Operating Systems Security 2015 |
Operating system security is a component of resiliency, composability, and an area of concern for predictive metrics. The work cited here was presented in 2015.
Y. Lin; S. Malik; K. Bilal; Q. Yang; Y. Wang; S. Khan, "Designing and Modeling of Covert Channels in Operating Systems," in IEEE Transactions on Computers, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TC.2015.2458862
Abstract: Covert channels are widely considered as a major risk of information leakage in various operating systems, such as desktop, cloud, and mobile systems. The existing works of modeling covert channels have mainly focused on using Finite State Machines(FSMs)and their transforms to describe the process of covert channel transmission. However, a FSM is rather an abstract model, where information about the shared resource, synchronization, and encoding/decoding cannot be presented in the model, making it difficult for researchers to realize and analyze the covert channels. In this paper, we use the High-Level Petri Nets (HLPN) to model the structural and behavioral properties of covert channels. We use the HLPN to model the classic covert channel protocol. Moreover, the results from the analysis of the HLPN model are used to highlight the major shortcomings and interferences in the protocol. Furthermore, we propose two new covert channel models, namely: (a)TwoChannel Transmission Protocol (TCTP) model and(b)Self-Adaptive Protocol (SAP) model. The TCTP model circumvents the mutual inferences in encoding and synchronization operations; where as the SAP model uses sleeping time and redundancy check to ensure correct transmission in an environment with strong noise. To demonstrate the correctness and usability of our proposed models in heterogeneous environments, we implement the TCTP and SAP in three different systems: (a)Linux, (b)Xen, and (c)Fiasco. OC. Our implementation also indicates the practicability of the models in heterogeneous, scalable and flexible environments.
Keywords: Analytical models; Computational modeling; Mathematical model; Operating systems; Petri nets; Protocols; Receivers; covert channels; high-level Petri nets (HLPN); modeling and security; operating systems (ID#: 16-9502)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7169547&isnumber=4358213
H. Sun; F. Zhao; H. Wang; K. Wang; W. Jiang; Q. Guo; B. Zhang; L. Wehenkel, "Automatic Learning of Fine Operating Rules for Online Power System Security Control," in IEEE Transactions on Neural Networks and Learning Systems, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TNNLS.2015.2390621
Abstract: Fine operating rules for security control and an automatic system for their online discovery were developed to adapt to the development of smart grids. The automatic system uses the real-time system state to determine critical flowgates, and then a continuation power flow-based security analysis is used to compute the initial transfer capability of critical flowgates. Next, the system applies the Monte Carlo simulations to expected short-term operating condition changes, feature selection, and a linear least squares fitting of the fine operating rules. The proposed system was validated both on an academic test system and on a provincial power system in China. The results indicated that the derived rules provide accuracy and good interpretability and are suitable for real-time power system security control. The use of high-performance computing systems enables these fine operating rules to be refreshed online every 15 min.
Keywords: Learning systems; Power system security; Power transmission lines; Real-time systems; Substations; Automatic learning; critical flowgate; knowledge discovery; online security analysis; smart grid; total transfer capability (ID#: 16-9503)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7036063&isnumber=6104215
C. W. Wang; C. W. Wang; S. W. Shieh, "ProbeBuilder: Uncovering Opaque Kernel Data Structures for Automatic Probe Construction," in IEEE Transactions on Dependable and Secure Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TDSC.2015.2416728
Abstract: VM-based inspection tools generally implement probes in the hypervisor to monitor events and the state of kernel of the guest system. The most important function of a probe is to carve information of interest out of the memory of the guest when it is triggered. Implementing probes for a closed-source OS demands manually reverse-engineering the undocumented code/data structures in the kernel binary image. Furthermore, the reverse-engineering result is often non-reusable between OS versions or even kernel updates due to the rapid change of these structures. In this paper, we propose ProbeBuilder, a system automating the process to inference kernel data structures. Based on dynamic execution, ProbeBuilder searches for data structures matching the “pointer-offset-pointer” pattern in guest memory. The sequences of these offsets, which are referred to as dereferences, are then verified by ProbeBuilder with instruction evidence that traverse them. The experiment on Windows kernel shows that ProbeBuilder efficiently narrows thousands of choices for kernel-level probes down to dozens. The finding allows analysts to quickly implement probes, facilitating rapid development/update of inspection tools for different OSes. With these features, ProbeBuilder is the first system capable of automatically generating practical probes that extracts information through dereferences to opaque kernel data structures
Keywords: Data structures; Kernel; Monitoring; Pattern matching; Probes; Virtual machine monitors; D.2.5 [Software Engineering]: Testing and Debugging - Monitors; D.4.6 [Operating System]: Security and Privacy Protection - Invasive Software (ID#: 16-9504)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7069236&isnumber=4358699
B. Krupp; N. Sridhar; W. Zhao, "SPE: Security and Privacy Enhancement Framework for Mobile Devices," in IEEE Transactions on Dependable and Secure Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TDSC.2015.2465965
Abstract: In this paper, we present a security and privacy enhancement (SPE) framework for unmodified mobile operating systems. SPE introduces a new layer between the application and the operating system and does not require a device be jailbroken or utilize a custom operating system. We utilize an existing ontology designed for enforcing security and privacy policies on mobile devices to build a policy that is customizable. Based on this policy, SPE provides enhancements to native controls that currently exist on the platform for privacy and security sensitive components. SPE allows access to these components in a way that allows the framework to ensure the application is truthful in its declared intent and ensure that the user’s policy is enforced. In our evaluation we verify the correctness of the framework and the computing impact on the device. Additionally, we discovered security and privacy issues in several open source applications by utilizing the SPE Framework. From our findings, if SPE is adopted by mobile operating systems producers, it would provide consumers and businesses the additional privacy and security controls they demand and allow users to be more aware of security and privacy issues with applications on their devices.
