Memory-unsafe programming languages,such as C/C++,are often used to develop system programs,rendering the programs susceptible to a variety of memory corruption attacks.Among these threats,just-in-time return-oriented...Memory-unsafe programming languages,such as C/C++,are often used to develop system programs,rendering the programs susceptible to a variety of memory corruption attacks.Among these threats,just-in-time return-oriented programming(JIT-ROP)stands out as an advanced method for conducting code-reuse attacks,effectively circumventing code randomization safeguards.JIT-ROP leverages memory disclosure vulnerabilities to obtain reusable code fragments dynamically and assemble malicious payloads dynamically.In response to JIT-ROP attacks,several re-randomization implementations have been developed to prevent the use of disclosed code.However,existing re-randomization methods require recurrent re-randomization during program runtime according to fixed time windows or specific events such as system calls,incurring significant runtime overhead.In this paper,we present the design and implementation of PtrProxy,an efficient re-randomization approach on the AArch64 platform.Unlike previous methods that necessitate frequent runtime rerandomization or reply on unreliable triggering conditions,this approach triggers the re-randomization process by detecting the code page harvest operation,which is a fundamental operation of the JIT-ROP at-tacks,making our method more efficient and reliable than previous approaches.We evaluate PtrProxy on benchmarks and real-world applications.The evaluation results show that our approach can effectively protect programs from JIT-ROP attacks while introducing marginal runtime overhead.展开更多
Control flow integrity(CFI)plays an important role in defending against code reuse attacks(CRA).It protects the program’s control flow from being hijacked by restricting control flow transfers during execution.Specif...Control flow integrity(CFI)plays an important role in defending against code reuse attacks(CRA).It protects the program’s control flow from being hijacked by restricting control flow transfers during execution.Specifically,backward-edge CFI safeguards return addresses to mitigate Return-Oriented Programming(ROP)attacks.In this work,we implement a backward-edge CFI mechanism that employs the Advanced Encryption Standard(AES)for cryptographic protection of return addresses.We utilize the gem5 simulator for architectural modeling and evaluation.Additionally,we design a dedicated AES hardware accelerator and integrate it into the system through gem5+RTL co-simulation.The AES accelerator is synthesized under TSMC 28 nm technology,which can work at 1GHz,with an area of 10045μm2 and a power consumption of 1.31 mW.Experimental results indicate that the performance overhead of the backward-edge CFI scheme is less than 0.1%.展开更多
Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer...Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community.This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges.In particular,the review covers eight computer security problems being solved by applications of Deep Learning:security-oriented program analysis,defending return-oriented programming(ROP)attacks,achieving control-flow integrity(CFI),defending network attacks,malware classification,system-event-based anomaly detection,memory forensics,and fuzzing for software security.展开更多
In recent years,deep learning gained proliferating popularity in the cybersecurity application domain,since when being compared to traditional machine learning methods,it usually involves less human efforts,produces b...In recent years,deep learning gained proliferating popularity in the cybersecurity application domain,since when being compared to traditional machine learning methods,it usually involves less human efforts,produces better results,and provides better generalizability.However,the imbalanced data issue is very common in cybersecurity,which can substantially deteriorate the performance of the deep learning models.This paper introduces a transfer learning based method to tackle the imbalanced data issue in cybersecurity using return-oriented programming payload detection as a case study.We achieved 0.0290 average false positive rate,0.9705 average F1 score and 0.9521 average detection rate on 3 different target domain programs using 2 different source domain programs,with 0 benign training data sample in the target domain.The performance improvement compared to the baseline is a trade-off between false positive rate and detection rate.Using our approach,the total number of false positives is reduced by 23.16%,and as a trade-off,the number of detected malicious samples decreases by 0.68%.展开更多
Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer...Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community.This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges.In particular,the review covers eight computer security problems being solved by applications of Deep Learning:security-oriented program analysis,defending return-oriented programming(ROP)attacks,achieving control-flow integrity(CFI),defending network attacks,malware classification,system-event-based anomaly detection,memory forensics,and fuzzing for software security.展开更多
基金supported in part by the National Natural Science Foundation of China(62272351,61972297,62172308).
