Session 7B

Software Security and Vulnerability Analysis (II)

10:30 AM — 11:50 AM HKT
Jun 9 Wed, 10:30 PM — 11:50 PM EDT

SoK: Enabling Security Analyses of Embedded Systems via Rehosting

Andrew Fasano (Northeastern University, USA), Tiemoko Ballo (MIT Lincoln Laboratory, USA), Marius Muench (Vrije Universiteit Amsterdam, Netherlands), Tim Leek (MIT Lincoln Laboratory, USA), Alexander Oleinik (Boston University, USA), Brendan Dolan-Gavitt (New York University, USA), Manuel Egele (Boston University, USA), Aurélien Francillon (EURECOM, France), Long Lu (Northeastern University, USA), Nick Gregory (New York University, USA), Davide Balzarotti (EURECOM, France), William Robertson (Northeastern University, USA)

Closely monitoring the behavior of a software system during its execution enables developers and analysts to observe, and ultimately understand, how it works. This kind of dynamic analysis can be instrumental to reverse engineering, vulnerability discovery, exploit development, and debugging. While these analyses are typically wellsupported for homogeneous desktop platforms (e.g., x86 desktop PCs), they can rarely be applied in the heterogeneous world of embedded systems. One approach to enable dynamic analyses of embedded systems is to move software stacks from physical systems into virtual environments that sufficiently model hardware behavior. This process which we call “rehosting” poses a significant research challenge with major implications for security analyses. Although rehosting has traditionally been an unscientific and ad-hoc endeavor undertaken by domain experts with varying time and resources at their disposal, researchers are beginning to address rehosting challenges systematically and in earnest. In this paper, we establish that emulation is insufficient to conduct large-scale dynamic analysis of real-world hardware systems and present rehosting as a firmwarecentric alternative. Furthermore, we taxonomize preliminary rehosting efforts, identify the fundamental components of the rehosting process, and propose directions for future research.

BugGraph: Differentiating Source-Binary Code Similarity with Graph Triplet-Loss Network

Yuede Ji (George Washington University, USA), Lei Cui (George Washington University, USA), H. Howie Huang (George Washington University, USA)

Binary code similarity detection, which answers whether two pieces of binary code are similar, has been used in a number of applications, such as vulnerability detection and automatic patching. Existing approaches face two hurdles in their efforts to achieve high accuracy and coverage: (1) the problem of source-binary code similarity detection, where the target code to be analyzed is in the binary format while the comparing code (with ground truth) is in source code format. Meanwhile, the source code is compiled to the comparing binary code with either a random or fixed configuration (e.g., architecture, compiler family, compiler version, and optimization level), which significantly increases the difficulty of code similarity detection; and (2) the existence of different degrees of code similarity. Less similar code is known to be more, if not equally, important in various applications such as binary vulnerability study. To address these challenges, we design BugGraph, which performs sourcebinary code similarity detection in two steps. First, BugGraph identifies the compilation provenance of the target binary and compiles the comparing source code to a binary with the same provenance. Second, BugGraph utilizes a new graph triplet-loss network on the attributed control flow graph to produce a similarity ranking. The experiments on four real-world datasets show that BugGraph achieves 90% and 75% true positive rate for syntax equivalent and similar code, respectively, an improvement of 16% and 24% over state-of-the-art methods. Moreover, BugGraph is able to identify 140 vulnerabilities in six commercial firmware.

