using labeling to prevent cross service attacks against
play

Using Labeling to Prevent Cross-Service Attacks Against Smart Phones - PowerPoint PPT Presentation

Oct 06, 2022 •32 likes •242 views

Using Labeling to Prevent Cross-Service Attacks Against Smart Phones Collin Mulliner, Giovanni Vigna University of California, Santa Barbara David Dagon, Wenke Lee Georgia Institute of Technology, Atlanta Using Labeling to Prevent

  1. Using Labeling to Prevent Cross-Service Attacks Against Smart Phones Collin Mulliner, Giovanni Vigna University of California, Santa Barbara David Dagon, Wenke Lee Georgia Institute of Technology, Atlanta Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  2. Smart Phones ● Combination of PDAs and mobile phones ● Integrate multiple wireless networking technologies  Wireless LAN, Bluetooth, GSM/CDMA/UMTS, IrDA ● Support installation of 3 rd -party software  For example: VoIP clients, FTP servers, games 2 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  3. Contributions ● Devised Cross-Service Attacks, a new class of attacks against smart phones ● Created a proof-of-concept cross-service attack ● Developed a protection mechanism to prevent cross- service attacks 3 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  4. Introduction to Cross-Service Attacks ● Smart phones integrate different network services  GSM, Wireless LAN, Bluetooth, IrDA ● Integration is often done without taking into account the specific characteristics of the different services  For example: free vs. pay-per-use services ● An attacker can leverage the interaction between different types of network services  For example: gain access to pay-per-use services by exploiting free services 4 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  5. Service Protection ● Local and personal area wireless networking services  Devices do not offer comprehensive protection mechanisms  Many smart phone applications are developed without security in mind ● Mobile phone services  Service providers protect their customers ● For example: firewalling 5 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  6. Crossing Service Boundaries ● Attack device using local area wireless networking service  Exploit insecure configuration of local area wireless networks and networked applications  Take control of the device ● Access mobile phone service ( cross service boundaries )  Initiate phone calls or send text messages  Exploit pay-per-use services to defraud user ● For example: 900/0190 calls and/or premium rate text messages 6 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  7. Attack Scenario ● Coffee shop with free wireless Internet access  Attacker looks for smart phones joining the wireless network  Exploits vulnerable device and causes financial damage 7 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  8. A Proof-of-Concept Attack ● Targets PocketPC-based smart phones  PocketPC is the WindowsCE version for smart phones ● Performs buffer overflow/stack-smashing attack against an FTP server  Shellcode accesses mobile phone interface and initiates call ● Overcomes complications due to WindowsCE architecture  Need to load special DLL for accessing the phone interface  Need to guess correct return address 8 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  9. Cross-Service Exploit 9 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  10. Preventing Cross-Service Attacks ● Stack protection (for preventing stack-smashing attacks)  Not available or rarely used on mobile devices  Does not prevent exploitation of application-logic errors  Does not protect against Trojan horses ● Other protection mechanisms needed  Detect and prevent attempts to cross service boundaries 10 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  11. Preventing Cross-Service Attacks Through Labeling ● Developed a security mechanism that tracks and controls network interface access using labeling  A label indicates contact with a specific network interface  A user-defined policy defines which labels should prevent access to a specific network interface ● Labels are assigned to processes as they access network interfaces ● Labels are transferred between processes and files on access or execution 11 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  12. Tracking and Controlling Network Access ● Developed a kernel-level reference monitor  Intercepts security-critical system calls  Assigns labels to processes and transfers them between processes and resources  Enforces access control policies ● Intercepted security-critical system calls:  socket(AF_INET, ...) IP-based network access  open(...) File and device access  execve(...) Program execution 12 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  13. Labeling Processes and Files ● Interface access  The process' labels are compared with the access control policy ● Access is permitted or denied  The process is labeled with label of accessed interface ● Resource/file write access and process creation  Files and processes inherit labels of creating process ● Resource/file read access and application execution  Process inherits labels from accessed and executed file 13 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  14. Label Groups 14 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  15. Access Control and Exception Policy ● Access control rules  access <interface> <deny/ask> <label(s)>  Example: access wireless_nonfree deny wireless_free ● Exception rules  exception <path> <notlabel/notinherit/notpass>  Example: exception /Windows/activesync.exe notinherit 15 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  16. Preventing the Attack ● The FTP server process is labeled on calling socket(...)  Label is set for: wireless_free ● The exploit tries to access the phone interface  For example: open(“/dev/ttyS0”, ...) ● The reference monitor is invoked  Process labels are compared with policy rules  The monitor denies access, open(...) returns EACCESS 16 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  17. Evaluation ● Our labeling system effectively prevents attacks that cross service boundaries ● System and policy language are light-weight  Appropriate for mobile devices ● Exception rules have to be used carefully  Otherwise the labeling system can be bypassed 17 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  18. Overhead ● Reference implementation for Familiar Linux  Overhead between 10% and 26% 18 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  19. Conclusions ● Smart phones present new challenges for security designers and analysts  Especially the integration of multiple networking services are problematic ● We introduced a new type of attack ● We demonstrated the possible impact of a cross-service vulnerability ● We designed and implemented a solution based on resource labeling 19 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  20. Future Work ● Extend the policy language to support more complex labeling policies ● Improve the implementation of the reference monitor to further reduce overhead 20 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  21. Questions? Thank you for your attention! 21 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

