Info
- Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.
Computer Security – ESORICS 2024 : 29th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16–20, 2024, Proceedings, Part III / / edited by Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, Sokratis Katsikas
| Computer Security – ESORICS 2024 : 29th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16–20, 2024, Proceedings, Part III / / edited by Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, Sokratis Katsikas |
| Autore | Garcia-Alfaro Joaquin |
| Edizione | [1st ed. 2024.] |
| Pubbl/distr/stampa | Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2024 |
| Descrizione fisica | 1 online resource (461 pages) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
KozikRafał
ChoraśMichał KatsikasSokratis |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Data protection
Cryptography Data encryption (Computer science) Computer networks - Security measures Computer networks Computer systems Data and Information Security Cryptology Security Services Mobile and Network Security Computer Communication Networks Computer System Implementation |
| ISBN | 3-031-70896-2 |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Contents - Part III -- Software and Systems Security -- Scheduled Execution-Based Binary Indirect Call Targets Refinement -- 1 Introduction -- 2 Overview -- 3 Basic Block Execution -- 3.1 Basic Block Scheduler -- 3.2 State Manager -- 4 Targets Inference -- 4.1 Background: Data Flow Analysis -- 4.2 Handling Branch Convergence -- 4.3 Handling Loop-Related Memory Access -- 4.4 Handling Multiple Calls -- 5 Implementation -- 6 Evaluation -- 6.1 Manual Analysis -- 6.2 Precision and Completeness -- 6.3 Case Studies -- 6.4 CFI Evaluation -- 6.5 Performance Evaluation -- 7 Related Work -- 8 Conclusion -- References -- Companion Apps or Backdoors? On the Security of Automotive Companion Apps -- 1 Introduction -- 2 The System Model and the Threat Model -- 2.1 The System Model -- 2.2 The Threat Model -- 3 Vehicle Companion App Analysis -- 3.1 App Function Analysis -- 3.2 Static Source Code Analysis -- 3.3 Network Traffic Analysis -- 3.4 Vulnerability Identification -- 4 Vulnerability Analysis and Results -- 4.1 App Data Collection -- 4.2 Experiment Setup -- 4.3 CAN Control Messages and Vulnerability Evaluation -- 4.4 Vulnerability Assessment -- 4.5 Attack Summary -- 5 Discussions -- 6 Related Work -- 7 Conclusion -- A Summary of Vulnerabilities in Top Apps -- References -- A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums -- 1 Introduction -- 2 Related Work -- 3 Taxonomy of Clones -- 4 Methodology -- 4.1 Data Collection -- 4.2 Pre-processing -- 4.3 Malicious Code Reuse Detection -- 4.4 Analysis -- 5 Evaluation -- 5.1 Evaluation Dataset -- 5.2 Evaluation of Methodology -- 5.3 Evaluation of Function-Call Extraction Techniques -- 6 Code Reuse Measurement -- 6.1 C and C++ -- 6.2 Java -- 6.3 Python -- 6.4 Findings -- 7 Discussion and Conclusions -- 7.1 Limitations -- 7.2 Key Takeaways.
7.3 Conclusion -- A Benign Datasets -- B Prominent Measurement Clusters -- B.1 C/C++ Clusters -- B.2 Java Clusters -- B.3 Python Clusters -- References -- Predicting Code Vulnerability Types via Heterogeneous GNN Learning -- 1 Introduction -- 2 Inter-procedural Compressed Code Property Graph -- 2.1 Building CCPGs -- 2.2 Processing Call Relationships -- 3 Heterogeneous GNN Learning for Multi-class Vulnerability Detection -- 3.1 Embeddings -- 3.2 Heterogeneous GNN Training -- 4 Experiments -- 5 Related Work -- 6 Conclusions -- References -- WASMixer: Binary Obfuscation for WebAssembly -- 1 Introduction -- 2 Background -- 2.1 WebAssembly (Wasm) -- 2.2 Obfuscation -- 3 WASMixer: Design and Challenges -- 3.1 Overview -- 3.2 Why Binary Obfuscator? -- 3.3 Challenges -- 4 Approach -- 4.1 Data Obfuscator -- 4.2 Code Obfuscator -- 5 Implementation and Evaluation -- 5.1 Implementation and Research Questions -- 5.2 RQ1: Semantic Consistency -- 5.3 RQ2: Effectiveness -- 5.4 RQ3: Overhead -- 6 Related Work -- 7 Threats of Validity -- 8 Conclusion -- A Appendix Figures and Tables -- References -- BloomFuzz: Unveiling Bluetooth L2CAP Vulnerabilities via State Cluster Fuzzing with Target-Oriented State Machines -- 1 Introduction -- 2 Motivation -- 2.1 Background -- 2.2 Technical Challenges -- 3 Design of BloomFuzz -- 3.1 State Machine Construction (P1) -- 3.2 Cluster-Based Packet Mutation (P2) -- 3.3 Crash Detection (P3) -- 4 Evaluation -- 4.1 Experimental Setup -- 4.2 Experiment on Crash Detection -- 4.3 Effectiveness of State Machine Generation -- 4.4 Efficiency of State Tracking and Packet Mutation -- 5 Discussion -- 6 Related Works -- 7 Conclusion -- A Discovered Crashes -- B Efficiency in Addressing Missing and Hidden States -- References -- TGRop: Top Gun of Return-Oriented Programming Automation -- 1 Introduction. 2 Shortcomings of State-of-the-Art Approaches -- 3 Methodology -- 3.1 Preprocessing: Blueprint Generation -- 3.2 Preprocessing: Analyzing Gadgets -- 3.3 Phase I: Achieving Sub-goals -- 3.4 Phase II: Resolving Dependencies -- 3.5 Phase III: Eliminating Side-Effects -- 3.6 Phase IV: Generating Final Chains -- 4 Implementation -- 5 Evaluation -- 5.1 Experiment Setup -- 5.2 Performance of TGRop -- 5.3 Ablation Analysis of TGRop -- 5.4 New Findings and Real-World Impact -- 6 Discussion -- 7 Conclusion -- A Appendix -- A.1 IRB Process -- References -- Formal Hardware/Software Models for Cache Locking Enabling Fast and Secure Code -- 1 Introduction -- 2 Hypotheses and Background -- 3 Memory Interface and Models of Cache -- 3.1 Software Cache Model -- 3.2 Hardware Cache Models -- 4 Evaluation -- 5 Observational Non-Interference with Attacker -- 5.1 Semantics of Instructions and Processes -- 5.2 ONI Preservation Principle with Attacker -- 5.3 Simulation and Indistinguishability -- 5.4 Discussion -- 6 Related Work -- 7 Conclusion -- A Evaluation of Algorithms with Input Dependent Locks -- B Semantics of Instructions -- C Proof of Theorem 1 -- References -- SerdeSniffer: Enhancing Java Deserialization Vulnerability Detection with Function Summaries -- 1 Introduction -- 1.1 Motivation -- 1.2 Research Contributions -- 1.3 Structure of the Paper -- 2 Framework Overview -- 3 Algorithms -- 3.1 Bottom-Up Information Flow Summary (BIFSum) -- 3.2 Data Processing -- 4 Experiments -- 4.1 Experimental Setup -- 4.2 Test Dataset -- 4.3 Effectiveness -- 4.4 Vulnerability Discovery -- 5 Discussion -- 6 Related Work -- 7 Conclusion -- A Appendix -- A.1 Clojure Command Execution -- References -- Interp-flow Hijacking: Launching Non-control Data Attack via Hijacking eBPF Interpretation Flow -- 1 Introduction -- 2 eBPF Background -- 2.1 eBPF Interpreter. 2.2 eBPF Programs and Maps -- 3 Threat Model and Assumptions -- 4 eBPF Interpretation Flow Hijacking -- 4.1 Overview -- 4.2 Identifying Hijack Targets -- 4.3 Tailcall Trampoline -- 5 Exploitability Evaluation -- 5.1 CVE Capability Requirement Analysis -- 5.2 Pivoting General CVE Capability -- 5.3 CVE Summary -- 6 Mitigation -- 6.1 Design -- 6.2 Implementation -- 6.3 Performance Evaluation -- 7 Related Work -- 7.1 eBPF and Bytecode Security -- 7.2 Common Kernel Attacks -- 8 Conclusion -- A Analysis Results -- B Arbitrary Kernel Code Execution -- References -- Applied Cryptopgraphy -- Fully Homomorphic Training and Inference on Binary Decision Tree and Random Forest -- 1 Introduction -- 2 Backgrounds -- 2.1 Notation -- 2.2 Binary Decision Tree -- 2.3 CKKS (Cheon-Kim-Kim-Song) Scheme -- 3 Related Work -- 4 Models -- 4.1 System Setting and Protocol Overview -- 4.2 Problem Definition -- 5 Homomorphic Binary Decision Tree (HBDT) -- 5.1 HBDT-Training Algorithm -- 5.2 HBDT-Inference Algorithm -- 6 Extending to Homomoprhic Random Forests (HRF) -- 7 Experimental Results -- 7.1 CKKS and Subroutines -- 7.2 Performance of Inference -- 7.3 Performance of HRF -- 8 Discussion -- 8.1 System Model Without KM -- 8.2 Discussion on Meeting the Privacy Requirements -- 9 Conclusion -- References -- Constant-Size Unbounded Multi-hop Fully Homomorphic Proxy Re-encryption from Lattices -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Related Works -- 2 Preliminaries -- 2.1 Notations -- 2.2 Gaussian Distributions -- 2.3 Cyclotomic Rings -- 2.4 (Ring) Learning with Errors Problem -- 2.5 BD and P2 Algorithms -- 2.6 LWE Public Key Encryption -- 2.7 Key Switching -- 2.8 Modulus Switching -- 3 Homomorphic Computation and Bootstrapping -- 3.1 Homomorphic NAND Gate Evaluation -- 3.2 Bootstrapping -- 4 Fully Homomorphic Proxy Re-Encryption (FHPRE) -- 5 FHPRE Scheme. 