ISeCure

Automatic detection of access control violations in software applications is a challenging problem. Insecure Direct Object Reference (IDOR) is among top-ranked vulnerabilities, which violates access control policies and cannot be yet detected by automated vulnerability scanners. While such tools may detect the absence of access control by static or dynamic testing, they cannot verify if it is properly functioning when it is present. When a tool detects requesting access to an object, it is not aware of access control policies to infer whether the request is permitted. This completely depends on the access control logic and there is no automatic way to fully and precisely capture it from software behavior. Taking this challenge into consideration, this article proposes a black-box method to detect IDOR vulnerabilities in web applications without knowing access control logic. To this purpose, we first, gather information from the web application by a semi-automatic crawling process. Then, we tricksily manipulate legal requests to create effective attacks on the web application. Finally, we analyze received responses to check whether the requests are vulnerable to IDOR. The detection process in the analysis phase is supported by our set theory based formal modeling of such vulnerabilities. The proposed method has been implemented as an IDOR detection tool (IDOT) and evaluated on a couple of vulnerable web applications. Evaluation results show that the method can effectively detect IDOR vulnerabilities provided that enough information is gathered in the crawling phase.

Mohammad Ali Hadavi

Arash Bagherdaei

Simin Ghasemi

Isecure.

IDOT: Black-Box Detection of Access Control Violations in Web Applications

IDOT：Web应用程序中访问控制违规的黑盒检测

The template attack is one of the most efficient attacks for exploiting the secret key. Template-based attack extracts a model for the behavior of side channel information from a device that is similar to the target device and then uses this model to retrieve the correct key on the target victim device. Until now, many researchers have focused on improving the performance of template attacks, but recently, a few countermeasures have been proposed to protect the design against these attacks. On the other hand, researches show that regular countermeasures against these attacks are costly. Randomized shuffling in the time domain is known as a cost-effective countermeasure against side-channel attacks that are widely used. In this article, we implemented an actual template attack and proposed an efficient countermeasure against it. We focus on the time shifting method against template attack. The results show that template attack is very susceptible to this method. The performance of attack on an AES algorithm is considerably reduced with this method. We reported the analysis results of our countermeasure.The performance of the attack can be determined according to various criteria. One of these criteria is the success rate of the attack. According to these results, template attack will be hardened significantly after the proposed protection such that the grade of the key recovery increases from 1 with 350K traces in unprotected design to 2100 with 700K traces in the protected circuit. This security improvement gains in the cost of about 7% delay overhead.

Farshideh Kordi

Hamed Hosseintalaee

Ali Jahanian

A Time Randomization-Based Countermeasure Against the Template Side-Channel Attack

基于时间随机化的模板侧信道攻击防御措施

Digital signature schemes are used to guarantee for non-repudiation and authenticity of any kind of data like documents, messages or software. The Winternitz one-time signature (WOTS) scheme, which can be described using a certain number of so-called “function chains”, plays an important role in the design of both stateless and stateful many-time signature schemes. The main idea of WOTS scheme is the use of a limited number of function chains, all of which begin at some random values. This work introduces WOTS-GES, a new WOTS type signature scheme in which the need for computing all of the intermediate values of the chains is eliminated. More precisely, to compute each algorithm of the proposed scheme, we only need to calculate one intermediate value. This significantly reduces the number of required operations needed to calculate the algorithms of WOTS-GES. To achieve this results, we have used the concept of “leveled” multilinear maps which is alsoreferred to as graded encoding schemes. We expect these results to increase the efficiency of Winternitz based digital signature schemes.

Hossein Oraei

Massoud Hadian Dehkordi

A New Variant of the Winternitz One Time Signature Based on Graded Encoding Schemes

基于分级编码方案的Winternitz一次性签名新变体

Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim's system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript and investigates challenges and countermeasures to overcome these attacks. Moreover, by investigating the countermeasures and their strengths and weaknesses, we introduce a detection-based approach, called Lurking Eyes. Our approach has the least reduction in the performance of JavaScript and WebAssembly. The evaluation results show that the Lurking eyes have an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering these values and no limitations, this method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly. Also, we provide a new accurate timer, named Eagle timer, based on WebAssembly memory for implementing these attacks.