Keywords: Mobile handsets; Multimedia communication; Ontologies; Operating systems; Privacy; Security; Sensors; Mobile Privacy; Mobile Security; Sensing (ID#: 16-9505)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7182290&isnumber=4358699
X. Pan; Z. Ling; A. Pingley; W. Yu; K. Ren; N. Zhang; X. Fu, "Password Extraction via Reconstructed Wireless Mouse Trajectory," in IEEE Transactions on Dependable and Secure Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TDSC.2015.2413410
Abstract: Logitech made the following statement in 2009: “Since the displacements of a mouse would not give any useful information to a hacker, the mouse reports are not encrypted.” In this paper, we prove the exact opposite is true - i.e., it is indeed possible to leak sensitive information such as passwords through the displacements of a Bluetooth mouse. Our results can be easily extended to other wireless mice using different radio links. We begin by presenting multiple ways to sniff unencrypted Bluetooth packets containing raw mouse movement data.We then show that such data may reveal text-based passwords entered by clicking on software keyboards. We propose two attacks, the prediction attack and replay attack, which can reconstruct the on-screen cursor trajectories from sniffed mouse movement data. Two inference strategies are used to discover passwords from cursor trajectories. We conducted a holistic study over all popular operating systems and analyzed how mouse acceleration algorithms and packet losses may affect the reconstruction results. Our real-world experiments demonstrate the severity of privacy leakage from unencrypted Bluetooth mice. We also discuss countermeasures to prevent privacy leakage from wireless mice. To the best of our knowledge, our work is the first to demonstrate privacy leakage from raw mouse data.
Keywords: Acceleration; Bluetooth; Computers; Mice; Operating systems; Prediction algorithms; Trajectory; Mouse; Password; Privacy; Security; Sniffing; Trajectory (ID#: 16-9506)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7061471&isnumber=4358699
A. Homescu; T. Jackson; S. Crane; S. Brunthaler; P. Larsen; M. Franz, "Large-scale Automated Software Diversity—Program Evolution Redux," in IEEE Transactions on Dependable and Secure Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TDSC.2015.2433252
Abstract: The software monoculture favors attackers over defenders, since it makes all target environments appear similar. Code-reuse attacks, for example, rely on target hosts running identical software. Attackers use this assumption to their advantage by automating parts of creating an attack. This article presents large-scale automated software diversification as a means to shore up this vulnerability implied by our software monoculture. Besides describing an industrial-strength implementation of automated software diversity, we introduce methods to objectively measure the effectiveness of diversity in general, and its potential to eliminate code-reuse attacks in particular.
Keywords: Browsers; Entropy; Operating systems; Program processors; Programming; Security; Biologically-inspired defenses; artificial software diversity; code reuse attacks; jump-oriented programming; return-oriented programming (ID#: 16-9507)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7122891&isnumber=4358699
Y. Li; W. Dai; Z. Ming; M. Qiu, "Privacy Protection for Preventing Data Over-Collection in Smart City," in IEEE Transactions on Computers, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TC.2015.2470247
Abstract: In smart city, all kinds of users’ data are stored in electronic devices to make everything intelligent. A smartphone is the most widely used electronic device and it is the pivot of all smart systems. However, current smartphones are not competent to manage users’ sensitive data, and they are facing the privacy leakage caused by data over-collection. Data over-collection, which means smartphones apps collect users’ data more than its original function while within the permission scope, is rapidly becoming one of the most serious potential security hazards in smart city. In this paper, we study the current state of data over-collection and study some most frequent data over-collected cases. We present a mobile-cloud framework, which is an active approach to eradicate the data over-collection. By putting all users’ data into a cloud, the security of users’ data can be greatly improved. We have done extensive experiments and the experimental results have demonstrated the effectiveness of our approach.
