The Experts below are selected from a list of 26325 Experts worldwide ranked by ideXlab platform
Dawn Song - One of the best experts on this subject based on the ideXlab platform.
-
VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:—In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow Hijacking attacks ineffective. Attack-ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is virtual table pointers (vfptr), which point to virtual function tables (vtable) consisting of virtual function pointers. Attackers can exploit vul-nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further virtual function calls to be hijacked (vtable Hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable Hijacking attacks. It uses binary rewriting to instrument security checks before virtual function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable Hijacking attacks.
L. Davis - One of the best experts on this subject based on the ideXlab platform.
-
Planning a vehicle Hijacking : positive and negative factors that are taken into consideration when Hijacking a vehicle is considered
Acta Criminologica: Southern African Journal of Criminology, 2002Co-Authors: L. DavisAbstract:Although research that has been undertaken in South Africa to date focuses on the nature and extent of vehicle Hijacking, little empirical information exists regarding the planning of a vehicle Hijacking and more specifically the mind-set of offenders in terms of the positive and negative factors that are taken into account when Hijacking a vehicle is planned. As part of a broader study on the modus operandi of vehicle hijackers, 12 hijackers which had been sentenced for armed robbery and were involved in various Hijackings, were interviewed in an attempt to get insight into the rationality behind decisions taken before and during the execution of a vehicle Hijacking. The rational choice perspective (which had been discussed in a previous article) served as the theoretical framework for the study. Owing to the fact that the study is exploratory by nature and that it could generate further hypotheses, the findings were, where possible highlighted by the individual respondents' remarks, views and comments.
-
An application of the rational choice perspective on vehicle Hijacking
Acta Criminologica: Southern African Journal of Criminology, 2001Co-Authors: L. DavisAbstract:Although vehicle Hijacking is a world-wide phenomenon, it has increased to such an extent in South Africa that it is currently regarded as one of the countries with the highest Hijacking figures in the world (Burke & O'Rear 1993:24; Hijackings reach horrifying level 1994:11; Live to drive 1996:16). It is estimated that in South Africa a motor vehicle is hijacked every 40 to 54 minutes. This implies that more than 25 motor vehicle drivers are victims of Hijackings daily (Myerson 1995:15; Nevin 1995:48). In South Africa it has been identified as a priority crime due to the serious implications it holds for the individual in terms of the loss of property, physical injury and emotional trauma. The negative public response to motor vehicle Hijacking, as well as international condemnation of it, has contributed to the South African Police Services SAPS) considering Hijacking as one of the most serious crimes in South Africa. Because vehicle Hijacking is the product of various factors (such as the socio-economic conditions in South Africa, the availability of firearms, crime syndicates operating in the country, good outlets, inadequate border control, corruption and the ineffectiveness of the criminal justice system to control this crime), no single theory can be used to explain why individuals fall prey to this crime. Although various criminological theories (e.g. Merton's anomie theory, Cohen's, as well as Wolfgang and Ferracuti's subculture theories, Cloward and Ohlin's differential opportunity theory, Sutherland's differential association theory, Burgess and Akers's differential reinforcement theory, Hirschi's social control theory, and the conflict theories) can be used to explain why a specific individual robs a motor vehicle, this article focuses on the rational choice perspective. Research done by Davis (1999:298) indicated that hijackers select specific targets and that they assess the difficulty, risk, opportunities and rewards associated with this crime. This research, as well as empirical information that confirms that robbers generally think carefully about the circumstances and prospects of robbery (Cook 1976; Feeney 1986; Feeney & Weir 1974; Normandeau 1986; Timrots & Rand 1987; Walsh 1986), serve as sufficient grounds for the application of the rational choice perspective on vehicle Hijacking. Before explaining the theory, the historical background that led to the development of the theory is reviewed.
-
Consequences of vehicle Hijacking
Acta Criminologica: Southern African Journal of Criminology, 2001Co-Authors: L. DavisAbstract:Although incidents of vehicle Hijacking are spiralling world-wide, vehicle Hijacking has been identified as a priority crime in South Africa. This is based on the serious implications it holds for the individual in terms of the physical, emotional, financial and social consequences associated with it, as well as the negative local and international response it elicits.
-
Victim complicity in vehicle Hijacking : a typological perspective
Acta Criminologica: Southern African Journal of Criminology, 2000Co-Authors: L. Davis, A. TheronAbstract:As a result of various factors contributing to vehicle Hijacking no single theory has been developed to explain why a specific person would be targeted as an appropriate victim to be hijacked. Although an integrated approach, which includes various typologies and theories, could be used to direct research on vehicle Hijacking, it is preferable from a scientific perspective to develop a typology that focuses exclusively on motor vehicle Hijacking and more specifically, victim complicity (Davis 1999:40). Besides the advantage of providing researchers with a classifications system, such a typology could also serve as the basis for eventually formulating a theory (Mouton & Marais 1985:138). The logical first step is therefore to develop a typology that could be used by researchers when studying victim complicity during motor vehicle Hijacking. To achieve this aim the typologies of Mendelsohn, Fattah, Schafer and Karmen will be used as a basis.
Chao Zhang - One of the best experts on this subject based on the ideXlab platform.
-
VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:—In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow Hijacking attacks ineffective. Attack-ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is virtual table pointers (vfptr), which point to virtual function tables (vtable) consisting of virtual function pointers. Attackers can exploit vul-nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further virtual function calls to be hijacked (vtable Hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable Hijacking attacks. It uses binary rewriting to instrument security checks before virtual function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable Hijacking attacks.
Jinshu Su - One of the best experts on this subject based on the ideXlab platform.
