what is tamperproofing
play

What is tamperproofing? Ensure that a program executes as intended, - PowerPoint PPT Presentation

Feb 06, 2023 •357 likes •1.84k views

What is tamperproofing? Ensure that a program executes as intended, even in the presence of an adversary who tries to disrupt, monitor, or change the execution. A tamperproofing algorithm 1 makes tampering difficult 1/78 What is

  1. Outline Definitions 1 Introspection 2 Checker Network The Skype obfuscated protocol 3 Attacking self-hashing algorithms 4 State inspection 5 Overlapping instructions Response Mechanisms 6 Discussion 7 Introspection 16/78

  2. Checking by introspection Augment the program with functions that compute a hash over a code region to compare to an expected value. Introspection 17/78

  3. Checking by introspection Augment the program with functions that compute a hash over a code region to compare to an expected value. How can we be sure that the attacker won’t tamper with the hash computation itself? Introspection 17/78

  4. Checking by introspection Augment the program with functions that compute a hash over a code region to compare to an expected value. How can we be sure that the attacker won’t tamper with the hash computation itself? 1 build up a network of checkers and responders, so that checkers can check each other and responders can repair code that has been tampered with. Introspection 17/78

  5. Checking by introspection Augment the program with functions that compute a hash over a code region to compare to an expected value. How can we be sure that the attacker won’t tamper with the hash computation itself? 1 build up a network of checkers and responders, so that checkers can check each other and responders can repair code that has been tampered with. 2 hide the hash values so they won’t give away the location of the checkers. Introspection 17/78

  6. Checking by introspection Augment the program with functions that compute a hash over a code region to compare to an expected value. How can we be sure that the attacker won’t tamper with the hash computation itself? 1 build up a network of checkers and responders, so that checkers can check each other and responders can repair code that has been tampered with. 2 hide the hash values so they won’t give away the location of the checkers. We’ll see a clever attack on all introspection algorithms! Introspection 17/78

  7. Checking by introspection Augment the program with functions that compute a hash over a code region to compare to an expected value. How can we be sure that the attacker won’t tamper with the hash computation itself? 1 build up a network of checkers and responders, so that checkers can check each other and responders can repair code that has been tampered with. 2 hide the hash values so they won’t give away the location of the checkers. We’ll see a clever attack on all introspection algorithms! . . . And, We’ll see a clever counter-attack! Introspection 17/78

  8. Inserting Guards ✞ ☎ . . . . . . . . . s t a r t = start address ; end = end address ; h = 0; while ( s t a r t < end ) { h = h ⊕ ∗ s t a r t ; s t a r t ++; } ( h != expected value ) i f abort ( ) ; goto ∗ h ; . . . . . . . . . ✝ ✆ Introspection 18/78

  9. Attack model — Find the guards 1 Search for patterns in the static code, for example two code segment addresses followed by a test: ✞ ☎ s t a r t = 0 xbabebabe ; end = 0 xca75ca75 ; while ( s t a r t < end ) { ✝ ✆ 2 Search for patterns in the execution, such as data reads into the code. Introspection 19/78

  10. Attack model — Disable the guards 1 Replace the if-statement by if (0)... : ✞ ☎ ( 0) i f abort ( ) ; ✝ ✆ 2 Pre-compute the hash value and substitute it into the response code: ✞ ☎ goto ∗ expected value ; ✝ ✆ Introspection 20/78

  11. Tamperproofing Algorithm: Chang & Atallah Invented by two Purdue University researchers, Mike Atallah and Hoi Chang: Patented and with assistance from Purdue a start-up, Arxan, was spun off. Introspection 21/78

  12. Tamperproofing Algorithm: Chang & Atallah Checkers compute a hash over a region and compare to the expected value. Introspection 22/78

  13. Tamperproofing Algorithm: Chang & Atallah Checkers compute a hash over a region and compare to the expected value. Checkers check the code and check each other as well! Introspection 22/78

  14. Tamperproofing Algorithm: Chang & Atallah Checkers compute a hash over a region and compare to the expected value. Checkers check the code and check each other as well! Build up a network of code regions: blocks of user code, checkers , and responders. Introspection 22/78

  15. Tamperproofing Algorithm: Chang & Atallah Checkers compute a hash over a region and compare to the expected value. Checkers check the code and check each other as well! Build up a network of code regions: blocks of user code, checkers , and responders. When a tampered function is found repair it! Introspection 22/78