Keywords: Data privacy; Mobile communication; Operating systems; Privacy; Security; Smart phones; Cyber Security and Privacy; Data Over-Collection; Smart City; Smartphone (ID#: 16-9508)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7210166&isnumber=4358213
G. Anagnostou; B. C. Pal, "Impact of Overexcitation Limiters on the Power System Stability Margin Under Stressed Conditions," in IEEE Transactions on Power Systems, vol. PP, no. 99, pp. 1-11, 2015. doi: 10.1109/TPWRS.2015.2440559
Abstract: This paper investigates the impact of the overexcitation limiters (OELs) on the stability margin of a power system which is operating under stressed conditions. Several OEL modeling approaches are presented and the effect of their action has been examined in model power systems. It is realized that, more often than not, OEL operating status goes undetected by existing dynamic security assessment tools commonly used in the industry. It is found that the identification and accurate representation of OELs lead to significantly different transient stability margins. Unscented Kalman filtering is used to detect the OEL activation events. In the context of stressed system operation, such quantitative assessment is very useful for system control. This understanding is further reinforced through detailed studies in two model power systems.
Keywords: Generators; Mathematical model; Power system stability; Stability criteria; Transient analysis; Kalman filters; power system dynamics; power system security; stability criteria (ID#: 16-9509)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7128744&isnumber=4374138
H. Rahbari; M. Krunz; L. Lazos, "Swift Jamming Attack on Frequency Offset Estimation: The Achilles Heel of OFDM Systems," in IEEE Transactions on Mobile Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TMC.2015.2456916
Abstract: Frequency offset (FO) refers to the difference in the operating frequencies of two radio oscillators. Failure to compensate for the FO may lead to decoding errors, particularly in OFDM systems. To correct the FO, wireless standards append a publicly known preamble to every frame before transmission. In this paper, we demonstrate how an adversary can exploit the known preamble structure of OFDM-based wireless systems, particularly IEEE802.11a/g/n/ac, to launch a very stealth (low energy/duty cycle) reactive jamming attack against the FO estimation mechanism. In this attack, the adversary quickly detects a transmitted OFDM frame and subsequently jams a tiny part of the preamble that is used for FO estimation at the legitimate receiver. By optimizing the energy and structure of the jamming signal and accounting for frame detection timing errors and unknown channel parameters, we empirically show that the adversary can induce a bit error rate close to 0.5, making the transmission practically irrecoverable. Such vulnerability to FO jamming exists even when the frame is shielded by efficient channel coding. We evaluate the FO estimation attack through simulations and USRP experimentation. We also propose three approaches to mitigate such an attack.
Keywords: Channel estimation; Estimation; IEEE 802.11 Standard; Jamming; OFDM; Timing; Wireless communication; IEEE802.11; OFDM;PHY-layer security; USRP implementation; frequency offset; reactive jamming (ID#: 16-9510)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163332&isnumber=4358975
J. Ma; G. Geng; Q. Jiang, "Two-Time-Scale Coordinated Energy Management for Medium-Voltage DC Systems," in IEEE Transactions on Power Systems, vol. PP, no. 99, pp. 1-13, 2015. doi: 10.1109/TPWRS.2015.2504517
Abstract: In medium-voltage DC (MVDC) systems, to manage the impacts of uncertainty and variability brought by the high-penetrated renewable energy sources (RES), this paper proposes a two-time-scale coordinated energy management method. Based on a hierarchical control framework, the droop control is used and its two key factors, operating point and droop coefficient, are co-optimized. To improve operational benefits, operating points are determined in the reference optimization, considering the long-term cooperative operation of various integrated units. To enhance system security, droop coefficients are optimized in the coefficient optimization, where controllers' responses to the system unbalanced power and changes of system voltage profile within the dispatch interval are both considered. Since these two optimizations are performed in different time scales, a two-time-scale coordinated strategy is designed to balance long-term economic benefits and short-term security performance. The proposed approach is verified on a typical MVDC system which has a meshed network topology. Conventional and renewable energy sources as well as schedulable and unschedulable load demands are considered. Numerical experiments indicate that, the proposed approach is capable of providing economical and reliable dispatch, such that the forecast errors and fluctuations brought by the high-penetrated RESs and other unschedulable units can be adapted to.