6 Security Proof -- 7 Multi-user Computation System Based on FHPRE -- 8 Performance Analysis -- 9 Conclusions and Future Works -- A Homomorphic Gates Evaluation -- References -- Key Recovery Attack on CRYSTALS-Kyber and Saber KEMs in Key Reuse Scenario -- 1 Introduction -- 1.1 Background -- 1.2 Related Work -- 1.3 Our Contribution -- 1.4 Organization -- 2 Preliminaries -- 2.1 Notation -- 2.2 Kyber -- 2.3 Saber -- 3 Attacks at Asiacrypt 2021 -- 4 Generalized Scenario of the Key Mismatch Attack -- 5 Attack Against CCA-Secure Kyber KEM -- 6 Experiments -- A Linear Programming Method -- References -- Secure Keyless Multi-party Storage Scheme -- 1 Introduction -- 2 Technical Overview -- 3 Generic Model -- 3.1 Multi-party Storage Scheme -- 3.2 KMPS Security Model -- 4 KMPS Instantiations -- 4.1 KAPRE - Upload Using Proxy Re-encryption -- 4.2 KAME - Upload Using Multikey Encryption -- 4.3 Common Download -- 5 Security Analysis -- 6 Instantiation and Experimental Results -- 7 Conclusion -- A Appendix -- References -- LLRing: Logarithmic Linkable Ring Signatures with Transparent Setup -- 1 Introduction -- 2 Technical Overview -- 2.1 Attack on DualDory -- 2.2 LLRing-P Linkable Ring Signature Scheme -- 2.3 LLRing-DL Linkable Ring Signature Scheme -- 3 Preliminaries and Models -- 4 DualDory -- 4.1 Malleability Attack on DualDory -- 5 LLRing-DL Linkable Ring Signature Scheme -- 6 LLRing-P Linkable Ring Signature Scheme -- 7 Empirical Evaluation -- 8 Conclusion -- A Additional Definitions -- References -- In Search of Partitioning Oracle Attacks Against TLS Session Tickets -- 1 Introduction -- 2 Background -- 2.1 Authenticated Encryption -- 2.2 Partitioning Oracle Attacks -- 2.3 TLS and Session Tickets -- 3 Partitioning Oracle Attacks on TLS -- 4 Library Evaluation -- 4.1 Methodology -- 4.2 Results -- 4.3 Attack Performance -- 5 Large-Scale Evaluation. 5.1 Library Identification. |
| Record Nr. | UNINA-9910887000903321 |
Garcia-Alfaro Joaquin
|
||
| Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2024 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Computer Security – ESORICS 2024 : 29th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16–20, 2024, Proceedings, Part I / / edited by Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, Sokratis Katsikas
| Computer Security – ESORICS 2024 : 29th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16–20, 2024, Proceedings, Part I / / edited by Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, Sokratis Katsikas |
| Autore | Garcia-Alfaro Joaquin |
| Edizione | [1st ed. 2024.] |
| Pubbl/distr/stampa | Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2024 |
| Descrizione fisica | 1 online resource (411 pages) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
KozikRafał
ChoraśMichał KatsikasSokratis |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Data protection
Cryptography Data encryption (Computer science) Computer networks - Security measures Computer networks Computer systems Data and Information Security Cryptology Security Services Mobile and Network Security Computer Communication Networks Computer System Implementation |