Evaluating Synthetic Bugs

Joshua Bundt (Northeastern University, USA), Andrew Fasano (Northeastern University, USA), Brendan Dolan-Gavitt (NYU, USA), William Robertson (Northeastern University, USA), Tim Leek (MIT Lincoln Laboratory, USA)

Fuzz testing has been used to find bugs in programs since the 1990s, but despite decades of dedicated research, there is still no consensus on which fuzzing techniques work best. One reason for this is the paucity of ground truth: bugs in real programs with known root causes and triggering inputs are difficult to collect at a meaningful scale. Bug injection technologies that add synthetic bugs into real programs seem to offer a solution, but the differences in finding these synthetic bugs versus organic bugs have not previously been explored at a large scale. Using over 80 years of CPU time, we ran eight fuzzers across 20 targets from the Rode0day bug-finding competition and the LAVA-M corpus. Experiments were standardized with respect to compute resources and metrics gathered. These experiments show differences in fuzzer performance as well as the impact of various configuration options. For instance, it is clear that integrating symbolic execution with mutational fuzzing is very effective and that using dictionaries improves performance. Other conclusions are less clear-cut; for example, no one fuzzer beat all others on all tests. It is noteworthy that no fuzzer found any organic bugs (i.e., one reported in a CVE), despite 50 such bugs being available for discovery in the fuzzing corpus. A close analysis of results revealed a possible explanation: a dramatic difference between where synthetic and organic bugs live with respect to the “main path” discovered by fuzzers. We find that recent updates to bug injection systems have made synthetic bugs more difficult to discover, but they are still significantly easier to find than organic bugs in our target programs. Finally, this study identifies flaws in bug injection techniques and suggests a number of axes along which synthetic bugs should be improved.

Bran: Reduce Vulnerability Search Space in Large Open Source Repositories by Learning Bug Symptoms

Dongyu Meng (University of California, Santa Barbara, USA), Michele Guerriero (Politecnico di Milano, Italy), Aravind Machiry (University of California, Santa Barbara, USA), Hojjat Aghakhani (University of California, Santa Barbara, USA), Priyanka Bose (University of California, Santa Barbara, USA), Andrea Continella (University of California, Santa Barbara, USA/University of Twente, Netherlands), Christopher Kruegel (University of California, Santa Barbara, USA), Giovanni Vigna (University of California, Santa Barbara, USA)

Software is continually increasing in size and complexity, and therefore, vulnerability discovery would benefit from techniques that identify potentially vulnerable regions within large code bases, as this allows for easing vulnerability detection by reducing the search space. Previous work has explored the use of conventional codequality and complexity metrics in highlighting suspicious sections of (source) code. Recently, researchers also proposed to reduce the vulnerability search space by studying code properties with neural networks. However, previous work generally failed in leveraging the rich metadata that is available for long-running, large code repositories. In this paper, we present an approach, named Bran, to reduce the vulnerability search space by combining conventional code metrics with fine-grained repository metadata. Bran locates code sections that are more likely to contain vulnerabilities in large code bases, potentially improving the efficiency of both manual and automatic code audits. In our experiments on four large code bases, Bran successfully highlights potentially vulnerable functions, outperforming several baselines, including state-of-art vulnerability prediction tools. We also assess Bran’s effectiveness in assisting automated testing tools. We use Bran to guide syzkaller, a known kernel fuzzer, in fuzzing a recent version of the Linux kernel. The guided fuzzer identifies 26 bugs (10 are zero-day flaws), including arbitrary writes and reads.

Session Chair

Shuai Wang

Session 8B

Blockchain and Distributed Systems

2:00 PM — 4:00 PM HKT
Jun 10 Thu, 2:00 AM — 4:00 AM EDT

Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts

Nikolay Ivanov (Michigan State University, USA), Jianzhi Lou (Michigan State University, USA), Ting Chen (University of Electronic Science and Technology of China, China), Jin Li (Guangzhou University, China), Qiben Yan (Michigan State University, USA)

Ethereum holds multiple billions of U.S. dollars in the form of Ether cryptocurrency and ERC-20 tokens, with millions of deployed smart contracts algorithmically operating these funds. Unsurprisingly, the security of Ethereum smart contracts has been under rigorous scrutiny. In recent years, numerous defense tools have been developed to detect different types of smart contract code vulnerabilities. When opportunities for exploiting code vulnerabilities diminish, the attackers start resorting to social engineering attacks, which aim to influence humans — often the weakest link in the system. The only known class of social engineering attacks in Ethereum are honeypots, which plant hidden traps for attackers attempting to exploit existing vulnerabilities, thereby targeting only a small population of potential victims.