Keywords: Economics; Energy management; Medium voltage; Optimization; Security; Uncertainty; Voltage control; Coefficient optimization; MVDC system; droop control; energy management; two-time-scale coordinated strategy (ID#: 16-9511)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7353227&isnumber=4374138
J. Yost, "The March of IDES: A History of the Intrusion Detection Expert System," in IEEE Annals of the History of Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/MAHC.2015.41
Abstract: This paper examines the pre-history and history of early intrusion detection expert systems by focusing the first such system, Intrusion Detection Expert System, or IDES, which was developed in the second half of the 1980s at SRI International (and SRI's follow-on Next Generation Intrusion Detection Expert System, or NIDES, in the early-to-mid 1990s). It also presents and briefly analyzes the outsized contribution of women scientists to leadership of this area of computer security research and development, contrasting it with the largely male-led work on "high-assurance" operating system design, development, and standard-setting.
Keywords: Communities; Computer security; Computers; Expert systems; History; Intrusion detection (ID#: 16-9512)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155454&isnumber=5255174
P. Henneaux; P. E. Labeau; J. C. Maun; L. Haarla, "A Two-Level Probabilistic Risk Assessment of Cascading Outages," in IEEE Transactions on Power Systems, vol. PP, no. 99, pp. 1-11, 2015. doi: 10.1109/TPWRS.2015.2439214
Abstract: Cascading outages in power systems can lead to major power disruptions and blackouts and involve a large number of different mechanisms. The typical development of a cascading outage can be split in two phases with different dominant cascading mechanisms. As a power system is usually operated in N-1 security, an initiating contingency cannot entail a fast collapse of the grid. However, it can trigger a thermal transient, increasing significantly the likelihood of additional contingencies, in a “slow cascade.” The loss of additional elements can then trigger an electrical instability. This is the origin of the subsequent “fast cascade,” where a rapid succession of events can lead to a major power disruption. Several models of probabilistic simulations exist, but they tend to focus either on the slow cascade or on the fast cascade, according to mechanisms considered, and rarely on both. We propose in this paper a decomposition of the analysis in two levels, able to combine probabilistic simulations for the slow and the fast cascades. These two levels correspond to these two typical phases of a cascading outage. Models are developed for each of these phases. A simplification of the overall methodology is applied to two test systems to illustrate the concept.
Keywords: Computational modeling; Load modeling; Power system dynamics; Power system stability; Probabilistic logic; Steady-state; Transient analysis; Blackout; Monte Carlo methods; cascading failure; power system reliability; power system security; risk analysis (ID#: 16-9513)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7127060&isnumber=4374138
Y. Jia; Z. Xu; L. L. Lai; K. P. Wong, "Risk based Power System Security Analysis Considering Cascading Outages," in IEEE Transactions on Industrial Informatics, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TII.2015.2499718
Abstract: Successful development of smart grid demands strengthened system security and reliability, which requires effective security analysis in conducting system operation and expansion planning. Classical N-1 criterion has been widely used to examine every creditable contingency through detailed computations in the past. The adequacy of such approach becomes doubtful in many recent blackouts where cascading outages are usually involved. This may be attributed to the increased complexities and nonlinearities involved in operating conditions and network structures in context of smart grid development. To address security threats particularly from cascading outages, a new and efficient security analysis approach is proposed, which comprises cascading failure simulation module (CFSM) for post-contingency analysis and risk evaluation module (REM) based on a decorrelated neural network ensembles (DNNE) algorithm. This approach overcomes the drawbacks of high computational cost in classical N-k induced cascading contingency analysis. Case studies on two different IEEE test systems and a practical transmission system—Polish 2383-bus system have been conducted to demonstrate the effectiveness of the proposed approach for risk evaluation of cascading contingency.
