Invited Talk 1: Using Text Analytics to Enhance Security Analysis of Mobile Applications
Time: June 5th, 11:00 – 12:00
Speaker: William Enck (NC State)
Mobile platforms such as Android and iOS have become a primary form of computing for millions of users. These modern platforms are built around the notion of “apps,” providing rich runtime environments that provide application developers easy access to sensors (e.g., location, camera), user information (e.g., contacts, social networks), and device functionality (e.g., voice and SMS communication). Correspondingly, the security architectures of these platforms treat apps as first-class security principals, assigning each app its own set of privileges. As a result, to understand the security of mobile platforms, we must first understand the security of the apps.
Mobile app security has several dimensions. Since mobile platform access control is based on least privilege, a key challenge is determining what a given app can and should do. Program analysis can determine what an app can do; however, what an app should do is often ill-defined. Security researchers often define a blacklist of domain-specific rules (e.g., an app that records phone calls in the background) and raise alarms whenever those rules are matched. However, these rules lack the context of the user’s expectations. For example, the user may want to use an app to record their phone calls.
This talk describes how text analytics provides a promising primitive to enhance mobile applications security. A key observation is that natural language text often influences the user’s expectations of an app’s functionality, and therefore can act as a proxy for it. Natural language text appears in descriptions of apps in app stores, as well as within the user interfaces displayed at runtime. We discuss the challenges and limitations of using text analytics to aid security analysis of mobile applications as well as two approaches, Whyper and UiRef, that do so. We conclude with observations for future directions and applications of text analytics to aid security problems.
William Enck is an Associate Professor in the Department of Computer Science at the North Carolina State University where he is director of the Wolfpack Security and Privacy Research (WSPR) laboratory. Prof. Enck’s research interests span the broad area of systems security, with efforts addressing security challenges in mobile applications, operating systems, cloud services, and networking. In particular, his work in mobile application security has led to significant consumer awareness and changes to platforms. Prof. Enck was awarded the National Science Foundation CAREER Award and regularly serves on program committees for top conferences in security such as USENIX Security, IEEE Security and Privacy, ACM CCS, and NDSS. He is serving as department editor for IEEE Security and Privacy Magazine, as associate editor for ACM TOIT, and on the steering committee of ACM WiSec. He is program co-chair of USENIX Security 2018 and was program co-chair of ACM WiSec 2016. Prior to joining NC State, Prof. Enck earned his Ph.D., M.S., and B.S in Computer Science and Engineering from the Pennsylvania State University in 2011, 2006, and 2004, respectively. Prof. Enck is a member of the ACM, IEEE, ISSA, and USENIX.
Invited Talk 2: T-Fuzz: fuzzing by program transformation
Time: June 6th, 10:30 – 11:30
Speaker: Mathias Payer (Purdue)
Fuzzing is a simple yet effective approach to discover software bugs utilizing randomly generated inputs. However, it is limited by coverage and cannot find bugs hidden in deep execution paths of the program because the randomly generated inputs fail complex sanity checks, e.g., checks on magic values, checksums, or hashes.
To improve coverage, existing approaches rely on imprecise heuristics or complex input mutation techniques (e.g., symbolic execution or taint analysis) to bypass sanity checks. T-Fuzz tackles coverage from a different angle: by removing sanity checks in the target program. T-Fuzz builds on a coverage-guided fuzzer to generate inputs. Whenever the fuzzer can no longer trigger new code paths, T-Fuzz detects the input checks that the fuzzer-generated inputs fail and removes them from the target program. Fuzzing then continues on the transformed program, triggering the code previously protected by a hard check, potentially discovering new crashes.
Fuzzing transformed programs to find bugs poses two challenges: (1) the removal of checks leads to over-approximation and false positives, and (2) even for true bugs, the crashing input on the transformed program likely will not trigger the bug in the original program. As an auxiliary post-processing step, T-Fuzz leverages a symbolic execution-based approach to filter out false positives and reproduce true bugs in the original program.
By transforming the program as well as mutating the input, TFuzz covers more code and finds more true bugs than any existing technique. We have evaluated T-Fuzz on the DARPA Cyber Grand Challenge dataset, LAVA-M dataset and 4 real-world programs (pngfix, tiffinfo, magick and pdftohtml). For the CGC dataset, T-Fuzz finds bugs in 166 binaries, Driller in 121, and AFL in 105. In addition, found 3 new bugs in previously fuzzed programs and libraries.
Mathias Payer is a security researcher and an assistant professor in computer science at Purdue University, leading the HexHive group. His research focuses on protecting systems in the presence of vulnerabilities, with a focus on memory corruption and type violations. He is interested in system security, binary exploitation, effective mitigations, and strong sanitization using a combination of binary analysis and compiler-based techniques.
Before joining Purdue in 2014 he spent two years as PostDoc in Dawn Song’s BitBlaze group at UC Berkeley. He graduated from ETH Zurich with a Dr. sc. ETH in 2012, focusing on low-level binary translation and security. He worked on a systematization of memory corruption and looked into enforcing integrity for a subset of data (e.g., code pointers). All prototype implementations are open-source. In 2014, he founded the b01lers Purdue CTF team.