In this work, we explore the possibility and existence of new social engineering attacks beyond smart contract honeypots. We present two novel classes of Ethereum social engineering attacks — Address Manipulation and Homograph — and develop six zero-day social engineering attacks. To show how the attacks can be used in popular programming patterns, we conduct a case study of five popular smart contracts with combined market capitalization exceeding $29 billion, and integrate our attack patterns in their source codes without altering their existing functionality. Moreover, we show that these attacks remain dormant during the test phase but activate their malicious logic only at the final production deployment. We further analyze 85,656 open-source smart contracts, and discover that 1,027 of them can be used for the proposed social engineering attacks. We conduct a professional opinion survey with experts from seven smart contract auditing firms, corroborating that the exposed social engineering attacks bring a major threat to the smart contract systems.

PSec: Programming Secure Distributed Systems using Enclaves

Shivendra Kushwah (University of California, Berkeley, USA), Ankush Desai (Amazon Inc, USA), Pramod Subramanyan (Indian Institute of Technology - Kanpur, India), Sanjit A. Seshia (University of California, Berkeley, USA)

We introduce PSec, a domain-specific language for programming secure distributed systems. PSec is a state-machine based programming language with information flow control capabilities that leverages Intel SGX enclaves to provide security guarantees at runtime. Combining state machines and information flow control with hardware enclaves enables programmers to build complex distributed systems without inadvertently leaking sensitive information to adversaries. We formally prove the security properties of PSec and evaluate our work by programming several real-world examples, including One Time Passcode and Secure Electronic Voting systems. We present performance results of PSec systems and show that there is an acceptable performance overhead of ∼3x for long running systems with a possible minimum of ∼1.2x, as compared to baseline systems that do not provide any security guarantees.

Fact and Fiction: Challenging the Honest Majority Assumption of Permissionless Blockchains

Runchao Han (Monash University and CSIRO-Data61, Australia) , Zhimei Sui (Monash University, Australia), Jiangshan Yu (Monash University, Australia), Joseph Liu (Monash University, Australia), Shiping Chen (CSIRO-Data61, Australia)

Honest majority is the key security assumption of Proof-of-Work (PoW) based blockchains. However, the recent 51% attacks render this assumption unrealistic in practice. In this paper, we challenge this assumption against rational miners in the PoW-based blockchains in reality. In particular, we show that the current incentive mechanism may encourage rational miners to launch 51% attacks in two cases. In the first case, we consider a miner of a stronger blockchain launches 51% attacks on a weaker blockchain, where the two blockchains share the same mining algorithm. In the second case, we consider a miner rents mining power from cloud mining services to launch 51% attacks. As 51% attacks lead to double-spending, the miner can profit from these two attacks. If such double-spending is more profitable than mining, miners are more intended to launch 51% attacks rather than mine honestly. We formally model such behaviours as a series of actions through a Markov Decision Process. Our results show that, for most mainstream PoW-based blockchains, 51% attacks are feasible and profitable, so profit-driven miners are incentivised to launch 51% attacks to gain extra profit. In addition, we leverage our model to investigate the recent 51% attack on Ethereum Classic (on 07/01/2019), which is suspected to be an incident of 51% attacks. We provide insights on the attacker strategy and expected revenue, and show that the attacker’s strategy is near-optimal.

