Matching Items (82)

137309-Thumbnail Image.png

Security Analysis of x86 Processor Microcode

Description

Modern computer processors contain an embedded firmware known as microcode that controls decode and execution of x86 instructions. Although proprietary and relatively obscure, this microcode can be modified using updates

Modern computer processors contain an embedded firmware known as microcode that controls decode and execution of x86 instructions. Although proprietary and relatively obscure, this microcode can be modified using updates released by hardware manufacturers to correct processor logic flaws (errata). At the same time, a malicious microcode update could compromise a processor by implementing new malicious instructions or altering the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives. Not only is this attack vector capable of subverting all software-enforced security policies and access controls, but it also leaves behind no postmortem forensic evidence since the write-only patch memory is cleared upon system reset. Although supervisor privileges (ring zero) are required to update processor microcode, this attack cannot be easily mitigated due to the implementation of microcode update functionality within processor silicon. In this paper, we reveal the microarchitecture and mechanism of microcode updates, present a security analysis of this attack vector, and provide some mitigation suggestions.

Contributors

Created

Date Created
  • 2014-05

137558-Thumbnail Image.png

Distributed Systems Management Based on CIM Schema

Description

Our goals in our project are to enable management of distributed systems from one central location, record system logs and audit system based on these logs, and to demonstrate feasibility

Our goals in our project are to enable management of distributed systems from one central location, record system logs and audit system based on these logs, and to demonstrate feasibility of platform-independent management of distributed systems based on CIM schema. In order to achieve these goals, we will have to overcome research challenges such as identifying meaningful CIM classes and attributes that could help to achieve this goal, how to gather managed objects of these CIM classes to collect such attributes on a given platform, and to research whether a platform's implementation of CIM is complete or incomplete so as to decide which platform would be the best to implement our solution. Even if a platform's implementation of CIM is incomplete, would we be able to create our own solution to a missing attribute and perhaps provide our own extension of the implementation? One major practical accomplishment will include developing a tool to allow distributed systems management regardless of a target system's platform. However, our research accomplishments will include having found the CIM classes that would be advantageous for system management and determining which platform would be best to work with managed objects of these classes.

Contributors

Agent

Created

Date Created
  • 2013-05

137481-Thumbnail Image.png

Synthesis and Facilitation: Designing for Secure User Actions

Description

We discuss processes involved in user-centric security design, including the synthesis of goals based on security and usability tasks. We suggest the usage of implicit security and the facilitation of

We discuss processes involved in user-centric security design, including the synthesis of goals based on security and usability tasks. We suggest the usage of implicit security and the facilitation of secureuser actions. We propose a process for evaluating usability flaws by treating them as security threats and adapting traditional HCI methods. We discuss how to correct these flaws once they are discovered. Finally, we discuss the Usable Security Development Model for developing usable secure systems.

Contributors

Agent

Created

Date Created
  • 2013-05

137724-Thumbnail Image.png

Perceived Confidentiality of Mobile Application Data

Description

Over the past several years, the three major mobile platforms have seen
tremendous growth and success; as a result, the platforms have been the target
of many malicious attacks. These

Over the past several years, the three major mobile platforms have seen
tremendous growth and success; as a result, the platforms have been the target
of many malicious attacks. These attacks often request certain permissions in
order to carry out the malicious activities, and uninformed users usually grant
them. One prevalent example of this type of malware is one that requests
permission  to  the  device’s  SMS  service,  and  once  obtained,  uses  the  SMS
service to accrue charges to the user. This type of attack is one of the most
prevalent on the Android application marketplace, and requires a long-term
solution. Replication of an attack is necessary to fully understand efficient
prevention methods, and due to the open-source nature of Android development,
to determine the likely mechanics of the attack as feasible.
This study uses the Hacker News application, an open source application
that is available for download through GitHub as a basis for creating a malware
application to study the SMS attack and explore prevention methods. From the
results and knowledge gained from both research and experimentation, a
proposition for a more secure operating system architecture was defined to
prevent and mitigate various attacks on mobile systems with a focus on SMS
attacks.