| ISBN | 3-031-70879-2 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Contents - Part I -- Security and Machine Learning -- Attesting Distributional Properties of Training Data for Machine Learning -- 1 Introduction -- 2 Background -- 3 Problem Statement -- 4 Distributional Property Attestation Mechanisms -- 5 Experimental Setup -- 6 Experimental Evaluation -- 6.1 Inference-Based Attestation -- 6.2 Cryptographic Attestation -- 6.3 Hybrid Attestation -- 7 Related Work -- 8 Discussions -- A Details for Cryptographic Attestation -- References -- Towards Detection-Recovery Strategy for Robust Decentralized Matrix Factorization -- 1 Introduction -- 2 Background and Related Work -- 2.1 Decentralized Matrix Factorization -- 2.2 Threats and Remedies in Distributed Learning -- 3 The Vulnerability of DMF -- 3.1 Threat Model -- 3.2 The Tampering Attack on DMF -- 4 Our Approach -- 4.1 The Decentralized Detection -- 4.2 The Recovery Strategy -- 4.3 Comprehensive Framework -- 5 Experiment -- 5.1 Experimental Setup -- 5.2 The Threat of the Tampering Attack -- 5.3 Effective Defense with the Detection-Recovery Strategy -- 5.4 Adaptive Attack -- 5.5 More Results -- 6 Conclusion and Discussion -- A Technical Proofs -- References -- Bayesian Learned Models Can Detect Adversarial Malware for Free -- 1 Introduction -- 2 Background and Related Work -- 3 Problem Definition -- 3.1 Threat Model -- 3.2 Adversarial Malware Attacks -- 4 Measuring Uncertainty -- 4.1 Bayesian Machine Learning for Malware Detection -- 4.2 Uncertainty Measures -- 5 Experiments and Results -- 5.1 Experimental Setup -- 5.2 Clean Performance (No Attacks) in Android Domain -- 5.3 Robustness Against Problem-Space Adversarial Android Malware -- 5.4 Robustness Against Feature-Space Adversarial Android Malware -- 5.5 Generalization to PDF Malware -- 5.6 Generalization to Windows PE Files -- 6 Identifying Concept Drift.
7 Model Parameter Diversity Measures -- 8 Threat to Validity -- 9 Conclusion -- References -- Resilience of Voice Assistants to Synthetic Speech -- 1 Introduction -- 2 Voice Assistants -- 3 Related Work -- 3.1 Deepfake Speech Synthesis -- 3.2 Spofing Attacks on Biometrics Systems -- 3.3 Spoofing Voice Assistants -- 4 Experiments -- 4.1 Used Speech Synthesisers -- 4.2 Environment Description -- 4.3 Details of the Setup -- 5 Experimental Evaluation -- 6 Threat Analysis -- 7 Discussion -- 7.1 Observations -- 7.2 Mitigation Methods -- 8 Conclusions -- References -- Have You Poisoned My Data? Defending Neural Networks Against Data Poisoning -- 1 Introduction -- 2 Background -- 2.1 Feature Collision -- 2.2 Convex Polytope and Bullseye Polytope -- 2.3 Gradient Matching -- 3 System and Threat Models -- 3.1 System Model -- 3.2 Threat Model -- 4 Our Approach -- 4.1 Formal Description of the Approach -- 5 Experimental Setup -- 5.1 Dataset -- 5.2 Poison Generation Algorithms and Defenses -- 6 Evaluation -- 6.1 Poisons vs Clean Samples: A Characteristic Vector Perspective -- 6.2 Poison Detection -- 7 Related Works -- 8 Conclusions and Future Work -- A Implementation Details -- B Additional Experimental Results -- References -- Jatmo: Prompt Injection Defense by Task-Specific Finetuning -- 1 Introduction -- 2 Background -- 2.1 LLM-Integrated Applications -- 2.2 Prompt Injections -- 2.3 Examples -- 3 Related Works -- 3.1 Types of Attacks -- 3.2 Pitfalls of Traditional Defenses -- 4 Jatmo -- 4.1 Synthetic Input Generation -- 5 Results -- 5.1 Experimental Methodology -- 5.2 Main Results -- 5.3 Training with Less Data -- 5.4 Synthetic Dataset Generation -- 6 Discussion -- 7 Summary -- A Appendix -- A.1 Detailed Task Parameters -- References -- PointAPA: Towards Availability Poisoning Attacks in 3D Point Clouds -- 1 Introduction -- 2 Related Work. 2.1 Adversarial Attacks of 3D Point Clouds -- 2.2 Backdoor Attacks of 3D Point Clouds -- 2.3 Availability Poisoning Attacks in 2D Images -- 3 Methodology -- 3.1 Threat Model -- 3.2 Motivation and Challenges -- 3.3 Inspiration and Exploration -- 3.4 PointAPA: Point Cloud Availability Poisoning Attack -- 3.5 Why Does PointAPA Work? -- 4 Experiments -- 4.1 Experimental Settings -- 4.2 Evaluation on PointAPA -- 4.3 Evaluation Under Overlapped Rotation Angles -- 4.4 Robustness to Defense Schemes -- 4.5 Hyper-parameter Analysis -- 5 Conclusion -- A Appendix -- References -- ECLIPSE: Expunging Clean-Label Indiscriminate Poisons via Sparse Diffusion Purification -- 1 Introduction -- 2 Related Work -- 2.1 Clean-Label Indiscriminate Poisoning Attacks -- 2.2 Defenses Against Poisoning Attacks -- 3 Methodology -- 3.1 Threat Model -- 3.2 Motivation for Studying Defenses Against CLBPAs -- 3.3 Key Intuition and Theoretical Insight -- 3.4 Challenges and Approaches -- 3.5 Our Design for ECLIPSE -- 4 Experiments -- 4.1 Experimental Settings -- 4.2 Evaluation of ECLIPSE -- 4.3 Purification Visual Effect -- 4.4 Resistance to Potential Adaptive Attacks -- 4.5 Hyper-Parameter Analysis -- 4.6 Ablation Study -- 4.7 Analysis of ECLIPSE -- 5 Conclusion and Limitation -- A Appendix -- References -- MAG-JAM: Jamming Detection via Magnetic Emissions -- 1 Introduction -- 2 MAG-JAM Overview, Scenario and Adversary Model -- 2.1 MAG-JAM Overview -- 2.2 Scenario and Adversary Model -- 3 Jamming Detection Using Magnetic Sensor -- 3.1 DRV425 Magnetic Sensor Setup -- 3.2 Magnetic Sensor Results -- 3.3 Early Jamming Detection -- 4 MAG-JAM Evaluation -- 4.1 Experimental Setup - Magnetic Probe -- 4.2 Magnetic Emissions Collection Using the Magnetic Probe -- 4.3 Dataset Description -- 4.4 Features Extraction -- 4.5 Jamming Detection Using Autoencoder -- 5 Discussion -- 6 Related Work. 7 Conclusion -- References -- Fake or Compromised? Making Sense of Malicious Clients in Federated Learning -- 1 Introduction -- 2 Types of Byzantine-Robust Aggregation Rules -- 3 Distinguishing Fake And Compromised Adversary Models -- 3.1 Adversary with Fake Clients -- 3.2 Adversary with Compromised Clients -- 4 Our Proposed Hybrid Adversary Model -- 4.1 Comparing the Costs of Different Adversaries -- 5 Experimental Setup -- 5.1 Datasets and Hyperparameters -- 5.2 Evaluation Metric -- 5.3 Generating Synthetic Data Using DDPM -- 6 Experiments -- 6.1 Attacking Agnostic Robust AGRs -- 6.2 Attacking Adaptive Robust AGRs -- 7 Conclusions -- A Auxiliary Results of Model Poisoning Attacks Against Aware AGRs -- References -- Beyond Words: Stylometric Analysis for Detecting AI Manipulation on Social Media -- 1 Introduction -- 2 Related Work -- 2.1 Pervasiveness and Influence of Social Bots -- 2.2 Evaluation and Detection of Social Bots and AI-Text -- 3 Study Design -- 3.1 Data Generation and Preparation -- 3.2 Stylometric Analysis -- 3.3 Analysis Methods -- 4 Results -- 5 Threats to Validity -- 6 Conclusions -- References -- FSSiBNN: FSS-Based Secure Binarized Neural Network Inference with Free Bitwidth Conversion -- 1 Introduction -- 1.1 Related Work -- 1.2 Our Contributions -- 2 Preliminaries -- 2.1 Binarized Neural Networks -- 2.2 Additive Secret Sharing -- 2.3 Function Secret Sharing -- 3 Secure BNN Inference Framework -- 3.1 The FSSiBNN Overview -- 3.2 Bitwidth-Reduced Parameter Encoding Scheme with Free Bitwidth Conversion -- 3.3 Online-Efficient Secure Non-linear BNN Layers via FSS -- 4 Secure BNN Inference Protocol -- 4.1 Secure Fully Connected and Convolutional Layers -- 4.2 Secure Batch Normalization and Binary Activation Layers -- 4.3 Secure Max Pooling Layers -- 5 Theoretical Analysis and Experiment -- 5.1 Theoretical Analysis. 5.2 Experimental Results and Analysis -- 6 Conclusion -- A Proof of Sign Function Gate in Sect.4.2 -- B Analysis of Computation Complexity -- C Evaluation and Analysis of Inference Accuracy -- References -- Optimal Machine-Learning Attacks on Hybrid PUFs -- 1 Introduction -- 1.1 Problem Statement and Related Work -- 1.2 Contributions -- 1.3 Paper Organisation -- 2 Mathematical Representations of Hybrid PUFs -- 2.1 XOR Arbiter PUF -- 2.2 OR-AND-XOR-PUF -- 2.3 Homogeneous and Heterogeneous Feed-Forward XOR Arbiter PUF -- 2.4 Other Hybrid PUFs -- 2.5 State-of-Art Modelling Structures -- 3 Methodology -- 3.1 Local Minima Problem -- 3.2 Modelling PUFs Using Miture-of-Experts -- 3.3 Routine Algorithm -- 3.4 Proposed Transition Theorem -- 4 Experiments and Evaluation -- 4.1 Modelling Hybrid PUFs Using the Generic Model -- 4.2 Modelling Hybrid PUFs Using the Proposed Transition Theorem -- 5 Conclusion -- A Transition Theorem and Proofs -- A.1 OAX-PUF -- B Feed-Forward PUF -- References -- Outside