Non-Intrusive and High-Efficient Balance Tomography in the Lightning Network

Yan Qiao (University of Victoria, Canada), Kui Wu (University of Victoria, Canada), Majid Khabbazian (University of Victoria, Canada)

The Lightning Network (LN) is a second layer technology for solving the scalability problem of blockchain-based cryptocurrencies such as Bitcoin. The LN nodes (i.e., LN users), linked by payment channels, can make payments to each other directly or through multiple hops of payment channels, subject to the available balances of the serving channels. In current LN implementation, the channel capacity (i.e., the sum of the bidirectional balances in the channel) is open to the public, but the bidirectional balances are kept secret for privacy concerns. Nevertheless, the balances can be directly measured by conducting multiple fake payments to probe the precise value of the balance. Such a method, while effective, creates many fake invoices and incurs high cost when used for discovering balances for multiple users. We present a novel non-intrusive balance tomography (NIBT) method, which infers the channel balances by performing legal transactions between two pre-created LN nodes. NIBT iteratively reduces the balance ranges and uses an efficient balance inference algorithm to find the optimal payment in each iteration to cut off the maximum balance ranges. Experimental results show that NIBT can accurately infer about 92% of all covered balances with an extremely low cost.

Redactable Blockchain Supporting Supervision and Self-Management

Yanxue Jia (Shanghai Jiao Tong University, China), Shifeng Sun (Monash University/Data 61, CSIRO, Australia), Yi Zhang (Shanghai Jiao Tong University, China), Zhiqiang Liu (Shanghai Jiao Tong University, China), Dawu Gu (Shanghai Jiao Tong University, China)

The immutability of blockchain is crucial to the security of many blockchain applications, while it is still desired or even legally obliged to allow for redacting the contents of blockchain for some scenarios. In this work, we revisit the conflict between the immutability and redaction of blockchain, and put forward a new fine-grained redactable blockchain with a semi-trusted regulator, who follows our protocol but has a tendency to abuse his power. To the best of our knowledge, it is the first blockchain that not only supports the supervision of blockchain content, but also allows users themselves to manage their own data. To this end, we introduce a new variant of chameleon-hash function, named stateful Chameleon Hash with Revocable Subkey, which is important for building our redactable blockchain and may be of independent interest. We also propose a black-box construction from standard chameleon-hash functions, and prove its security properties under our proposed security notions. At last, we provide a proof-ofconcept implementation. The evaluation results demonstrate that our redactable blockchain is practical and can be adopted with small additional overhead compared to the immutable blockchain.

Non-Equivocation in Blockchain: Double-Authentication-Preventing Signatures Gone Contractual

Yannan Li (University of Wollongong, Australia), Willy Susilo (University of Wollongong, Australia), Guomin Yang (University of Wollongong, Australia), Yong Yu (Shaanxi Normal University, China), Tran Viet Xuan Phuong (University of Wollongong, Australia), Dongxi Liu (Data61, CSIRO, Australia)

Equivocation is one of the most fundamental problems that need to be solved when designing distributed protocols. Traditional methods to defeat equivocation rely on trusted hardware or particular assumptions, which may hinder their adoption in practice. The advent of blockchain and decentralized cryptocurrencies provides an auspicious breakthrough paradigm to resolve the problem above. In this paper, we propose a blockchain-based solution to address contractual equivocation, which supports user-defined fine-grained policybased equivocation. Specifically, users will be de-incentive if the statements they made breach the predefined access rules. The core of our solution is a newly introduced primitive named Policy-Authentication-Preventing Signature (PoAPS), which combined with a deposit mechanism allows a signer to make conflict statements corresponding to a policy to be penalized. We present a generic construction of PoAPS based on Policy-Based Verifiable Secret Sharing (PBVSS) and demonstrate its practicality via a concrete implementation in the blockchain. Compared with the existing solutions that only handle specific types of equivocation, our proposed approach is more generic and can be instantiated to deal with various kinds of equivocation.