  16. Tamperproofing Algorithm: Chang & Atallah Checkers compute a hash over a region and compare to the expected value. Checkers check the code and check each other as well! Build up a network of code regions: blocks of user code, checkers , and responders. When a tampered function is found repair it! Skype uses a similar technique. Multiple checkers can check the same region. Introspection 22/78

  17. Tamperproofing Algorithm: Chang & Atallah Checkers compute a hash over a region and compare to the expected value. Checkers check the code and check each other as well! Build up a network of code regions: blocks of user code, checkers , and responders. When a tampered function is found repair it! Skype uses a similar technique. Multiple checkers can check the same region. Multiple responders can repair a tampered region. Introspection 22/78

  18. ✞ ☎ int main (int argc , char * argv []) { int user_key = 0 xca7ca115 ; int media [] = {10 ,102}; play(user_key ,media ,2); } int getkey (int user_key ) { int player_key = 0 xbabeca75 ; return user_key ^ player_key ; } int decrypt (int user_key , int media ) { int key = getkey (user_key ); return media ^ key; } float decode ( int digital ) { return ( float)digital ;} void play(int user_key , int media [], int len ) { int i; for(i=0;i<len ;i++) printf ("%f\n",decode (decrypt (user_key ,media [i]))); } ✝ ✆

  19. ✞ ☎ #define getkeyHASH 0 xce1d400a #define getkeySIZE 14 uint32 getkeyCOPY [] = {0 x83e58955 ,0x72b820ec ,0 xc7080486 ,...}; #define decryptHASH 0 x3764e45c #define decryptSIZE 16 uint32 decryptCOPY [] = {0 x83e58955 ,0xaeb820ec ,0 xc7080486 ,...}; #define playHASH 0 x4f4205a5 #define playSIZE 29 uint32 playCOPY [] = {0 x83e58955 ,0xedb828ec ,0 xc7080486 ,...}; ✝ ✆

  20. ✞ ☎ int main (int argc , char * argv []) { A(); } int A() { B(); } int B() { ... } ✝ ✆

  21. ✞ ☎ uint32 B_COPY []={0 x83e58955 ,0 xaeb820ec ,0 xc7080486 ,...}; int main (int argc , char * argv []) { A(); } int A() { B_hash = hash(B); if ( B_hash != 0 x4f4205a5 ) memcpy (B,B_COPY ); B(); } int B() { ... } ✝ ✆

  22. ✞ ☎ uint32 A_COPY [] ={0 x83e58955 ,0x72b820ec ,0 xc7080486 ,...}; uint32 B_COPY []={0 x83e58955 ,0 xaeb820ec ,0 xc7080486 ,...}; int main (int argc , char * argv []) { A_hash = hash(A); if ( A_hash != 0 x105AB23F ) memcpy (A,A_COPY ); A(); } int A() { B_hash = hash(B); if ( B_hash != 0 x4f4205a5 ) memcpy (B,B_COPY ); B(); } int B() { ... } ✝ ✆

  23. ✞ ☎ uint32 getkeyCOPY [] ={0 x83e58955 ,0 x72b820ec ,0 xc7080486 ,...}; uint32 decryptCOPY []={0 x83e58955 ,0 xaeb820ec ,0 xc7080486 ,...}; uint32 playCOPY [] ={0 x83e58955 ,0 xedb828ec ,0 xc7080486 ,...}; uint32 decryptVal ; int main (int argc , char * argv []) { uint32 playVal = hash((waddr t)play,29); int user_key = 0 xca7ca115 ; decryptVal = hash((waddr t)decrypt,16); int media [] = {10 ,102}; if ( playVal != 0 x4f4205a5 ) memcpy((waddr t)play,playCOPY,29*sizeof(uint32)); play(user_key ,media ,2); } int getkey (int user_key ) { decryptVal = hash((waddr t)decrypt,16); int player_key = 0 xbabeca75 ; return user_key ^ player_key ; } ✝ ✆