the Comfort Zone: Analysing LLM Capabilities in Software Vulnerability Detection -- 1 Introduction -- 2 Related Work -- 2.1 SAST-Based Vulnerability Detection -- 2.2 Task-Specific DL Models for Vulnerability Detection -- 2.3 LLM-Based Vulnerability Detection -- 3 Methodology -- 4 Experiments -- 4.1 Prompt Engineering and Hardware Setup -- 4.2 Datasets -- 5 Results and Discussion -- 6 Conclusions -- References -- ZeroLeak: Automated Side-Channel Patching in Source Code Using LLMs -- 1 Introduction -- 2 Background -- 3 Related Work -- 4 Threat Model and Scope -- 5 Methodology -- 5.1 Ensuring Constant-Time Execution -- 5.2 Mitigating Spectre-v1 -- 6 Evaluation -- 6.1 Patching Spectre-v1 Gadgets -- 6.2 Patching a Real World Spectre-v1 Gadget -- 6.3 Patching Real-World Javascript Libraries for Constant-Timeness -- 6.4 Comparison of LLMs -- 7 Discussion and Limitations. 8 Conclusion. |
| Record Nr. | UNINA-9910886990203321 |
|
Garcia-Alfaro Joaquin
|
||
| Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2024 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Computer Security – ESORICS 2024 : 29th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16–20, 2024, Proceedings, Part IV / / edited by Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, Sokratis Katsikas
| Computer Security – ESORICS 2024 : 29th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16–20, 2024, Proceedings, Part IV / / edited by Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, Sokratis Katsikas |
| Autore | Garcia-Alfaro Joaquin |
| Edizione | [1st ed. 2024.] |
| Pubbl/distr/stampa | Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2024 |
| Descrizione fisica | 1 online resource (495 pages) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
KozikRafał
ChoraśMichał KatsikasSokratis |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Data protection
Cryptography Data encryption (Computer science) Computer networks - Security measures Computer networks Computer systems Data and Information Security Cryptology Security Services Mobile and Network Security Computer Communication Networks Computer System Implementation |
| ISBN | 3-031-70903-9 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Contents - Part IV -- Attacks and Defenses -- Cips: The Cache Intrusion Prevention System -- 1 Introduction -- 2 Background -- 3 Cache Attack Detection Overview and Open Challenges -- 4 CIPS in a Nutshell -- 4.1 Attacker Model -- 4.2 Attack Detection -- 4.3 Attack Prevention -- 5 Evaluation -- 5.1 Evaluation Setup -- 5.2 Security Analysis -- 5.3 Performance -- 5.4 Hardware Implementation -- 6 Conclusion -- A Comparison to Related Work -- References -- ReminISCence: Trusted Monitoring Against Privileged Preemption Side-Channel Attacks -- 1 Introduction -- 2 Background -- 2.1 Privileged Side-Channel Attacks -- 2.2 Hardware Performance Monitor -- 2.3 RISC-V Infrastructures -- 3 System Design -- 3.1 Threat Model -- 3.2 ReminISCence Overview -- 4 Implementation -- 4.1 ReminISCing over Side-Channel Vectors on RISC-V -- 4.2 Sampling Facility -- 4.3 Trusted Scheduling -- 5 Evaluation -- 5.1 Monitoring Preemption Attacks -- 5.2 Overhead -- 5.3 Security Discussion -- 6 Related Work -- 7 Conclusion -- References -- A Plug-and-Play Long-Range Defense System for Proof-of-Stake Blockchains -- 1 Introduction -- 2 Preliminaries -- 3 Protocol Description -- 4 Construction of InPoSW -- 4.1 Challenges of Constructing InPoSW -- 4.2 Construction Overview -- 5 Construction of Bootstrap Against Long-Range Attacks -- 5.1 Security -- 6 Performance Estimation with Concrete Parameters -- 7 Related Works -- A Formal Proofs -- References -- Leveraging Hierarchies: HMCAT for Efficiently Mapping CTI to Attack Techniques -- 1 Introduction -- 2 Related Work -- 2.1 Cyber Threat Intelligence -- 2.2 Mapping of Cyber Threat Intelligence -- 3 Method -- 3.1 Processing Step -- 3.2 Hierarchical Mapping of CTI -- 4 Results and Discussion -- 4.1 Main Results -- 4.2 Contribution of Components -- 5 Limitations -- 6 Conclusions and Future Work.
