun Xue,Qingfeng Zhuge,Meikang Qiu,Bin Xiao,Edwin H. -M. Sha

DOI: https://doi.org/10.1109/TC.2006.59

IF: 3.183

2006-01-01

IEEE Transactions on Computers

Abstract:With more embedded systems networked, it becomes an important problem to effectively defend embedded systems against buffer overflow attacks. Due to the increasing complexity and strict requirements, off-the-shelf software components are widely used in embedded systems, especially for military and other critical applications. Therefore, in addition to effective protection, we also need to provide an approach for system integrators to efficiently check whether software components have been protected. In this paper, we propose the HSDefender (Hardware/Software Defender) technique to perform protection and checking together. Our basic idea is to design secure call instructions so systems can be secured and checking can be easily performed. In the paper, we classify buffer overflow attacks into two categories and provide two corresponding defending strategies. We analyze the HSDefender technique with respect to hardware cost, security, and performance. We experiment with our HSDefender technique on the simplescalar/ARM simulator with benchmarks from MiBench, an embedded benchmark suite. The results show that our HSDefender technique can defend a system against more types of buffer overflow attacks with less overhead compared with the previous work.

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Zhen Han,Wei Wang,Changyun Wen,Lei Wang

DOI: https://doi.org/10.1109/tii.2024.3393142

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:This article focuses on the distributed adaptive consensus control problem for nonlinear systems with unknown parameters and denial-of-service (DoS) attacks. The communication channels among subsystems are directed and DoS attacks are executed on subsystems to jam the communication transmission. Besides, only part of these subsystems can access states of the desired reference system. To actively alleviate attack effects on the consensus performance, a distributed adaptive consensus control scheme with an active-defense mechanism is proposed. The active-defense mechanism consists of an attack-detection algorithm and a switching strategy. The distributed adaptive consensus controller is designed with normalized damping terms in control inputs and parameter update laws. In the presence of DoS attacks, a stability condition is derived based on the designed control scheme, which guarantees that the consensus errors are globally uniformly bounded under arbitrary switching dwell-time. Experimental results are provided to validate the effectiveness of the proposed control scheme with the active-defense mechanism.

Fan Zhang,Yiran Zhang,Shengwen Shi,Shize Guo,Ziyuan Liang,Samiya Qureshi,Congyuan Xu

DOI: https://doi.org/10.1109/PADSW.2018.8644906

2018-01-01

Abstract:An optimized lightweight Hardware Trojan (HT)based fault attack is proposed, especially for those resource-constrained environments such as IoT networks. Firstly, Algebraic fault analysis (AFA)is introduced to evaluate different fault models and search for the optimal one. Next, considering the limited resource, a lightweight HT is carefully designed which only flips one bit of the circuit in IoT device. Finally, AFA is applied again to exploit the fault and recover the secret key. An illustrative attack is demonstrated on DES implemented on an FPGA platform, SASEBO-GII. This paper shows that, for single bit fault injection at different rounds or different indexes in the same round, the reduced key search space of DES varies. The proposed technique can search for the optimal fault model, guide the lightweight Hardware Trojan design and automatically recover the secret key. Only one fault is required to recover the secret key of DES, which improves the stealthiness of the designed Hardware Trojan in IoT networks. The entire attack framework can also be applied to other block ciphers such as AES and PRESENT.

Qiang Zeng,Mingyi Zhao,Peng Liu

DOI: https://doi.org/10.1109/dsn.2015.54

2015-06-01

Abstract:For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named HeapTherapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in realtime. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated HeapTherapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006); it incurs a very low average overhead in terms of both speed (6.2%) and memory (7.7%).

Ping Chen,Zhisheng Hu,Jun Xu,Minghui Zhu,Peng Liu

DOI: https://doi.org/10.1186/s42400-018-0003-x

2018-01-01

Abstract:In the wake of the research community gaining deep understanding about control-hijacking attacks, data-oriented attacks have emerged. Among data-oriented attacks, data structure manipulation attack (DSMA) is a major category. Pioneering research was conducted and shows that DSMA is able to circumvent the most effective defenses against control-hijacking attacks - DEP, ASLR and CFI. Up to this day, only two defense techniques have demonstrated their effectiveness: Data Flow Integrity (DFI) and Data Structure Layout Randomization (DSLR). However, DFI has high performance overhead, and dynamic DSLR has two main limitations. L-1: Randomizing a large set of data structures will significantly affect the performance. L-2: To be practical, only a fixed sub-set of data structures are randomized. In the case that the data structures targeted by an attack are not covered, dynamic DSLR is essentially noneffective.To address these two limitations, we propose a novel technique, feedback-control-based adaptive DSLR and build a system named SALADSPlus. SALADSPlus seeks to optimize the trade-off between security and cost through feedback control. Using a novel feedback-control-based adaptive algorithm extended from the Upper Confidence Bound (UCB) algorithm, the defender (controller) uses the feedbacks (cost-effectiveness) from previous randomization cycles to adaptively choose the set of data structures to randomize (the next action). Different from dynamic DSLR, the set of randomized data structures are adaptively changed based on the feedbacks. To obtain the feedbacks, SALADSPlus inserts canary in each data structure at the time of compilation. We have implemented SALADSPlus based on gcc-4.5.0. Experimental results show that the runtime overheads are 1.8%, 3.7%, and 5.3% when the randomization cycles are selected as 10s, 5s, and 1s respectively.