Contributors

Agent

Created

Date Created
  • 2013-05

135758-Thumbnail Image.png

An Image Analysis Environment for Species Identification of Food Contaminating Beetles

Description

Food safety is vital to the well-being of society; therefore, it is important to inspect food products to ensure minimal health risks are present. A crucial phase of food inspection

Food safety is vital to the well-being of society; therefore, it is important to inspect food products to ensure minimal health risks are present. A crucial phase of food inspection is the identification of foreign particles found in the sample, such as insect body parts. The presence of certain species of insects, especially storage beetles, is a reliable indicator of possible contamination during storage and food processing. However, the current approach to identifying species is visual examination by human analysts; this method is rather subjective and time-consuming. Furthermore, confident identification requires extensive experience and training. To aid this inspection process, we have developed in collaboration with FDA analysts some image analysis-based machine intelligence to achieve species identification with up to 90% accuracy. The current project is a continuation of this development effort. Here we present an image analysis environment that allows practical deployment of the machine intelligence on computers with limited processing power and memory. Using this environment, users can prepare input sets by selecting images for analysis, and inspect these images through the integrated pan, zoom, and color analysis capabilities. After species analysis, the results panel allows the user to compare the analyzed images with referenced images of the proposed species. Further additions to this environment should include a log of previously analyzed images, and eventually extend to interaction with a central cloud repository of images through a web-based interface. Additional issues to address include standardization of image layout, extension of the feature-extraction algorithm, and utilizing image classification to build a central search engine for widespread usage.

Contributors

Agent

Created

Date Created
  • 2016-05

134346-Thumbnail Image.png

On the Application of Malware Clustering for Threat Intelligence Synthesis

Description

Malware forensics is a time-consuming process that involves a significant amount of data collection. To ease the load on security analysts, many attempts have been made to automate the intelligence

Malware forensics is a time-consuming process that involves a significant amount of data collection. To ease the load on security analysts, many attempts have been made to automate the intelligence gathering process and provide a centralized search interface. Certain of these solutions map existing relations between threats and can discover new intelligence by identifying correlations in the data. However, such systems generally treat each unique malware sample as its own distinct threat. This fails to model the real malware landscape, in which so many ``new" samples are actually variants of samples that have already been discovered. Were there some way to reliably determine whether two malware samples belong to the same family, intelligence for one sample could be applied to any sample in the family, greatly reducing the complexity of intelligence synthesis. Clustering is a common big data approach for grouping data samples which have common features, and has been applied in several recent papers for identifying related malware. It therefore has the potential to be used as described to simplify the intelligence synthesis process. However, existing threat intelligence systems do not use malware clustering. In this paper, we attempt to design a highly accurate malware clustering system, with the ultimate goal of integrating it into a threat intelligence platform. Toward this end, we explore the many considerations of designing such a system: how to extract features to compare malware, and how to use these features for accurate clustering. We then create an experimental clustering system, and evaluate its effectiveness using two different clustering algorithms.

Contributors

Agent

Created

Date Created
  • 2017-05

134946-Thumbnail Image.png

Darkweb Cyber Threat Intelligence Mining through the I2P Protocol

Description

This thesis project focused on malicious hacking community activities accessible through the I2P protocol. We visited 315 distinct I2P sites to identify those with malicious hacking content. We also wrote

This thesis project focused on malicious hacking community activities accessible through the I2P protocol. We visited 315 distinct I2P sites to identify those with malicious hacking content. We also wrote software to scrape and parse data from relevant I2P sites. The data was integrated into the CySIS databases for further analysis to contribute to the larger CySIS Lab Darkweb Cyber Threat Intelligence Mining research. We found that the I2P cryptonet was slow and had only a small amount of malicious hacking community activity. However, we also found evidence of a growing perception that Tor anonymity could be compromised. This work will contribute to understanding the malicious hacker community as some Tor users, seeking assured anonymity, transition to I2P.