Mohammad Erfan Mazaheri

Siavash Bayat Sarmadi

Farhad Taheri Ardakani

A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly

JavaScript和WebAssembly上定时侧信道攻击及对策研究

Steganalysis is an interesting classification problem to discriminate the images, including hidden messages from the clean ones. There are many methods, including deep CNN networks, to extract fine features for this classification task. Also, some researches have been conducted to improve the final classifier. Some state-of-the-art methods use ensemble of networks by a voting strategy to achieve more stable performance. In this paper, a selection phase is proposed to filter improper networks before any voting. This filtering is done by a binary relevance multi-label classification approach. Xu-Net and ResT-Net, the most famous state-of-the-art Steganalysis ensemble models, are considered as the base networks for feature extraction. The Logistic Regression (LR) is chosen here as the last layer of the networks for classification. One large-margin Fisher's linear discriminant (FLD) classifier is trained for each one of the networks to measure its suitability in classifying the query image. The proposed method with different approaches is applied on the BOSSbase dataset and compared to traditional voting and some state-of-the-art related ensemble techniques. The results show significant accuracy improvement of the proposed method in comparison with others.

Mahdieh Abazar

Peyman Masjedi

Mohammad Taheri

A Binary Relevance Adaptive Model-Selection for Ensemble Steganalysis

二值相关自适应模型选择集成隐写分析

Most of the current research on static analysis of Android applications for security vetting either work on Java source code or the Dalvik bytecode. Nevertheless, Android allows developers to use C or C++ code in their programs that is compiled into various binary architectures. Moreover, Java and the native code components (C or C++) can collaborate with each other using Java Native Interface. Recent research shows that native codes are frequently used in both benign and malicious Android applications. Most of the present Android static analysis tools avert considering native codes in their analysis and applied trivial models for their data-flow analysis. As we know only the open source JN-SAF tool has tried to solve this issue statically. However, there are still challenges like libC functions and multi-threading in native codes that we want to address in this work. We presented SANT as an extension of JN-SAF for supporting Static Analysis of Native Threads. We considered modeling libC functions in our data-flow analysis to have a more precise analysis when dealing with security vetting of native codes. We also used control flow and data dependence graphs in SANT to handle multiple concurrent threads and find implicit data-flow between them. Our experiments show that the conducted improvements outperforms JN-SAF in real-world benchmark applications.

Seyed Behnam Andarzian

Behrouz Tork Ladani

SANT: Static Analysis of Native Threads for Security Vetting of Android Applications

SANT：用于Android应用程序安全审查的本机线程静态分析

短名
Journal Impact	0.87
国际分区	COMPUTER SCIENCE, INFORMATION SYSTEMS(Q4)

涉及主题	isecureinformationsecuritycryptology
出版信息	出版商: Iranian Society of Cryptology，出版周期: ，期刊类型: journal，开源期刊: 是
基本数据	创刊年份: 2019，原创研究文献占比: 100.00%，自引率:25.00%， Gold OA占比: 0.00%
平均审稿周期	网友分享经验：10 Weeks

ISeCure

期刊引文格式

有 1 位以上作者的期刊

有 2 位作者的期刊

有 3 位作者的期刊

有 5 位以上作者的期刊

书籍引用格式

学位论文引用格式

网页引用格式

专利引用格式

手工熬夜修改参考文献？研飞自动匹配期刊，一键轻松成稿，支持 Word/WPS

投稿经验分享

IDOT: Black-Box Detection of Access Control Violations in Web Applications

IDOT: Black-Box Detection of Access Control Violations in Web Applications

IDOT: Black-Box Detection of Access Control Violations in Web Applications

IDOT: Black-Box Detection of Access Control Violations in Web Applications

IDOT: Black-Box Detection of Access Control Violations in Web Applications

A Time Randomization-Based Countermeasure Against the Template Side-Channel Attack

A New Variant of the Winternitz One Time Signature Based on Graded Encoding Schemes

A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly

A Binary Relevance Adaptive Model-Selection for Ensemble Steganalysis

SANT: Static Analysis of Native Threads for Security Vetting of Android Applications

ISSN	2008-2045, 2008-3076
h-index	7