Session Chair

Yajin Zhou

Session 9B

Malware and Cybercrime (II)

4:20 PM — 5:20 PM HKT
Jun 10 Thu, 4:20 AM — 5:20 AM EDT

Analysis and Takeover of the Bitcoin-Coordinated Pony Malware

Tsuyoshi Taniguchi (Fujitsu System Integration Laboratories LTD., Japan), Harm Griffioen (Hasso Plattner Institute, Germany), Christian Doerr (Hasso Plattner Institute, Germany)

Malware, like all products and services, evolves with bursts of innovation. These advances usually happen whenever security controls get “good enough” to significantly impact the revenue stream of malicious actors, and in the past we have seen the malware ecosystem to adopt concepts such as code obfuscation, polymorphism, domain-generation algorithms (DGAs), as well as virtual machine and sandbox evasion whenever defenses were able to perform consistent and pervasive suppression of these threats. The latest innovation step addresses one of the main Archilles’ heels in malware operations: the resilient addressing of the command & control (C&C) server. As domain blacklisting and DGA reversing have become mature security practices, malware authors are now turning to the Bitcoin blockchain, and use its resilient design principle to disseminate control information that cannot be removed by defenders. In this paper, we report on the adoption of Bitcoin-based C&C addressing in the Pony malware, one of the most widely occurring malware platforms on Windows. We forensically analyze the blockchain-based C&C mechanism of the Pony malware, track the malicious operations over a period of 12 months, and report how the adversaries experimented and optimized their deployment over time. We identify a security flaw in the C&C addressing, which is used to perform a takeover of the malware’s loading mechanism to quantify the volume and origin of the incoming infections.

See through Walls: Detecting Malware in SGX Enclaves with SGX-Bouncer

Zeyu Zhang (Tsinghua University, China/George Mason University, USA), Xiaoli Zhang (Tsinghua University, China), Qi Li (Tsinghua University, China), Kun Sun (George Mason University, USA), Yinqian Zhang (Ohio State University, USA), SongSong Liu (George Mason University, USA), Yukun Liu (Alibaba Inc, China), Xiaoning Li (Alibaba Inc, Seattle, USA)

Intel Software Guard Extensions (SGX) offers strong confidentiality and integrity protection to software programs running in untrusted operating systems. Unfortunately, SGX may be abused by attackers to shield suspicious payloads and conceal misbehaviors in SGX enclaves, which cannot be easily detected by existing defense solutions. There is no comprehensive study conducted to characterize malicious enclaves. In this paper, we present the first systematic study that scrutinizes all possible interaction interfaces between enclaves and the outside (i.e., cache-memory hierarchy, host virtual memory, and enclave-mode transitions), and identifies seven attack vectors. Moreover, we propose SGX-Bouncer, a detection framework that can detect these attacks by leveraging multifarious side-channel observations and SGX-specific features. We conduct empirical evaluations with existing malicious SGX applications, which suggests SGX-Bouncer can effectively detect various abnormal behaviors from malicious enclaves.

UltraPIN: Inferring PIN Entries via Ultrasound

Ximing Liu (School of Information Systems, Singapore Management University, Singapore), Yingjiu Li (University of Oregon, USA), Robert H. Deng (School of Information Systems, Singapore Management University, Singapore)

While PIN-based user authentication systems such as ATM have long been considered to be secure enough, they are facing new attacks, named UltraPIN, which can be launched from commodity smartphones. As a target user enters a PIN on a PIN-based user authentication system, an attacker may use UltraPIN to infer the PIN from a short distance (50 cm to 100 cm). In this process, UltraPIN leverages smartphone speakers to issue human-inaudible ultrasound signals, and uses smartphone microphones to keep recording acoustic signals. It applies a series of signal processing techniques to extract high-quality feature vectors from low-energy and high-noise signals, and then applies a combination of machine learning models to classify finger movement patterns during PIN entry and generate a ranked list of highly possible PINs as result. Rigorous experiments show that UltraPIN is highly effective and robust in PIN inference.

Session Chair

Junghwan "John" Rhee

Made with in Toronto · Privacy Policy · © 2021 Duetone Corp.