Keywords: Computational modeling; Load flow; Load modeling; Monte Carlo methods; Power system faults; Power system protection; Security; N-k contingency; cascading failures; data mining; security analysis; smart grids (ID#: 16-9514)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7327191&isnumber=4389054
K. E. Van Horn; A. D. Dominguez-Garcia; P. W. Sauer, "Measurement-Based Real-Time Security-Constrained Economic Dispatch," in IEEE Transactions on Power Systems, vol. PP, no. 99, pp. 1-13, 2015. doi: 10.1109/TPWRS.2015.2493889
Abstract: In this paper, we propose a measurement-based approach to the real-time security-constrained economic dispatch (SCED). The real-time SCED is a widely used market scheduling tool that seeks to economically balance electricity supply and demand and provide locational marginal prices (LMPs), while ensuring system reliability standards are met. To capture network flows and security considerations, the conventional SCED formulation relies on sensitivities that are typically computed from a linearized power flow model, which is vulnerable to phenomena such as undetected topology changes, changes in the system operating point, and the existence of incorrect model data. Our approach to the formulation of the SCED problem utilizes power system sensitivities estimated from phasor measurement unit (PMU) measurements. The resulting measurement-based real-time SCED is robust against the aforementioned phenomena. Moreover, the dispatch instructions and LMPs calculated with the proposed measurement-based SCED accurately reflect real-time system conditions and security needs. We illustrate the strengths of the proposed approach via several case studies.
Keywords: Analytical models; Computational modeling; Economics; Phasor measurement units; Real-time systems; Security; Sensitivity; Contingency analysis; PMU; distribution factors; economic dispatch; estimation; operations; security (ID#: 16-9515)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7348719&isnumber=4374138
Y. Huang; X. Yuan; J. Hu; P. Zhou; D. Wang, "DC-Bus Voltage Control Stability Affected by AC-Bus Voltage Control in VSCs Connected to Weak AC Grids," in IEEE Journal of Emerging and Selected Topics in Power Electronics, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/JESTPE.2015.2480859
Abstract: With widely application of voltage source converters (VSCs) in power system, DC-bus voltage control instabilities increasingly occurred in practical conditions, especially in weak AC grid, which poses challenges on stability and security of power converters applications. This paper aims to give physical insights into stability of DC-bus voltage control affected by AC-bus voltage control in VSC connected to weak grid. Concepts of damping and restoring components are developed for DC-bus voltage to describe stability of DC-bus voltage control. Impact of AC-bus voltage control on DC-bus voltage control stability can be revealed by investigating impact of AC-bus voltage control on damping and restoring components essentially. Furthermore, detailed analysis for impact of AC-bus voltage control on damping and restoring components are presented with considering varied AC system strengths, operating points, and AC-bus voltage control parameters. Simulation results from 1.5-MW full-capacity wind power generation system are demonstrated which conform well to the analysis. Finally the experiment results validate the analysis.
Keywords: Damping; Phase locked loops; Power conversion; Power system stability; Stability analysis; Voltage control; AC-bus voltage control; DC-bus voltage control; small-signal stability; voltage source converter; weak grid (ID#: 16-9516)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7273745&isnumber=6507303
Y. Zhang; D. Li; Z. Sun; F. Zhao; J. Su; X. Lu, "CSR: Classified Source Routing in DHT-Based Networks," in IEEE Transactions on Cloud Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TCC.2015.2440242
Abstract: In recent years cloud computing provides a new way to address the constraints of limited energy, capabilities, and resources. Distributed hash table (DHT) based networks have become increasingly important for efficient communication in large-scale cloud systems. Previous studies mainly focus on improving the performance such as latency, scalability and robustness, but seldom consider the security demands on the routing paths, for example, bypassing untrusted intermediate nodes. Inspired by Internet source routing, in which the source nodes specify the routing paths taken by their packets, this paper presents CSR, a tag-based, Classified Source Routing scheme in DHT-based cloud networks to satisfy the security demands on the routing paths. Different from Internet source routing which requires some map of the overall network, CSR operates in a distributed manner where nodes with certain security level are tagged with a label and routing messages requiring that level of security are forwarded only to the qualified next-hops. We show how this can be achieved efficiently, by simple extensions of the traditional routing structures, and safely, so that the routing is uniformly convergent. The effectiveness of our proposals is demonstrated through theoretical analysis and extensive simulations.
Keywords: Cloud computing; Robustness; Routing; Security; Servers; Topology; CSR (classified source routing); DLG-de Bruijn (DdB); distributed hash table (DHT); path diversity; tag (ID#: 16-9517)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7116526&isnumber=6562694
L. Xu; J. Lee; S. H. Kim; Q. Zheng; S. Xu; T. Suh; W. W. Ro; W. Shi, "Architectural Protection of Application Privacy Against Software and Physical Attacks in Untrusted Cloud Environment," in IEEE Transactions on Cloud Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TCC.2015.2511728
Abstract: In cloud computing, it is often assumed that cloud vendors are trusted; the guest Operating System (OS) and the Virtual Machine Monitor (VMM, also called Hypervisor) are secure. However, these assumptions are not always true in practice and existing approaches cannot protect the data privacy of applications when none of these parties are trusted. We investigate how to cope with a strong threat model which is that the cloud vendors, the guest OS, or the VMM, or both of them are malicious or untrusted, and can launch attacks against privacy of trusted user applications. This model is relevant because applications may be small enough to be formally verified, while the guest OS and VMM are too complex to be formally verified. Specifically, we present the design and analysis of an architectural solution which integrates a set of components on-chip to protect the memory of trusted applications from potential software and hardware based attacks from untrusted cloud providers, compromised guest OS, or malicious VMM. Full-system performance evaluation results show that the design only incurs 9% overhead on average, which is a small performance price that is paid for the substantial security gain.