-
A study of IP prefix Hijacking in cloud computing networks
Security and Communication Networks, 2013Co-Authors: Wei Peng, Jinshu SuAbstract:IP prefix Hijacking remains a serious security threat to the traditional services in the Internet. It also harms the confidentiality and integrity of user data in Internet-enabled cloud services because of its great dependence on Internet routing infrastructure. In addition, collaborations between networks in the cloud environment, especially in cross-domain deployment, bring about new types of prefix Hijacking attack, which may cause greater impact due to side-effect of the cooperation of victim and infected autonomous systems. It is important to understand what impact a prefix Hijacking attack can cause and how the number and locations of participants can affect the attacking results. In this paper, we model this problem as an attack planning task and solve it by applying a genetic algorithm. By analyzing the best solution to the problem, we find that the type of victims plays a more important role in IP prefix Hijacking than that of attackers. Attackers can gain great impact even when the prefixes of a small number of victims are hijacked. For attack planning, the degree of an autonomous system is a major criterion to be considered. These findings are useful for securing cloud computing networks by preventing and eliminating IP prefix Hijacking attacks. Copyright © 2013 John Wiley & Sons, Ltd.
-
LDC: Detecting BGP Prefix Hijacking by Load Distribution Change
2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum, 2012Co-Authors: Jinshu Su, Rocky K.c. ChangAbstract:BGP prefix Hijacking remains a serious security threat to the Internet. Despite many detection mechanisms have been proposed, few of them are practically deployed in a large scale. Inaccuracy of detection and inefficiency of deployment are two major causing problems. In this paper, based on the key observation that the distribution of traffic load to a prefix will change unusually after the prefix is hijacked, we present a system LDC to detect BGP prefix Hijacking by passively monitoring Load Distribution Change on direct providers of prefix's owner, with the purpose of Leveraging Data-plane information to detect Control-plane problem. Through large amount of simulations of Hijacking attacks and AS failure events based on empirical data, we evaluate the accuracy of LDC under different deployment situations, moreover, gain useful insights about choosing detection threshold accordingly.
-
Information gain-based topology attribution of diversity of BGP prefix Hijacking impact
2011 International Conference on Computer Science and Service System (CSSS), 2011Co-Authors: Bofeng Zhang, Jinshu SuAbstract:In order to study the relationship between the diversity of BGP prefix Hijacking impact and the topology of participants, we apply a data mining method. We get instances from numerous prefix Hijacking simulations on the authentic Internet topology, and evaluate the importance of topology attributes using information gain-based attribute selection. Then we estimate the precision of classification by running decision tree algorithm with different topology attributes to determine which ones should be taken into consideration in efficient impact evaluation of prefix Hijacking.
-
Study on IP Prefix Hijacking in Cloud Computing Networks Based on Attack Planning
2011IEEE 10th International Conference on Trust Security and Privacy in Computing and Communications, 2011Co-Authors: Wei Peng, Jinshu SuAbstract:Due to the great dependence on Internet routing infrastructure, cloud services are vulnerable to IP prefix Hijacking attacks which can destroy the confidentiality and integrity of user data. It is important to understand what impact a prefix Hijacking attack can cause and how the number and locations of participants can affect the attacking results. In this paper, considering both attacking and detecting, we innovatively model this problem as an attack planning task, and solve it by applying a genetic algorithm. By analyzing the best solution to the problem, we find that the type of victims plays a more important role in IP prefix Hijacking than that of attackers. We also find that attackers can gain great impact even when the prefixes of a small number of victims are hijacked. For attack planning, the degree of an AS is a major criterion to be considered. These findings are useful for securing cloud computing networks by preventing and eliminating IP prefix Hijacking.
-
Analysis of prefix Hijacking based on AS hierarchical model
2011 5th International Conference on Network and System Security, 2011Co-Authors: Bofeng Zhang, Yuan Li, Jinshu SuAbstract:BGP prefix Hijacking is one of the main threatens for the Internet. It is important to identify the impact factors for prefix Hijacking. This paper studies the problem from the view of AS logical topology by analysis of the data from the snapshots of CAIDA. We propose a hierarchical model based on AS relationship to classify the AS nodes into different level and define core size of each node to prioritize them in each level. Two metrics named infected number and infected diameter are introduced to analyze the relationship between the logical structural characters of AS node and the impact of prefix Hijacking. The results show that core size, which reflects the relation of an AS node with Tier-1 AS nodes, and AS level are two main important factors. AS nodes in higher level or with bigger core size are able to infect more nodes. However, AS node in lower level has longer infected diameters. This phenomenon indicates that the prefix Hijacking with attacker in lower level is harder to detect.
Bowen Zhao - One of the best experts on this subject based on the ideXlab platform.
-
A Prefix Hijacking Detection Model Based on the Immune Network Theory
IEEE Access, 2019Co-Authors: Jian Zhang, Daofeng Li, Bowen ZhaoAbstract:The prefix Hijacking problem is an urgent security issue that need to address in the Border Gateway Protocol (BGP) security research. In order to solve the problem of prefix Hijacking in BGP, we propose (a) new (p)refix (h)ijacking (d)etection model based on the immune network theory in this paper, called aPHD. To be specific, aPHD uses real BGP UPDATE messages for pre-training and has the ability to detect UPDATE messages in real time after pre-training. The aPHD (1) can effectively detect prefix Hijacking attacks with high accuracy; (2)is easy to deployment; and (3) has a low false positive rate and low overhead. Extensive performance evaluation shows that our solution is secure and feasible. The aPHD improved the accuracy rate by 6.2% and reduced the false positive rate by 85.7%.