Invited Talk 3: Reconciling Remote Attestation and Safety-Critical Operation on Simple IoT Devices
Time: June 6th, 15:50 – 16:50
Speakers: Gene Tsudik (UC Irvine)
Remote attestation (RA) is a means of malware detection, typically realized as an interaction between a trusted verifier and a potentially compromised remote device (prover). RA is especially relevant for low-end embedded devices that are incapable of protecting themselves against malware infection. Most current RA techniques require on-demand and uninterruptible (atomic) operation. The former fails to detect transient malware that enters and leaves between successive RA instances; the latter involves performing potentially time-consuming computation over prover’s memory and/or storage, which can be harmful to the device’s safety-critical functionality and general availability. However, relaxing either on-demand or atomic RA operation is tricky and prone to vulnerabilities. In this talk, we identify some issues that arise in reconciling requirements of safety-critical operation with those of secure remote attestation, including detection of transient and self-relocating malware. We also discuss mitigation techniques, including periodic self-measurements as well as interruptible attestation modality that involves shuffled memory traversals and various memory locking mechanisms.
Gene Tsudik is a Chancellor’s Professor of Computer Science at UC Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. He began his research career at IBM Zurich Research Laboratory (1991-1996), followed by USC/ISI (1996-2000) and UCI (since 2000). His research interests include(d) numerous topics in security, privacy and applied cryptography. Between 2009 and 2016, he served as the Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC). He’s a former Fulbright Scholar, Fulbright Specialist, Fellow of IEEE, ACM and AAAS, as well as a foreign member of Academia Europaea.
Invited Talk 4: Analog cyber security—from 0101 to mixed signals.
Time: June 6th, 16:50 – 17:50
Speaker: Wenyuan Xu (Zhejiang Univ)
With the rapid development of sensing technologies, an increasing number of devices rely on sensors to measure environments or human beings and to control actuators. For instance, implantable pacemakers monitor heartbeats of patient and deliver therapies if no heartbeats are detected. Smartphones have a rich set of sensors, which range from accelerometers, microphones, to gyroscopes. Such a trend incurs new threats jeopardizing the system security and user privacy. In this talk, we show two threats: (1) Integrity of sensors. We show that poorly design active sensors in an autonomous vehicle can lead a car to stop while it should not and to keep driving while it should stop. (2) MEMS sensors, such as smartphone/tablet accelerometers, possess unique fingerprints. Utilizing such types of fingerprints, a crowd-sourcing application running in the cloud could segregate sensor data for each device, making it easy to track a user over space and time.
Wenyuan Xu is a professor in the college of Electrical Engineering, Zhejiang University. She received her B.S. degree in electrical engineering with the highest honor from Zhejiang University in 1998, an M.S. degree in computer science and engineering from Zhejiang University in 2001, and the Ph.D. degree in electrical and computer engineering from Rutgers University in 2007. She was an associate professor in the Department of Computer Science and Engineering, University of South Carolina. Her research interests include embedded system security, smart grid security, and smart systems security. Dr. Xu is a co-author of the book Securing Emerging Wireless Systems: Lower-layer Approaches, Springer, 2009. She received the United State NSF Career Award in 2009 and was selected as the 1000 Young talents of China in 2012. She obtained an ACM CCS best paper award in 2017. She has served on the technical program committees for several IEEE/ACM conferences on wireless networking and security, and she currently serves as the associate editor of TOSN.
Invited Talk 5: The Hazards of Coarse Control: Understanding and Protecting Smart Device Control Surfaces
Time: June 7th, 09:50 – 10:50
Speaker: XiaoFeng Wang (Indiana Univ)
The pervasiveness of Internet of Things also brings in new security challenges: less protected smart devices could potentially be exploited by a remote adversary, thereby posing serious threats to millions of IoT users’ information assets. Although it is well known that many low-end devices are riddled with security loopholes, I am going to show that even carefully-designed systems, such as smart medical devices, Samsung SmartThings, Amazon Echo and Google Home, all have subtle yet serious security weaknesses in their control surfaces. More specifically, the control surfaces of these device enable a user to access them through her smartphone directly (via local connection) or indirectly (via a device cloud), or more recently through voice commands. I will show that each of these surfaces is characterized by a coarse-grained access control design, which exposes the device to various remote attacks. Particularly, the lack of app-to-device bonding on both Android and iOS renders the connections between smartphones and IoT devices vulnerable, overprivileged SmartApps running from the device cloud becomes a serious threat to the SmartThings ecosystem, and the ambiguity of voice control subjects smart speakers to a series of squatting attacks. Further I will talk about how to elevate the protection of these devices’ control surfaces, through a series of innovative techniques, including app-to-device bonding, SmartAuth and voice-based skill vetting and attack detection.
Dr. XiaoFeng Wang is a James H. Rudy Professor of Computing at Indiana University, Co-director of IU’s Center for Security and Privacy in Informatics, Computing and Engineering, and the Vice Chair of the ACM SIGSAC (special interest group on security, audit and control). He is also a PC Co-Chair of the 2018 ACM Conference on Computer and Communications Security (CCS). Dr. Wang received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University. He is considered to be one of the most prominent system security researchers, among the most productive authors at leading security venues (#5 among over 6,000 authors in the past 18 years according to online statistics: http://s3.eurecom.fr/~balzarot/notes/top4/). Dr. Wang is known for his high-impact research on security analysis of real-world systems and biomedical data privacy. Particularly the projects he led on payment and single-sign-on API integrations, Android and iOS security and IoT protection have changed the way the industry built these systems. Also he is a pioneer researcher on human genome privacy and a co-founder of the iDASH Genome Privacy Competition that bridges the frontline security and cryptography research and the real-world demands for biomedical data sharing and computing protection. More recently, he is actively working on Data-Centric Intelligent Security, Cybercrimes, Hardware-support Protection and IoT Security. For his work, Dr. Wang has received numerous awards, including the Award for Outstanding Research in Privacy Enhancing Technologies (the PET Award) and the Best Practical Paper Award at the 32nd IEEE Symposium on Security and Privacy. His research has been extensively reported by the public media, including CNN, MSNBC, Forbes, Slashdot, Nature News, etc.