Keywords: Cloud computing; Context; Hardware; Kernel; Privacy; Security; Virtual machine monitors; Architectural Support; Security; Virtualization (ID#: 16-9518)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7364212&isnumber=6562694
W. Zeng; Y. Zhang; M. Y. Chow, "Resilient Distributed Energy Management Subject to Unexpected Misbehaving Generation Units," in IEEE Transactions on Industrial Informatics, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TII.2015.2496228
Abstract: Distributed energy management algorithms are being developed for the smart grid to efficiently and economically allocate electric power among connected distributed generation units and loads. The use of such algorithms provides flexibility, robustness, and scalability, while it also increases the vulnerability of smart grid to unexpected faults and adversaries. The potential consequences of compromising the power system can be devastating to public safety and economy. Thus, it is important to maintain the acceptable performance of distributed energy management algorithms in a smart grid environment under malicious cyberattacks. In this paper, a neighborhood-watch based distributed energy management algorithm is proposed to guarantee the accurate control computation in solving the economic dispatch problem in the presence of compromised generation units. The proposed method achieves the system resilience by performing a reliable distributed control without a central coordinator and allowing all the well-behaving generation units to reach the optimal operating point asymptotically. The effectiveness of the proposed method is demonstrated through case studies under several different adversary scenarios.
Keywords: Algorithm design and analysis; Energy management; Integrated circuits; Resilience; Security; Smart grids; Economic dispatch; neighborhood-watch; resilient distributed energy management (ID#: 16-9519)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312956&isnumber=4389054
T. Pasquier; J. Singh; D. Eyers; J. Bacon, "CamFlow: Managed Data-sharing for Cloud Services," in IEEE Transactions on Cloud Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TCC.2015.2489211
Abstract: A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within ‘Internet of Things’ architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner’s control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners’ dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. This helps those responsible to meet their data management obligations, providing evidence of compliance, and aids in the ident- fication of policy errors and misconfigurations. We present our IFC model and describe and evaluate our IFC architecture and implementation (CamFlow). This comprises an OS level implementation of IFC with support for application management, together with an IFC-enabled middleware. Our contribution is to demonstrate the feasibility of incorporating IFC into cloud services: we show how the incorporation of IFC into cloud-provided OSs underlying PaaS and SaaS would address application sharing and protection requirements, and more generally, greatly enhance the trustworthiness of cloud services at all levels, at little overhead, and transparently to tenants.
Keywords: Access control; Cloud computing; Computational modeling; Computer architecture; Containers; Context; Audit; Cloud; Compliance; Data Management; Information Flow Control; Linux Security Module; Middleware; PaaS; Provenance; Security (ID#: 16-9520)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7295590&isnumber=6562694
L. Wu; X. Du; J. Wu, "Effective Defense Schemes for Phishing Attacks on Mobile Computing Platforms," in IEEE Transactions on Vehicular Technology, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TVT.2015.2472993
Abstract: Recent years have witnessed the increasing threat of phishing attacks on mobile computing platforms. In fact, mobile phishing is particularly dangerous due to the hardware limitations of mobile devices and mobile user habits. In this paper, we did a comprehensive study on the security vulnerabilities caused by mobile phishing attacks, including the web page phishing attacks, the application phishing attacks, and the account registry phishing attacks. Existing schemes designed for web phishing attacks on PCs cannot effectively address the various phishing attacks on mobile devices. Hence, we propose MobiFish, a novel automated lightweight anti-phishing scheme for mobile platforms. MobiFish verifies the validity of web pages, applications, and persistent accounts by comparing the actual identity to the claimed identity. MobiFish has been implemented on a Nexus 4 smartphone running the Android 4.2 operating system. We experimentally evaluate the performance of MobiFish with 100 phishing URLs and corresponding legitimate URLs, as well as phishing apps. The results show that MobiFish is very effective in detecting phishing attacks on mobile phones.