A The Comparison of Dataset Distributions -- B Experimental Setup -- B.1 Datasets and Evaluation Metrics -- B.2 Implementation Details -- References -- Duplication-Based Fault Tolerance for RISC-V Embedded Software -- 1 Introduction -- 2 Related Work -- 3 Protection by Fault Injection Emulation -- 4 Debugger-Driven FI Testing -- 5 Debug Specification Extension -- 6 Code Hardening Tool -- 7 Implementation -- 8 Evaluation -- 9 Conclusion -- References -- Similar Data is Powerful: Enhancing Inference Attacks on SSE with Volume Leakages -- 1 Introduction -- 2 The Proposed Attacks -- 2.1 Intuition -- 2.2 VolScore -- 2.3 RefVolScore -- 2.4 ClusterVolScore -- 3 Experimental Evaluation -- 3.1 Methodology -- 3.2 Results -- 4 Conclusion -- References -- SAEG: Stateful Automatic Exploit Generation -- 1 Introduction -- 1.1 Challenges from Modern Protection Mechanisms -- 1.2 Our Solutions -- 2 Background -- 3 Design -- 3.1 Methodology -- 3.2 Architecture -- 3.3 Example -- 4 Implementation -- 5 Evaluation -- 6 Discussion -- 7 Related Works -- 7.1 AEG -- 7.2 Path Exploration -- 8 Conclusion -- References -- IntentObfuscator: A Jailbreaking Method via Confusing LLM with Prompts -- 1 Introduction -- 1.1 Our Contributions -- 2 Related Work -- 3 Problem Definition -- 3.1 Definition of Successful Prompt Attack -- 3.2 Assumptions on LLM Vulnerability to Query Obfuscation -- 4 Methodology -- 4.1 Obscure Intention -- 4.2 Create Ambiguity -- 5 Experiments and Analysis -- 5.1 Experiment Environment -- 5.2 Datasets Preparation -- 5.3 Evaluation Metrics -- 5.4 Results Analysis of Jailbreak Attack -- 6 Possible Mitigation Strategies for Prompt Injection Attacks -- 7 Conclusion -- References -- Breaking Through the Diversity: Encrypted Video Identification Attack Based on QUIC Features -- 1 Introduction -- 2 Related Work -- 3 Threat Model and Challenges -- 3.1 Threat Model. 3.2 Challenges -- 4 Methodology -- 4.1 Constructing the Key-Value Structured Real Fingerprint Database -- 4.2 Obtaining Accurate Transmission Fingerprints -- 4.3 Implementing Efficient Video Identification -- 5 Evaluation -- 5.1 Dataset -- 5.2 Experimental Setup -- 5.3 Closed-World Analysis -- 5.4 Open-World Analysis -- 5.5 Comparison with Relevant Studies -- 6 Mitigation -- 7 Conclusion -- A Impact of the QUIC-Based Correction -- B Experimental Setup -- B.1 Correction Parameters , , and p -- B.2 HMM Probability Matrix A and B -- C Open-World Thresholds -- References -- Patronum: In-network Volumetric DDoS Detection and Mitigation with Programmable Switches -- 1 Introduction -- 2 Background and Motivation -- 2.1 Programmable Switches and Count-Min Sketch -- 2.2 Motivating Patronum -- 3 Design of Patronum -- 3.1 Overview -- 3.2 High Frequency Periodic In-Network Measurement -- 3.3 Entropy Difference Based DDoS Detection -- 3.4 In-Network Source-Based Bandwidth Monitor -- 4 Implementation and Evaluation -- 4.1 Methodology -- 4.2 EDM Approximation Accuracy and Micro Benchmarks -- 4.3 Many-to-Few Attacks -- 4.4 Few-to-Few Attacks -- 5 Discussion -- 6 Related Work -- 7 Conclusion -- A Derivation of Entropy Reformulation -- References -- Wherever I May Roam: Stealthy Interception and Injection Attacks Through Roaming Agreements -- 1 Introduction -- 2 Background -- 2.1 Lawful Interception Interfaces and Regulations -- 2.2 Roaming in 5G -- 3 Attacker Model -- 4 Attacks on 5G Roaming -- 4.1 Exploiting the System -- 4.2 Network Name Displayed on UE -- 4.3 Authentication Vector Abuse -- 4.4 Network Traffic Rerouting -- 5 Mitigations -- 5.1 Mitigating the Root Cause -- 5.2 Trust Chain Visibility -- 5.3 Proof of Location -- 5.4 Indicators of Roaming Abuse -- 5.5 Responsible Disclosure -- 6 Related Work -- 7 Conclusion -- A Appendix -- References. It is Time To Steer: A Scalable Framework for Analysis-Driven Attack Graph Generation -- 1 Introduction -- 2 