文摘Memory-unsafe programming languages,such as C/C++,are often used to develop system programs,rendering the programs susceptible to a variety of memory corruption attacks.Among these threats,just-in-time return-oriented programming(JIT-ROP)stands out as an advanced method for conducting code-reuse attacks,effectively circumventing code randomization safeguards.JIT-ROP leverages memory disclosure vulnerabilities to obtain reusable code fragments dynamically and assemble malicious payloads dynamically.In response to JIT-ROP attacks,several re-randomization implementations have been developed to prevent the use of disclosed code.However,existing re-randomization methods require recurrent re-randomization during program runtime according to fixed time windows or specific events such as system calls,incurring significant runtime overhead.In this paper,we present the design and implementation of PtrProxy,an efficient re-randomization approach on the AArch64 platform.Unlike previous methods that necessitate frequent runtime rerandomization or reply on unreliable triggering conditions,this approach triggers the re-randomization process by detecting the code page harvest operation,which is a fundamental operation of the JIT-ROP at-tacks,making our method more efficient and reliable than previous approaches.We evaluate PtrProxy on benchmarks and real-world applications.The evaluation results show that our approach can effectively protect programs from JIT-ROP attacks while introducing marginal runtime overhead.
基金supported by the National Natural Science Foundation of China under Grant 61934002Grant 62234008.
文摘Control flow integrity(CFI)plays an important role in defending against code reuse attacks(CRA).It protects the program’s control flow from being hijacked by restricting control flow transfers during execution.Specifically,backward-edge CFI safeguards return addresses to mitigate Return-Oriented Programming(ROP)attacks.In this work,we implement a backward-edge CFI mechanism that employs the Advanced Encryption Standard(AES)for cryptographic protection of return addresses.We utilize the gem5 simulator for architectural modeling and evaluation.Additionally,we design a dedicated AES hardware accelerator and integrate it into the system through gem5+RTL co-simulation.The AES accelerator is synthesized under TSMC 28 nm technology,which can work at 1GHz,with an area of 10045μm2 and a power consumption of 1.31 mW.Experimental results indicate that the performance overhead of the backward-edge CFI scheme is less than 0.1%.
基金This work was supported by ARO W911NF-13-1-0421(MURI),NSF CNS-1814679,and ARO W911NF-15-1-0576.
文摘Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community.This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges.In particular,the review covers eight computer security problems being solved by applications of Deep Learning:security-oriented program analysis,defending return-oriented programming(ROP)attacks,achieving control-flow integrity(CFI),defending network attacks,malware classification,system-event-based anomaly detection,memory forensics,and fuzzing for software security.
基金supported by NSF CNS-2019340,NSF ECCS-2140175,and NIST 60NANB22D144.
文摘In recent years,deep learning gained proliferating popularity in the cybersecurity application domain,since when being compared to traditional machine learning methods,it usually involves less human efforts,produces better results,and provides better generalizability.However,the imbalanced data issue is very common in cybersecurity,which can substantially deteriorate the performance of the deep learning models.This paper introduces a transfer learning based method to tackle the imbalanced data issue in cybersecurity using return-oriented programming payload detection as a case study.We achieved 0.0290 average false positive rate,0.9705 average F1 score and 0.9521 average detection rate on 3 different target domain programs using 2 different source domain programs,with 0 benign training data sample in the target domain.The performance improvement compared to the baseline is a trade-off between false positive rate and detection rate.Using our approach,the total number of false positives is reduced by 23.16%,and as a trade-off,the number of detected malicious samples decreases by 0.68%.
基金supported by ARO W911NF-13-1-0421(MURI),NSF CNS-1814679,and ARO W911NF-15-1-0576.
文摘Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community.This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges.In particular,the review covers eight computer security problems being solved by applications of Deep Learning:security-oriented program analysis,defending return-oriented programming(ROP)attacks,achieving control-flow integrity(CFI),defending network attacks,malware classification,system-event-based anomaly detection,memory forensics,and fuzzing for software security.
