Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application's network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.
Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.
Juan WangYuan ShiGuojun PengHuanguo ZhangBo ZhaoFei YanFajiang YuLiqiang Zhang
应用软件一般需要输入和处理敏感信息,如密码,以实现用户和远程服务器之间的可靠认证和安全交互.定量度量敏感信息在敏感信息处理中的安全性是目前研究的难点.根据敏感信息处理的流程和敏感信息出现点的上下文,定义敏感信息处理的固有属性、可变属性和推求属性,设计了从固有属性和可变属性到数据操作的映射规则,提出了基于层次分析法(analytic hierarchy process,AHP)及折中型多属性决策(technique for order preference by similarity to an ideal solution,TOPSIS)的敏感度计算方法,从而实现敏感度的定量计算,展示在敏感信息处理中敏感度的动态变化规律,为敏感信息处理的安全防护提供支持.该方法可以应用于可信软件的安全分析和可信度量,最后,实验分析了3种敏感信息在处理中的敏感度变化,发现了敏感信息处理的潜在危险点,从而证实了该方法的有效性.
Defending against return-oriented programing(ROP) attacks is extremely challenging for modern operating systems.As the most popular mobile OS running on ARM,Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity enforcement.In this paper,leveraging specific ARM features,an instruction randomization strategy to mitigate ROP attacks in Android even with the threat of single pointer leakage vulnerabilities is proposed.By popping out more registers in functions' epilogue instructions and reallocating registers in function scopes,branch targets in all(direct and indirect) branch instructions potential to be ROP gadgets are changed randomly.Without the knowledge of binaries' runtime instructions layout,adversary's repeated control flow transfer in ROP exploits will be subverted.Furthermore,this instruction randomization idea has been implemented in both Android Dalvik runtime and ART.Corresponding evaluations proved it is capable to introduce enough randomness for more than 99% discovered functions and thwart about 95% ROP gadgets in application's shared libraries and oat file compiled from Dalvik bytecode.Besides,evaluations on real-world exploits also confirmed its effectiveness on mitigating ROP attacks within acceptable performance overhead.