Recommend

Denial of Service Attacks that prevent legitimate users from doing their work By flooding

Denial of Service Attacks that prevent legitimate users from doing their work By flooding

Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing tables Or flooding routers Or destroying key packets Lecture 9 Page 1 CS 236 Online How Do Denial of

259 views • 15 slides
Denial of Service Attacks Types, Causes, Motives &amp; Remedies By M. Raza ur Rehman NUST

Denial of Service Attacks Types, Causes, Motives &amp; Remedies By M. Raza ur Rehman NUST

Denial of Service Attacks Types, Causes, Motives &amp; Remedies By M. Raza ur Rehman NUST PAKCON 2004 Denial of Service Attacks Attempts to prevent or disturb legitimate access to co mputer resources Resources like bandwidth, services

557 views • 18 slides
CROSS SITE SCRIPTING (XSS) ATTACKS Injection attacks 3/18/19 1 Whoami Ad Adam Nu Nurudin

CROSS SITE SCRIPTING (XSS) ATTACKS Injection attacks 3/18/19 1 Whoami Ad Adam Nu Nurudin

CROSS SITE SCRIPTING (XSS) ATTACKS Injection attacks 3/18/19 1 Whoami Ad Adam Nu Nurudin ini CEH, ITIL L V3, 3, CCNA, CCNP, CASP, PCI-DS DSS.. .. Lead Security Researcher @ Netwatch Technologies Project Consultant, Information

377 views • 20 slides
Kicking Down the Cross Domain Door Techniques for Cross Domain Exploitation Billy K Rios (BK) and

Kicking Down the Cross Domain Door Techniques for Cross Domain Exploitation Billy K Rios (BK) and

Kicking Down the Cross Domain Door Techniques for Cross Domain Exploitation Billy K Rios (BK) and Raghav Dube Tabbed Browsing Rich Content Mash-ups Cookies JSON Ajax Implication of Cross Domain Attacks Implication of Cross Domain Attacks

580 views • 31 slides
Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA Werner Schindler Bundesamt f ur Sicherheit in der Werner Schindler

553 views • 23 slides
Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected

Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected

Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected XSS Persistent XSS Damage done by XSS attacks XSS attacks to befriend with others XSS attacks to change other peoples

3.65k views • 37 slides
Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J.

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J.

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J. Garcia, F . Autrel, J. Borrell, S. Castillo, F . Cuppens, G. Navarro { jgarcia,jborrell,scastillo,gnavarro } @ccd.uab.es, {

291 views • 17 slides
PhishHook: A tool to detect and prevent phishing attacks Michael Stepp steppm@cs.arizona.edu

PhishHook: A tool to detect and prevent phishing attacks Michael Stepp steppm@cs.arizona.edu

PhishHook: A tool to detect and prevent phishing attacks Michael Stepp steppm@cs.arizona.edu University of Arizona [1] DIMACS 2005 Introduction Common phishing attacks Defense strategies PhishHook, which implements one of these strategies

399 views • 25 slides
XANAX FOR PRESENTATION ANXIETY Mix xanax marijuana and, xanax prevent attacks does panic, and