Liguo Dong,Xinliang Ye,Libin Zhuang,Ruidian Zhan,M. Shamim Hossain

DOI: https://doi.org/10.1111/exsy.13664

IF: 3.3

2024-06-27

Expert Systems

Abstract:The threat of side‐channel attacks poses a significant risk to the security of cryptographic algorithms. To counter this threat, we have designed an AES system capable of defending against such attacks, supporting AES‐128, AES‐192, and AES‐256 encryption standards. In our system, the CPU oversees the AES hardware via the AHB bus and employs true random number generation to provide secure random inputs for computations. The hardware implementation of the AES S‐box utilizes complex domain inversion techniques, while intermediate data is shielded using full‐time masking. Furthermore, the system incorporates double‐path error detection mechanisms to thwart fault propagation. Our results demonstrate that the system effectively conceals key power information, providing robust resistance against CPA attacks, and is capable of detecting injected faults, thereby mitigating fault‐based attacks.

computer science, artificial intelligence, theory & methods

Depeng Liu,Lutan Zhao,Pengfei Yang,Bow-Yaw Wang,Rui Hou,Lijun Zhang,Naijun Zhan

DOI: https://doi.org/10.48550/arXiv.2206.00279

2022-06-01

Abstract:The saturating counter is the basic module of the dynamic branch predictor, which involves the core technique to improve instruction level parallelism performance in modern processors. However, most studies focus on the performance improvement and hardware consumption of saturating counters, while ignoring the security problems they may cause. In this paper, we creatively propose to study and design saturating counters from the defense perspective of differential privacy, so that attackers cannot distinguish the states that saturating counters are in and further infer sensitive information. To obtain theoretical guarantees, we use Markov chain to formalize the attack algorithm applied to the saturating counter, investigate into the optimal attack strategy and calculate the probability of successful attack. Furthermore, we find that the attacker is able to accurately guess the branch execution of the victim's process in the existing saturating counters. To avoid this, we design a new probabilistic saturating counter, which generalizes the existing conventional and probabilistic saturating counters. The guarantee of differential privacy is applied to deduce parameters of the new saturating counters so that the security requirement can be satisfied. We also theoretically calculate the misprediction rate when the saturating counter reaches the steady state. The experimental results on testing programs show that the calculated theoretical results agree with the experimental performances. Compared with the existing conventional and probabilistic saturating counters, when the parameters of our designed models are selected appropriately, the new saturating counters can not only ensure similar operational performance, but also establish strict security guarantee.

Cryptography and Security,Formal Languages and Automata Theory

Shin-Jer Yang,Hsiao-Ling Huang

DOI: https://doi.org/10.1109/icis46139.2019.8940313

2019-06-01

Abstract:Cloud computing is integrated lots of computing resources which are provided to users over the Internet on a Pay-As-You-Go mode. While multi-tenants and resources sharing are its advantages under the cloud computing environment, it also brings new risks in information security. One of the more difficult consequences of an attack is a flooding attack. This attack is to exhaust the network bandwidth and the computing resources of the server, causing the server to fail to provide services due to heavy workload and may affect the normal service. Other servers in the same infrastructure cause unpredictable losses. Based on the existing DDoS detection technology, this paper proposes a prevention mechanism based on feature selection and random forest classification models to detect hybrid flooding attacks, called HFADS. The HFADS scheme is mainly divided into three modules: (1) Resource Monitor Module (2) Data Features Selection Module (3) Machine Learning Evaluation Module. Based on the above three modules, we perform some simulations for HFADS to be compared with Mouhammd Alkasassbeh et al.'s method to detect flooding attacks of DDoS in terms of three KPIs including recall rate, accuracy rate and average processing time. The final experimental results indicate that HFADS can achieve 99.99% for UDP, 99.95% for ICMP and 99.99% for HTTP in recall rate, 99.98% in accuracy rate and 65.34 seconds in average processing time. Consequently, the proposed HFADS is more effective and efficient than Mouhammd Alkasassbeh et al.'s method for the identification of hybrid flooding attacks.