Keywords: Browsers; HTML; Mobile communication; Mobile handsets; Twitter; Uniform resource locators; Web pages; Mobile computing; phishing attacks; security and protection (ID#: 16-9521)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7222471&isnumber=4356907
T. Wu; K. Ganesan; A. Hu; H. S. P. Wong; S. Wong; S. Mitra, "TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TCAD.2015.2474373
Abstract: There are increasing concerns about possible malicious modifications of integrated circuits (ICs) used in critical applications. Such attacks are often referred to as hardware Trojans. While many techniques focus on hardware Trojan detection during IC testing, it is still possible for attacks to go undetected. Using a combination of new design techniques and new memory technologies, we present a new approach that detects a wide variety of hardware Trojans during IC testing and also during system operation in the field. Our approach can also prevent a wide variety of attacks during synthesis, place-and-route, and fabrication of ICs. It can be applied to any digital system, and can be tuned for both traditional and split-manufacturing methods. We demonstrate its applicability for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we demonstrate: 1. The area and power costs of our approach can range between 7.4-165% and 7-60%, respectively, depending on the design and the attacks targeted; 2. The speed impact can be minimal (close to 0%); 3. Our approach can detect 99.998% of Trojans (emulated using test chips) that do not require detailed knowledge of the design being attacked; 4. Our approach can prevent 99.98% of specific attacks (simulated) that utilize detailed knowledge of the design being attacked (e.g., through reverse-engineering). 5. Our approach never produces any false positives, i.e., it does not report attacks when the IC operates correctly.
Keywords: Encoding; Hardware; Integrated circuits; Monitoring; Random access memory; Trojan horses;Wires;3D Integration; Concurrent Error Detection; Hardware Security; Hardware Trojan; Randomized Codes; Reliable Computing; Resistive RAM; Split-manufacturing (ID#: 16-9522)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7229283&isnumber=6917053
K. Huguenin; E. Le Merrer; N. Le Scouarnec; G. Straub, "Efficient and Transparent Wi-Fi Offloading for HTTP(S) POSTs," in IEEE Transactions on Mobile Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TMC.2015.2442237
Abstract: With the emergence of online platforms for (social) sharing, collaboration and backing up, mobile users generate ever-increasing amounts of digital data, such as documents, photos and videos, which they upload while on the go. Cellular Internet connectivity (e.g., 3G/4G) enables mobile users to upload their data but drains the battery of their devices and overloads mobile service providers. Wi-Fi data offloading overcomes the aforementioned issues for delay-tolerant data. However, it comes at the cost of constrained mobility for users, as they are required to stay within a given area while the data is uploaded. The up-link of the broadband connection of the access point often constitutes a bottleneck and incurs waiting times of up to tens of minutes. In this paper, we advocate the exploitation of the storage capabilities of common devices located on the Wi-Fi access point’s LAN, typically residential gateways, NAS units or set-top boxes, to decrease the waiting time. We propose HOOP, a system for offloading upload tasks onto such devices. HOOP operates seamlessly on HTTP(S) POST, which makes it highly generic and widely applicable; it also requires limited changes on the gateways and on the web servers and none to existing protocols or browsers. HOOP is secure and, in a typical setting, reduces the waiting time by up to a factor of 46. We analyze the security of HOOP and evaluate its performance by correlating mobility traces of users with the position of the Wi-Fi access points of a leading community network (i.e., FON) that relies on major national ISPs. We show that, in practice, HOOP drastically decreases the delay between the time the photo is taken and the time it is uploaded, compared to regular Wi-Fi data offloading. We also demonstrate the practicality of HOOP by implementing it on a wireless router.