XANAX FOR PRESENTATION ANXIETY Mix xanax marijuana and, xanax prevent attacks does panic, and

XANAX FOR PRESENTATION ANXIETY Mix xanax marijuana and, xanax prevent attacks does panic, and xanax getting don't home patron remember i, leave urine to how for xanax long, is popular why so xanax, early pregnancy xanax g refilled, xanax test

407 views • 3 slides
Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks on DNS Denial-of-Service Cache Poisoning Securing DNS Split-Split-DNS DNSSEC 2 DNS The Domain Name System Naming Service

1.15k views • 46 slides
Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes

Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes

Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes Gkta - Elias Athanasopoulos - Michalis Polychronakis Herbert Bos - Georgios Portokalidis presented by: Flora Karniavoura Katerina Karagiannaki

376 views • 23 slides
Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of

Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of

ITS335 DoS Attacks DoS Attacks Classic DoS Flooding &amp; DDoS Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013

409 views • 26 slides
in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue

in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue

Breathe Easy: Helping Parents in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue University Indianapolis United Neighborhood Health Services Nashville, TN Introduction Gwen en Sun unkel, , RN

570 views • 15 slides
Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent the access to a computer system to it's legitimate users. DDoS: DoS attack on the network using a lot of different source IP Why:

327 views • 16 slides
Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website

Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website

Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website Process a Bitcoin transaction Why? Prevent spam Prevent denial of service attacks Rate-limit the network HashCash Find a partial

636 views • 32 slides
A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse

A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse

A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse Elwell 1 Ryan Riley 2 Nael Abu-Ghazaleh 1 Dmitry Ponomarev 1 1 State University of New York at Binghamton Department of Computer Science 2 Qatar

872 views • 76 slides
Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea Politehnica University of Timi soara CMACS seminar, CMU, 18 March 2010 In this talk Formalizing attacks on protocols denial of service by

732 views • 45 slides
Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service How to mitigate attacks How to find out senders What is Denial of Service

542 views • 8 slides
Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS attacks CS 239 Some examples Security for Networks and Proposed prevention methods System Software May 15, 2002 Lecture 12 Lecture 12

421 views • 9 slides
Attacks &amp; Countermeasures of Ultrasonic Cross-Device Tracking Federico ico Maggi Vasil

Attacks &amp; Countermeasures of Ultrasonic Cross-Device Tracking Federico ico Maggi Vasil

Talking Behind Your Back Attacks &amp; Countermeasures of Ultrasonic Cross-Device Tracking Federico ico Maggi Vasil ilio ios Mavroud udis is Assistant Professor POLIMI Doctoral Researcher UCL Visiting Researcher UCSB Who we are The

811 views • 67 slides
A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil

A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil

A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil Naval Surface Warfare Center Code B10 &lt; &gt; - + A study of denial of service attacks on the Internet p.1/39 Outline Background

761 views • 54 slides
Background Sequence labeling MEMMs - ? HMMs you know, right? Structured

Background Sequence labeling MEMMs - ? HMMs you know, right? Structured

Background Sequence labeling MEMMs - ? HMMs you know, right? Structured perceptron also this? linear-chain CRFs - ? Sequence labeling Imagine labeling a sequence of symbols in order to . do NER (finding

1.24k views • 68 slides
The Prevent Strategy Stopping people becoming terrorists or supporting terrorism. Rebecca

The Prevent Strategy Stopping people becoming terrorists or supporting terrorism. Rebecca

The Prevent Strategy Stopping people becoming terrorists or supporting terrorism. Rebecca Skellett Schools and Colleges Prevent Engagement Officer Tri-Borough Prevent Team Prevent Overview: Prevent is about all forms of terrorism. Prevent is

252 views • 11 slides
Hub Labeling Algorithms Andrew V. Goldberg Amazon.com A.V. Goldberg Hub Labeling 6/2/2016 1 /

Hub Labeling Algorithms Andrew V. Goldberg Amazon.com A.V. Goldberg Hub Labeling 6/2/2016 1 /

Hub Labeling Algorithms Andrew V. Goldberg Amazon.com A.V. Goldberg Hub Labeling 6/2/2016 1 / 45 Algorithms at Amazon Work on hub labeling was done while I was at Microsoft Research Amazon has may interesting algorithmic problems with OR

1.46k views • 106 slides

More recommend