Preliminaries -- 3 Overview of Our Approach -- 4 StatAG: Statistically Significant Generation -- 4.1 StatAG Validation -- 5 SteerAG: Steered Generation and Analysis -- 5.1 SteerAG Validation -- 6 Case Study Evaluation -- 6.1 Application to Large Real Networks -- 6.2 Coverage of Attack Path Analyses -- 7 Related Work -- 8 Discussion and Concluding Remarks -- A Query Stringency Analysis -- References -- Resilience to Chain-Quality Attacks in Fair Separability -- 1 Introduction -- 2 Related Work -- 3 Model -- 3.1 Processes and Network -- 3.2 Cryptography -- 3.3 Secure Broadcast -- 3.4 Byzantine Agreement -- 3.5 State Machine Replication -- 3.6 Fair Separability -- 3.7 Notations -- 4 Safe Implementation -- 4.1 Overview -- 4.2 Ordering Step -- 4.3 Consensus Step -- 4.4 Delivery Step -- 5 Fixing Liveness -- 5.1 Issue with Previous Protocol -- 5.2 Fixing Liveness -- 6 Protocol Analysis -- 6.1 State Machine Replication -- 6.2 Fair Separability -- 6.3 Discussion -- 7 Conclusion -- References -- Leveraging Transformer Architecture for Effective Trajectory-User Linking (TUL) Attack and Its Mitigation -- 1 Introduction -- 2 Related Work -- 2.1 Trajectory-User Linking (TUL) -- 2.2 Location Privacy-Preserving Mechanisms (LPPM) -- 3 TUL-STEO and Priv-STEO -- 3.1 Problem Statement and Adversary Model -- 3.2 Overview of the Approach -- 3.3 Preprocessing Steps -- 3.4 Trajectory Representation Learning -- 3.5 Spatio-Temporal Encoder-Only (STEO) -- 3.6 Training Procedure -- 4 Experimental Evaluation -- 5 Conclusion and Future Work -- A Multi-resolution Vocabulary Construction -- References -- VFLIP: A Backdoor Defense for Vertical Federated Learning via Identification and Purification -- 1 Introduction -- 2 Preliminaries -- 2.1 Vertical Federated Learning. 2.2 Backdoor Attacks in VFL -- 2.3 Threat Model -- 3 Method -- 3.1 MAE Training -- 3.2 VFLIP Mechanism -- 4 Experiments -- 4.1 Experiments Setup -- 4.2 Main Results -- 4.3 Multiple Attackers -- 4.4 Anomaly Score Distribution -- 4.5 Ablation Study -- 5 Adaptive Attack -- 6 Conclusion -- A Appendix -- A.1 VFL Backdoor Attacks -- A.2 Attack Settings -- A.3 Results for Label Inference Attacks -- A.4 Impact of Bottom Model Architecture -- A.5 Impact of the MAE Training Strategies -- References -- How to Better Fit Reinforcement Learning for Pentesting: A New Hierarchical Approach -- 1 Introduction -- 2 Background and Related Work -- 3 Problem Statement -- 4 Model Definition -- 5 Experimental Setup -- 5.1 Modified CybORG -- 5.2 Experimental Scenarios -- 6 Results -- 7 Conclusion -- A Reduction of Action Space -- B Configuration of Hyperparamters -- C Rewards Definition -- References -- Revoke: Mitigating Ransomware Attacks Against Ethereum Validators -- 1 Introduction -- 2 Background and Motivation -- 3 Revoke Design -- 3.1 Decentralised Key Revocation -- 3.2 Threat Model -- 3.3 Revocation Overview -- 4 Revocation Algorithms -- 4.1 Chain Level -- 4.2 View Level -- 4.3 Ethereum Implementation -- 5 Correctness -- 5.1 Preliminaries -- 5.2 Revoke Definitions -- 5.3 Safety -- 5.4 Liveness -- 6 Revocation Incentives -- 7 Related Work -- 8 Conclusions -- A Appendix -- A.1 Safety -- A.2 Liveness -- References -- Exploiting Layerwise Feature Representation Similarity For Backdoor Defence in Federated Learning -- 1 Introduction -- 2 Background -- 2.1 Centered Kernel Alignment -- 3 FedAvgCKA Design -- 3.1 Design Challenges -- 3.2 Implementation -- 4 Experimental Setup -- 5 Experimental Results -- 6 Related Work -- 7 Conclusion -- A Appendix A: FedAvgCKA Algorithm -- References -- Miscellaneous. Automatic Verification of Cryptographic Block Function Implementations with Logical Equivalence Checking. |
| Record Nr. | UNINA-9910886989703321 |
|
Garcia-Alfaro Joaquin
|
||
| Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2024 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||