- Yan Cao;Zhiqiu Huang;Shuanglong Kan;Dajuan Fan;Yang Yang;
The cyber-physical space is a spatial environment that integrates the cyber and physical worlds to provide an intelligent environment for users to conduct their day-to-day activities. Mobile users and mobile objects are ubiquitous in this space, thereby exerting tremendous pressure on its security model. This model must ensure that both cyber and physical objects are always handled securely in this dynamic environment. In this paper,we propose a systematic solution to be able to specify security policies of the cyber-physical space and ensure that security requirements hold in these policies. We first formulate a topology configuration model to capture the topology characteristics of the cyber and physical worlds. Then, based on this model, a Topology-Aware CyberPhysical Access Control model(TA-CPAC) is proposed, which can ensure the security of the cyber and physical worlds at the same time by adjusting permission assignment dynamically. Then, the topology configuration and TA-CPAC models are formalized by bigraphs and Bigraph Reactive System(BRS), respectively, allowing us to use model checking to rationalize the consequences of the evolution of topological configurations on the satisfaction of security requirements. Finally, a case study on a building automation access control system is conducted to evaluate the effectiveness of the proposed approach.
2019年05期 v.24 497-519页 [查看摘要][在线阅读][下载 1259K] [下载次数:44 ] |[网刊下载次数:0 ] |[引用频次:5 ] |[阅读次数:2 ] - Xin Jin;Qixu Wang;Xiang Li;Xingshu Chen;Wei Wang;
As a foundation component of cloud computing platforms, Virtual Machines(VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protection framework is developed, which can extend the trusted relationship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes.
2019年05期 v.24 520-534页 [查看摘要][在线阅读][下载 10440K] [下载次数:78 ] |[网刊下载次数:0 ] |[引用频次:13 ] |[阅读次数:2 ] - Lai Xu;Rongwei Yu;Lina Wang;Weijie Liu;
The Rowhammer bug is a novel micro-architectural security threat, enabling powerful privilege-escalation attacks on various mainstream platforms. It works by actively flipping bits in Dynamic Random Access Memory(DRAM) cells with unprivileged instructions. In order to set up Rowhammer against binaries in the Linux page cache, the Waylaying algorithm has previously been proposed. The Waylaying method stealthily relocates binaries onto exploitable physical addresses without exhausting system memory. However, the proof-of-concept Waylaying algorithm can be easily detected during page cache eviction because of its high disk I/O overhead and long running time. This paper proposes the more advanced Memway algorithm, which improves on Waylaying in terms of both I/O overhead and speed. Running time and disk I/O overhead are reduced by 90% by utilizing Linux tmpfs and inmemory swapping to manage eviction files. Furthermore, by combining Memway with the unprivileged posix fadvise API, the binary relocation step is made 100 times faster. Equipped with our Memway+fadvise relocation scheme,we demonstrate practical Rowhammer attacks that take only 15–200 minutes to covertly relocate a victim binary,and less than 3 seconds to flip the target instruction bit.
2019年05期 v.24 535-545页 [查看摘要][在线阅读][下载 1408K] [下载次数:45 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:1 ] - Fei Yan;Kai Wang;
Code reuse attacks pose a severe threat to modern applications. These attacks reuse existing code segments of vulnerable applications as attack payloads and hijack the control flow of a victim application. With high code entropy and a relatively low performance overhead, Address Space Layout Randomization(ASLR) has become the most widely explored defense against code reuse attacks. However, a single memory disclosure vulnerability is able to compromise this defense. In this paper, we present Memory Protection Extensions(MPX)-assisted Address Space Layout Randomization(M-ASLR), a novel code-space randomization scheme. M-ASLR uses several characteristics of Intel MPX to restrict code pointers in memory. We have developed a fully functioning prototype of M-ALSR, and our evaluation results show that M-ASLR:(1) offers no interference with normal operation;(2) protects against buffer overflow attacks, code reuse attacks, and other sophisticated modern attacks;and(3) adds a very low performance overhead(3.3%) to C/C++ applications.
2019年05期 v.24 546-556页 [查看摘要][在线阅读][下载 965K] [下载次数:23 ] |[网刊下载次数:0 ] |[引用频次:4 ] |[阅读次数:1 ] - Bo Zhao;Peiru Fan;Pengyuan Zhao;Mingtao Ni;Jinhui Liu;
Private data leakage is a threat to current integrity verification schemes of cloud components. To address this issue, this work proposes a privacy-enhancing Structural Integrity Verification(SIV) approach. It is made up of three processes: proof organization, proof transformation, and integrity judgement. By introducing a Merkle tree technique, the integrity of a constituent part of a cloud component on a node is represented by a root value. The value is then masked to cipher texts in proof transformation. With the masked proofs, a structural feature is extracted and validated in an integrity judgement by a third-party verification provider. The integrity of the cloud component is visually displayed in the output result matrix. If there are abnormities, the corrupted constituent parts can be located. Integrity is verified through the encrypted masked proofs. All raw proofs containing sensitive information stay on their original nodes, thus minimizing the attack surface of the proof data, and eliminating the risk of leaking private data at the source. Although some computations are added, the experimental results show that the time overhead is within acceptable bounds.
