The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The rapid development in the modern technology and its widespread utilization in number of applications brings in new challenges that need to be addressed. Security is one of such challenges that has grown into a major concern over the years. Periodically new incidents of data and system breaches are reported. For this purpose, usually different side channels in the system are being exploited by the...
In this paper, we propose reversed taint analysis to dig out the root cause of the vulnerability leading to crash. In order to increase the efficiency, we propose that during the analysis process, we should only taint the EIP register when the crash happens and then trace back to analyze the data and operations, until we find out the influential inputs that can be controlled by the users. In addition,...
This paper proposes a method which utilizing taint analysis to reduce the unnecessary analysis routine, concentrating on the control-flow altering input using concolic (concrete and symbolic) execution procedure. A prototype, Concolic Fuzz is implemented based on this method, which is built on Pin platform at x86 binary level and using Z3 as the SMT (Satisfiability Modulo Theories) solver. The results...
One of the great attractions of Software Defined Networking (SDN) has been the promise of transforming the network by providing a degree of flexibility and automation that until now has never been available. Of interest however is that all of these exciting solutions are usually discussed in isolation and rarely do proponents allude to the fact that numerous applications can be deployed simultaneously...
Advanced Metering Infrastructure (AMI) has evolved to measure and control energy usage in communicating through metering devices. However, the development of the AMI network brings with it security issues, including the increasingly serious risk of malware in the new emerging network. Malware is often embedded in the data payloads of legitimate metering data. It is difficult to detect malware in metering...
The implementation of debugging tools through joint action test group (JTAG) has led to increased exposure of intellectual property through the interface. In this brief, the first hardware implementation of a flexible multilevel access security system for the JTAG interface is detailed. The proposed method is user-privilege aware, which allows for higher granularity for controlling user access of...
We present a simple framework capable of automatically generating attacks that exploit control flow hijacking vulnerabilities. We analyze given software crashes and perform symbolic execution in concolic mode, using a whole system environment model. The framework uses an end-to-end approach to generate exploits for various applications, including 16 medium scale benchmark programs, and several large...
Software systems can exhibit massive numbers of execution paths, and even comprehensive testing can exercise only a small fraction of these. It is no surprise that systems experience errors and vulnerabilities in use when many executions are untested. Computations over the functional semantics of programs may offer a potential solution. Structured programs are expressed in a finite hierarchy of control...
Based on information security technology of speculation implementation hardware, we design and implement the SHIFT(Speculative Hardware based Information Flow Tracking) system to enhance software security in cloud computing platform. SHIFT system uses that processor support delay exceptions, design and implement efficient dynamic information flow tracking technology. The system can detect low-level...
An essential phase in the testing of a security system is to attack the target software in a test environment and then to check the response of the security system. However, obtaining or developing a sufficient number of vulnerable software and exploits is not straightforward. One approach for collecting information on how a security system reacts to various attacks is to ``fabricate'' the effects...
Increases in the powerful features being deployed through the JTAG interface has left the testing platform vulnerable to malicious users. In this paper the hardware implementation of a flexible multilevel security access system is described. The security mechanism allows for higher granularity for controlling user access of individual scan chains. This allows for blocking of individual opcodes from...
Buffer overflow vulnerabilities are currently the most prevalent security vulnerability. The paper presents a method that combines static analysis with dynamic test to deal with the problem on buffer overflow vulnerabilities detecting. By using the method we can identify potential weakness locations. A buffer overflow vulnerabilities testing system was developed. The experiment results tested and...
Software vulnerability is the major root of security issues which results in serious attacks such as DDOS and worms. How to find vulnerability especially on binaries has been an alluring but challenging topic. Traditional black-box fuzzing heavily relies on input format so that it cannot work on unknown formats, more severely, it cannot generate effective test cases because it randomly change input...
The automatic testing tools of component security bring great effect on component-based software engineering, and they can effectively ensure the security of component-based software. A prototype tool named CSTS (component security testing system) is designed and implemented to test the security of the widely-used COTS (Commercial-off-the-Shelf) Microsoft COM (component object model) component. CSTS,...
Scan testing has been proven to leak secret information through side-channel attacks. To ensure high security when testing crypto chips without compromising testability, a new secure scan architecture with key authorized test controlling is proposed. In this method, multiple test keys are uniquely integrated into the test vectors by employing a special key fill technique without increasing the test...
Session Initiation Protocol (SIP) has emerged as the predominant protocol for setting up, maintaining, and terminating Voice over Internet Protocol (VoIP) sessions. In spite of the security mechanisms that it offers, several attacks are being made on the SIP architecture. In this paper we take a proactive approach and highlight the importance of testing SIP from a security perspective. We first give...
Cryptographic devices are recently implemented with different countermeasures against side channel attacks and fault analysis. Moreover, some usual testing techniques, such as scan chains, are not allowed or restricted for security requirements. In this paper, we analyze the impact that error detecting schemes have on the testability of an implementation of the advanced encryption standard, in particular...
Encryption algorithms could suffer fault injection attacks in order to obtain the secret key. In this paper, a specific protection for any round-based encryption algorithm is presented, analyzed and tested. It is providing a high degree of robustness together with a small penalty in the algorithm throughput when dealing with specific intentional attacks. Experimental results on advanced encryption...
Since its introduction, test access port has become an inseparable part of the majority of integrated circuits. Commonly referred to as JTAG, it meant to provide a solution to the problem of testing assembled printed circuit boards as well as a means of accessing and controlling on-chip test-dedicated features. With appearance and ever increasing complexity of multi-processor system-on-chip integrated...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.