Keywords: Browsers; HTML; IEEE 802.11 Standards; Logic gates; Mobile communication; Mobile handsets; Web services; Delay-tolerant networking; Web technologies; Wi-Fi offloading (ID#: 16-9523)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7118725&isnumber=4358975
J. Zhu; Y. Zou; B. Champagne; W. P. Zhu; L. Hanzo, "Security-Reliability Trade-off Analysis of Multi-Relay Aided Decode-and-Forward Cooperation Systems," in IEEE Transactions on Vehicular Technology, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TVT.2015.2453364
Abstract: We consider a cooperative wireless network comprised of a source, a destination and multiple relays operating in the presence of an eavesdropper, which attempts to tap the source-destination transmission. We propose multi-relay selection scheme for protecting the source against eavesdropping. More specifically, multi-relay selection allows multiple relays to simultaneously forward the source’s transmission to the destination, differing from the conventional single-relay selection where only the best relay is chosen to assist the transmission from the source to destination. For the purpose of comparison, we consider the classic direct transmission and single-relay selection as benchmark schemes. We derive closed-form expressions of the intercept probability and outage probability for the direct transmission as well as for the single-relay and multi-relay selection schemes over Rayleigh fading channels. It is demonstrated that as the outage requirement is relaxed, the intercept performance of the three schemes improves and vice versa, implying that there is a security versus reliability trade-off (SRT). We also show that both the single-relay and multi-relay selection schemes outperform the direct transmission in terms of SRT, demonstrating the advantage of the relay selection schemes for protecting the source’s transmission against the eavesdropping attacks. Finally, upon increasing the number of relays, the SRTs of both the singlerelay and multi-relay selection schemes improve significantly and as expected, multi-relay selection outperforms single-relay selection.
Keywords: Channel capacity; Closed-form solutions; Communication system security; Fading; Relays; Security; Wireless communication; Security-reliability trade-off; eavesdropping attack; intercept probability; outage probability; relay selection (ID#: 16-9524)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7152959&isnumber=4356907
Z. Yang; P. Cheng; J. Chen, "Learning-based Jamming Attack against Low-duty-cycle Networks," in IEEE Transactions on Dependable and Secure Computing, vol. PP, no. 99, pp. 1-1, 2015. doi: 10.1109/TDSC.2015.2501288
Abstract: Jamming is a typical attack by exploiting the nature of wireless communication. Lots of researchers are working on improving energy-efficiency of jamming attack from the attacker’s view. Whereas, in the low-duty-cycle wireless sensor networks where nodes stay asleep most of time, the design of jamming attack becomes even more challenging especially when considering the stochastic transmission pattern arising from both the clock drift and other uncertainties. In this paper, we propose LearJam, a novel learning-based jamming attack strategy against low-duty-cycle networks, which features the two-phase design consisting of the learning phase and attacking phase. Then in order to degrade the network throughput to the maximal degree, LearJam jointly optimizes these two phases subject to the energy constraint. Moreover, such process of optimization is operated iteratively to accommodate the requirement of practical implementation. Conversely, we also discuss how the state-of-the-art mechanisms can defend against LearJam, which will aid the researchers to improve the security of low-duty-cycle networks. Extensive simulations show that our design achieves significantly higher number of successful attacks and reduces the network’s throughput considerably, especially in a sparse low-duty-cycle network, compared with some typical jamming strategies.
Keywords: Clocks; Jamming; Sensors; Throughput; Uncertainty; Wireless communication; Wireless sensor networks; Security; cyber-physical system; jamming attack; low-duty-cycle network (ID#: 16-9525)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7329984&isnumber=4358699
Y. Zhang; Y. Shen; H. Wang; J. Yong; X. Jiang, "On Secure Wireless Communications for IoT Under Eavesdropper Collusion," in IEEE Transactions on Automation Science and Engineering, vol. PP, no. 99, pp. 1-13, 2015. doi: 10.1109/TASE.2015.2497663
Abstract: Wireless communication is one of the key technologies that actualize the Internet of Things (IoT) concept into the real world. Understanding the security performance of wireless communications lays the foundation for the security management of IoT. Eavesdropper collusion represents a significant threat to wireless communication security, while physical-layer security serves as a promising approach to providing a strong form of security guarantee. This paper studies the important secrecy outage performance of wireless communications under eavesdropper collusion, where the physical layer security is adopted to counteract such attack. Based on the classical Probability Theory, we first conduct analysis on the secrecy outage of the simple noncolluding case in which eavesdroppers do not collude and operate independently. For the secrecy outage analysis of the more hazardous M-colluding scenario, where any M eavesdroppers can combine their observations to decode the message, the techniques of Laplace transform, keyhole contour integral, and Cauchy Integral Theorem are jointly adopted to work around the highly cumbersome multifold convolution problem involved in such analysis, such that the related signal-to-interference ratio modeling for all colluding eavesdroppers can be conducted and thus the corresponding secrecy outage probability can be analytically determined. Finally, simulation and numerical results are provided to illustrate our theoretical achievements. An interesting observation suggests that the SOP increases first superlinearly and then sublinearly with M Keywords: Communication system security; Data collection; Relays; Security; Sensors; Wireless communication; Wireless sensor networks; Eavesdropper collusion; Internet of Things (IoT); physical layer security; secrecy outage performance; wireless communication (ID#: 16-9526)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7350251&isnumber=4358066
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.