2019年05期 v.24 557-574页 [查看摘要][在线阅读][下载 1020K] [下载次数:23 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:1 ] - Jinhui Liu;Yong Yu;Jianwei Jia;Shijia Wang;Peiru Fan;Houzhen Wang;Huanguo Zhang;
Amidst the rapid development of the Internet of Things(IoT), Vehicular Ad-Hoc NETwork(VANET), a typical IoT application, are bringing an ever-larger number of intelligent and convenient services to the daily lives of individuals. However, there remain challenges for VANETs in preserving privacy and security. In this paper, we propose the first lattice-based Double-Authentication-Preventing Ring Signature(DAPRS) and adopt it to propose a novel privacy-preserving authentication scheme for VANETs, offering the potential for security against quantum computers. The new construction is proven secure against chosen message attacks. Our scheme is more efficient than other ring signature in terms of the time cost of the message signing phase and verification phase, and also in terms of signature length. Analyses of security and efficiency demonstrate that our proposed scheme is provably secure and efficient in the application.
2019年05期 v.24 575-584页 [查看摘要][在线阅读][下载 627K] [下载次数:48 ] |[网刊下载次数:0 ] |[引用频次:24 ] |[阅读次数:1 ] - Linhong Xu;Jiansheng Guo;Jingyi Cui;Mingming Li;
Asymmetric cryptographic schemes, represented by RSA, have been shown to be insecure under quantum computing conditions. Correspondingly, there is a need to study whether the symmetric cryptosystem can still guarantee high security with the advent of quantum computers. In this paper, based on the basic principles of classical slide attacks and Simon's algorithm, we take LED-like lightweight block ciphers as research objects to present a security analysis under both classical and quantum attacks, fully considering the influence on the security of the ciphers of adding the round constants. By analyzing the information leakage of round constants, we can introduce the differential of the round constants to propose a classical slide attack on full-round LED-64 with a probability of 1. The analysis result shows that LED-64 is unable to resist this kind of classical slide attack, but that attack method is not applicable to LED-128. As for quantum attacks, by improving on existing quantum attack methods we demonstrate a quantum single-key slide attack on LED-64 and a quantum related-key attack on LED-128, and indicators of the two attack algorithms are analyzed in detail. The attack results show that adding round constants does not completely improve the security of the ciphers, and quantum attacks can provide an exponential speed-up over the same attacks in the classical model. It further illustrates that the block cipher that is proved to be safe under classical settings is not necessarily secure under quantum conditions.
2019年05期 v.24 585-595页 [查看摘要][在线阅读][下载 1971K] [下载次数:39 ] |[网刊下载次数:0 ] |[引用频次:1 ] |[阅读次数:2 ] - Chuan Ma;Tao Wang;Limin Shen;Dongkui Liang;Shuping Chen;Dianlong You;
The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.
2019年05期 v.24 596-614页 [查看摘要][在线阅读][下载 2392K] [下载次数:54 ] |[网刊下载次数:0 ] |[引用频次:4 ] |[阅读次数:1 ]
- Tianmeng Hang;Yue Zheng;Kun Qian;Chenshu Wu;Zheng Yang;Xiancun Zhou;Yunhao Liu;Guilin Chen;
Sensorless sensing using wireless signals has been rapidly conceptualized and developed recently.Among numerous applications of WiFi-based sensing, human presence detection acts as a primary and fundamental function to boost applications in practice. Many complicated approaches have been proposed to achieve high detection accuracy, but they frequently omit various practical constraints such as real-time capability,computation efficiency, sampling rates, deployment efforts, etc. A practical detection system that works in realworld applications is lacking. In this paper, we design and implement WiSH, a real-time system for contactless human detection that is applicable for whole-day usage. WiSH employs lightweight yet effective methods and thus enables detection under practical conditions even on resource-limited devices with low signal sampling rates. We deploy WiSH on commodity desktops and customized tiny nodes in different everyday scenarios. The experimental results demonstrate the superior performance of WiSH, which has a detection accuracy of >98% using a sampling rate of 20 Hz with an average detection delay of merely 1.5 s. Thus, we believe WiSH is a promising system for real-world deployment.
2019年05期 v.24 615-629页 [查看摘要][在线阅读][下载 3638K] [下载次数:80 ] |[网刊下载次数:0 ] |[引用频次:12 ] |[阅读次数:1 ] - Dian Shen;Junzhou Luo;Fang Dong;Junxue Zhang;
Cloud data centers, such as Amazon EC2, host myriad big data applications using Virtual Machines(VMs). As these applications are communication-intensive, optimizing network transfer between VMs is critical to the performance of these applications and network utilization of data centers. Previous studies have addressed this issue by scheduling network flows with coflow semantics or optimizing VM placement with traffic considerations.However, coflow scheduling and VM placement have been conducted orthogonally. In fact, these two mechanisms are mutually dependent, and optimizing these two complementary degrees of freedom independently turns out to be suboptimal. In this paper, we present VirtCO, a practical framework that jointly schedules coflows and places VMs ahead of VM launch to optimize the overall performance of data center applications. We model the joint coflow scheduling and VM placement optimization problem, and propose effective heuristics for solving it. We further implement VirtCO with OpenStack and deploy it in a testbed environment. Extensive evaluation of real-world traces shows that compared with state-of-the-art solutions, VirtCO greatly reduces the average coflow completion time by up to 36.5%. This new framework is also compatible with and readily deployable within existing data center architectures.
2019年05期 v.24 630-644页 [查看摘要][在线阅读][下载 2557K] [下载次数:18 ] |[网刊下载次数:0 ] |[引用频次:5 ] |[阅读次数:2 ]