Contributors

Agent

Created

Date Created
  • 2016-12

136523-Thumbnail Image.png

Integrating Forensic Tools for Collaborative Forensic Analysis

Description

Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of digital forensics. Teamwork in forensic analysis has been overlooked in systems

Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of digital forensics. Teamwork in forensic analysis has been overlooked in systems even though forensics relies on collaboration. Forensic analysis lacks a system that is flexible and available on different electronic devices which are being used and incorporated into everyday life. For instance, cellphones or tablets that are easy to bring on-the-go to sites where the first steps of forensic analysis is done. Due to the present day conversion to online accessibility, most electronic devices connect to the internet. Squeegee is a proof of concept that forensic analysis can be done on the web. The forensic analysis expansion to the web opens many doors to collaboration and accessibility.

Contributors

Agent

Created

Date Created
  • 2015-05

135268-Thumbnail Image.png

Malware Analysis and Classification Framework: Detecting Financial Malware Using Machine Learning Techniques

Description

Malware that perform identity theft or steal bank credentials are becoming increasingly common and can cause millions of dollars of damage annually. A large area of research focus is the

Malware that perform identity theft or steal bank credentials are becoming increasingly common and can cause millions of dollars of damage annually. A large area of research focus is the automated detection and removal of such malware, due to their large impact on millions of people each year. Such a detector will be beneficial to any industry that is regularly the target of malware, such as the financial sector. Typical detection approaches such as those found in commercial anti-malware software include signature-based scanning, in which malware executables are identified based on a unique signature or fingerprint developed for that malware. However, as malware authors continue to modify and obfuscate their malware, heuristic detection is increasingly popular, in which the behaviors of the malware are identified and patterns recognized. We explore a malware analysis and classification framework using machine learning to train classifiers to distinguish between malware and benign programs based upon their features and behaviors. Using both decision tree learning and support vector machines as classifier models, we obtained overall classification accuracies of around 80%. Due to limitations primarily including the usage of a small data set, our approach may not be suitable for practical classification of malware and benign programs, as evident by a high error rate.

Contributors

Agent

Created

Date Created
  • 2016-05

134762-Thumbnail Image.png

Security Analysis of IoT Media Broadcast Devices

Description

IoT Media broadcast devices, such as the Roku stick, Amazon Fire, and Chromecast have been emerging onto the market recently as a portable and inexpensive alternative to cable and disk

IoT Media broadcast devices, such as the Roku stick, Amazon Fire, and Chromecast have been emerging onto the market recently as a portable and inexpensive alternative to cable and disk players, allowing easy integration between home and business Wi-Fi networks and television systems capable of supporting HDMI inputs without the additional overhead of setting up a heavy or complicated player or computer. The rapid expansion of these products as a mechanism to provide for TV Everywhere services for entertainment as well as cheap office appliances brings yet another node in the rapidly expanding network of IoT that surrounds us today. However, the security implications of these devices are nearly unexplored, despite their prevalence. In this thesis, I will go over the structure and mechanisms of Chromecast, and explore some of the potential exploits and consequences of the device. The thesis contains an overview of the inner workings of Chromecast, goes over the segregation and limited control and fundamental design choices of the Android based OS. It then identifies the objectives of security, four different potential methods of exploit to compromise those objectives on a Chromecast and/or its attached network, including rogue applications, traffic sniffing, evil access points and the most effective one: deauthentication attack. Tests or relevant analysis were carried out for each of these methods, and conclusions were drawn on their effectiveness. There is then a conclusion revolving around the consequences, mitigation and the future implications of security issues on Chromecast and the larger IoT landscape.

Contributors

Agent

Created

Date Created
  • 2016-12