The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The evolution of aircraft IT infrastructure tends to increasingly share computing resources between different applications, use COTS hardware and software, be open to applications and equipment provided by the airlines, and communicate with the outside world. This trend would give more opportunities for potential attackers to corrupt the onboard computing systems, if adequate security measures were...
Virtualization is rapidly gaining acceptance as a fundamental building block in enterprise data centers and is the core component of cloud computing platforms. It is most known for improving efficiency and ease of management. While this technology is meant to enhance the security of computer systems, some recent attacks show that virtual machine technology has much vulnerability and becomes exposed...
Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hyper visor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hyper visor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hyper visor will be affected...
Virtualized datacenter (VDC) has become a popular approach to large-scale system consolidation and the enabling technology for infrastructure-as-a-service cloud computing. The consolidation inevitably aggregates the security threats once faced by individual systems towards a VDC, and a VDC operator should remain vigilant of the threats at all times. We envision the need for on-demand mandatory security...
This paper presents a new framework for distributed intrusion detection based on taint marking. Our system tracks information flows between applications of multiple hosts gathered in groups (i.e. sets of hosts sharing the same distributed information flow policy) by attaching taint labels to system objects such as files, sockets, Inter Process Communication (IPC) abstractions, and memory mappings...
With the advent of modern online services such as cloud, security of remote machines has become a major concern. Remote Attestation is a term recently introduced by the Trusted Computing Group that enables a platform owner to the remotely verify the trusted state of the client platform. For this purpose, TCG based attestation or Integrity Measurement Architecture is proposed. The major problem with...
Semantic values in kernel data structures are critical to many security applications, such as virtual machine introspection, malware analysis, and memory forensics. However, malware, or more specifically a kernel rootkit, can often directly tamper with the raw kernel data structures, known as DKOM (Direct Kernel Object Manipulation) attacks, thereby significantly thwarting security analysis. In addition...
Advances in formal software verification has produced an operating system that is guaranteed mathematically to be correct and enforce access isolation. Such an operating system could potentially consolidate safety and security critical software on a single device where previously multiple devices were used. One of the barriers to consolidation on commodity hardware is the lack of hardware dependability...
The paper analyzes the traditional hook and inline hook's imperfection—easily to be detected and be recovered. To improve the inline hook technology, authors put forward a new technology called secret inline hook which has greater confidentiality and can avoid the malware's detection and falsify effectively. The technology has been successfully applied to the automatic analysis system of malware behaviour...
Many bugs, even those that are known and documented in bug reports, remain in mature software for a long time due to the lack of the development resources to fix them. We propose a general approach, R2Fix, to automatically generate bug-fixing patches from free-form bug reports. R2Fix combines past fix patterns, machine learning techniques, and semantic patch generation techniques to fix bugs automatically...
This paper presents NumChecker, a new Virtual Machine Monitor (VMM) based framework to detect control-flow modifying kernel rootkits in a guest Virtual Machine (VM). NumChecker detects malicious modifications to a system call in the guest VM by checking the number of certain hardware events that occur during the system call's execution. To automatically count these events, NumChecker leverages the...
As cloud and virtualized environments become more widely used to solve challenges faced by companies of all sizes, it is increasingly likely that this infrastructure will be a common focus of attacks in the years to come. Successful attacks against this infrastructure could allow an attacker to "break out" of the virtual environment and gain control of the physical infrastructure effectively...
This paper aims to defeat TCG TOCTOU attacks occurring in trusted para-virtualized machines (TPVM). We propose a robust and efficient response mechanism (RERM). Compared to the existing response mechanisms, RERM is more effective in defeating the TPVM TCG TOCTOU attacks without incurring CPU overhead during the normal system execution. We verify the security ability of RERM via both model checking...
Real Time Operating System (RTOS) had emerged in the market for the past few decades to provide solutions over various platforms that range from embedded devices to more sophisticated electronic system such nuclear plant and spacecraft. The evolution of the design of operating systems continues to endure the need of diverse applications that run on various platforms. Recently, there was a new element...
Integrating system-level virtualization technology with Trusted Computing technology can significantly improve system security. The open-source virtual TPM facility, shipped with the open-source hyper visor Xen, aims to provide the illusion of a physical TPM to TPM-based trusted software executed in trusted virtual machines (TVMs) such that TPM-based trusted software works well in a TVM as in a native...
The use of Smartphones in business has grown in the recent years bringing new ways to create and share information. Among the operating systems used by smartphones, Android has the most growing usage rate. Most recent Android versions have some security controls; however, there is a lack in the use of strong security controls for Android 2.3 (Gingerbread), which is the most spread version of this...
Trusted chain technology provides a good opportunity to guarantee software and data integrities on cloud computing platforms. However, trusted chain on current virtualization computing platforms expose some problems, such as non-continuous, difficult to evolve or customize, insecure to transmit for remote attestation. To address these issues, this paper proposes a new approach to construct, protect...
Inadvertent data disclosure by insiders is considered as one of the biggest threats for corporate information security. Data loss prevention systems typically try to cope with this problem by monitoring access to confidential data and preventing their leakage or improper handling. Current solutions in this area, however, often provide limited means to enforce more complex security policies that for...
LWRM was a method for defeating TCG TOCTOU attacks with less overhead during the normal system execution. However, its security capability was evaluated only through experiments. The uncertainty in real experiments may hide the design-level errors. In this paper we explore applying model checking based formal verification techniques to verify whether LWRM can achieve the declared security properties...
Leveraging developed root kit, malware could deeply hide its own process and hardly be detected. Based on analyzing various existing detecting technologies, a novel approach for hidden process detection was proposed in this paper. The approach used page table entry patching to traverse physical memory and obtain the raw data, and formulated the characteristic selection constraints to extract reliable...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.