Hao Liu,Yuzhe Li,Qing-Long Han,Tarek Rassi,Tarek Ra

DOI: https://doi.org/10.1109/tac.2022.3184396

IF: 6.549

2022-01-01

IEEE Transactions on Automatic Control

Abstract:In this article, a novel proactive attack defense strategy is proposed to deal with the secure remote estimation issue in cyber-physical systems with unknown-but-bounded noises in the presence of man-in-the-middle attacks. It is assumed that the residue calculated by the smart sensor is sent to the remote estimator and the abnormal intrusion detector via a wireless network, and the watermark is assumed to belong to a zonotope. In order to guarantee the detection rate, the data processes and the watermark are time-varying and secret to an adversary. Moreover, the effect on system performance caused by the watermark can be removed when the system is attack free. Furthermore, four different attack scenarios are discussed to analyze the detection ability of the proposed defense approach, and the designed strategy can be applied to detect replay attacks. Finally, an unmanned aircraft system subject to malicious attacks is leveraged to illustrate the effectiveness of the proposed proactive defense strategy.

automation & control systems,engineering, electrical & electronic

Bo Mei,Zhengbin Zhu,Peijie Li,Bo Zhao

DOI: https://doi.org/10.1049/2024/2023349

2024-04-12

IET Information Security

Abstract:System on Wafer (SoW) based on chiplets may be implanted with hardware Trojans (HTs) by untrustworthy third-party chiplet vendors. However, traditional HTs protection techniques cannot guarantee complete protection against HTs, which poses a great challenge to the hardware security of SoW. In this paper, we propose a computing architecture based on endogenous security theory—dynamic heterogeneous redundant computing architecture (DHRCA) that can tolerate and detect HTs at runtime. The security of our approach is analyzed by building a generalized stochastic coloring petri net (GSCPN) model of DHRCA. The simulation results based on the GSCPN model show that our method can improve the system security probability to 0.8690 and the system availability probability to 0.9750 in the steady state compared with typical triple-mode redundancy and runtime monitoring methods. Furthermore, the impact of different attack and defense strategies on system security of different methods is simulated and analyzed in this paper.

computer science, information systems, theory & methods

Wei Jiang

2002-01-01

Abstract:Buffer overflow attacking is a seriously problem in network security. The paper analyses deeply the principle and possible of buffer overflow attacking. At last propose the method to defense buffer overflow attacking in writing programmer.

Gregory Levitin,Kjell Hausken

DOI: https://doi.org/10.1016/j.ress.2010.01.007

IF: 7.247

2010-01-01

Reliability Engineering & System Safety

Abstract:The article considers defense resource allocation in a system exposed to external intentional attack. The defender distributes its resource between deploying redundant elements and their protection from attacks. The attacker observes all the elements and tries to detect the unprotected elements. All the detected unprotected elements are destroyed with negligible effort. The attacker then distributes its effort evenly among all of the undetected elements or among elements from a chosen subset of undetected elements. The vulnerability of each element is determined by an attacker–defender contest success function depending on the resources allocated to protection and attack efforts and on the contest intensity. The expected damage caused by the attack is evaluated as system unsupplied demand. The article studies the influence of the unprotected elements’ detection probability on the optimal resource distribution.

Ping Chen,Jin Wei,Jiwei Chen,Zhuyang Yu

DOI: https://doi.org/10.1051/sands/2024015

2024-01-01

Security and Safety

Abstract:As modern systems widely deploy protective measures for control data in memory, such as Control-Flow Integrity (CFI), attackers’ ability to manipulate control data is greatly restricted. Consequently, attackers are turning to opportunities to manipulate non-control data in memory (known as Data-Oriented Attacks, or DOAs), which have been proven to pose significant security threats to memory. However, existing techniques to mitigate DOAs often introduce significant overhead due to the indiscriminate protection of a large range of data objects. To address this challenge, this paper adopts a Cyberspace Mimic Defense (CMD) strategy, a generic framework for addressing endogenous security vulnerabilities, to prevent attackers from executing DOAs using known or unknown security flaws. Specifically, we introduce a formalized expression algorithm that assesses whether DOA-attackers can construct inputs to exploit vulnerability points. Building on this, we devise a key-area CMD strategy that modifies the code pathway from input to the vulnerability point, thereby effectively thwarting the activation of the vulnerability. Finally, our simulation experiments demonstrate that the key-area CMD strategy can effectively prevent DOAs by selectively diversifying parts of the program code.

Die Chen,Maochao Xu,Weidong Shi

DOI: https://doi.org/10.1016/j.ress.2017.08.021

IF: 7.247

2017-01-01

Reliability Engineering & System Safety

Abstract:Due to the increasing reliance on networks, defending a cyber system is of vital importance. In this paper, we consider an important mechanism of early warning for defending a cyber system that has become a key component of constructing network defense in practice. We study the reliability of a system under attack from single or multiple sources. In particular, we discuss the effect of an early warning mechanism on the system reliability. We then propose the optimal strategy for defending a cyber system with early warning components in the worst attack scenario. The theoretical results are further validated by simulation evidence. (C) 2017 Elsevier Ltd. All rights reserved.