  24. ✞ ☎ int decrypt (int user_key , int media ) { uint32 getkeyVal = hash((waddr t)getkey,14); if ( getkeyVal != 0 xce1d400a ) memcpy((waddr t)getkey,getkeyCOPY,14*sizeof(uint32)); int key = getkey (user_key ); return media ^ key; } float decode ( int digital ) { return ( float )digital ; } void play(int user_key , int media [], int len ) { if ( decryptVal != 0 x3764e45c ) memcpy((waddr t)decrypt,decryptCOPY,16*sizeof(uint32)); int i; for(i=0;i<len ;i++) printf ("%f\n",decode (decrypt (user_key ,media [i]))); } ✝ ✆

  25. Algorithm Chang & Atallah: Checker network main c 1 r 1 c 0 r 3 play decode c 2 r 2 decrypt c 3 getkey code — code blocks c i — checkers r i — repairers Introspection 30/78

  26. Algorithm tpCA : Checker Network Here’s the corresponding code, as it is laid out in memory: main getkey decrypt play decode c 3 c 2 c 1 r 3 c 0 r 1 r 2 blue represent checkers, pink repairers. Introspection 31/78

  27. Generating hash functions Prevent collusive attacks ⇒ generate a large number of different-looking hash functions. Introspection 32/78

  28. Generating hash functions Prevent collusive attacks ⇒ generate a large number of different-looking hash functions. Self-collusive attacks = the adversary scans through the program for pieces of similar-looking code. Introspection 32/78

  29. Generating hash functions Prevent collusive attacks ⇒ generate a large number of different-looking hash functions. Self-collusive attacks = the adversary scans through the program for pieces of similar-looking code. No need to be “cryptographically secure”. Introspection 32/78

  30. Generating hash functions Prevent collusive attacks ⇒ generate a large number of different-looking hash functions. Self-collusive attacks = the adversary scans through the program for pieces of similar-looking code. No need to be “cryptographically secure”. No need to generate a uniform distribution of values. Introspection 32/78

  31. Generating hash functions Prevent collusive attacks ⇒ generate a large number of different-looking hash functions. Self-collusive attacks = the adversary scans through the program for pieces of similar-looking code. No need to be “cryptographically secure”. No need to generate a uniform distribution of values. Must be simple, fast, stealthy! Introspection 32/78

  32. hash1 ✞ ☎ typedef unsigned int uint32 ; typedef uint32 * addr_t ; uint32 hash1 ( addr_t addr ,int words ) { uint32 h = * addr; int i; for (i=1; i<words ; i++) { addr ++; h ^= * addr; } return h; } ✝ ✆ Inline the function for better stealth. Introspection 33/78

  33. hash2 ✞ ☎ uint32 hash2 ( addr_t start ,addr_t end ) { uint32 h = * start; while (1) { start ++; if (start >=end ) return h; h ^= * start; } } ✝ ✆ Will the compiler generate different code than for hash1 ??? Introspection 34/78

  34. hash3 ✞ ☎ int32 hash3 ( addr_t start ,addr_t end ,int step ) { uint32 h = * start; while (1) { start += step; if (start >=end ) return h; h ^= * start; } } ✝ ✆ Step through the code region in more or less detail ⇒ balance performance and accuracy. Introspection 35/78

  35. hash4 ✞ uint32 hash4 ( addr_t start ,addr_t end ,uint32 rnd ) { addr_t t = ( addr_t )(( uint32 )start + ( uint32 )end + rnd ); uint32 h = 0; do { h += *(( addr_t )(-( uint32 )end -( uint32 )rnd +( uint32 )t)); t++; } while (t < ( addr_t )(( uint32 )end+ (uint32 )end +( uint32 )rnd )); return h; } ✝ Scan backwards. Obfuscate to prevent pattern-matching attacks: add (and then subtract out) a random value ( rnd ). Introspection 36/78

  36. hash5 ✞ ☎ uint32 hash5 ( addr_t start , addr_t end , uint32 C) { uint32 h = 0; while ( start < end ) { h = C*(* start + h); start ++; } return h; } ✝ ✆ Generate 2,916,864 variants, each less than 50 bytes of x86, by reordering basic blocks, inverting conditional branches, replacing multiplication instructions by combinations of shifts, adds, and address computations, permuting instructions within blocks, permuting register assignments, and replacing instructions with equivalents. Introspection 37/78

  37. Outline Definitions 1 Introspection 2 Checker Network The Skype obfuscated protocol 3 Attacking self-hashing algorithms 4 State inspection 5 Overlapping instructions Response Mechanisms 6 Discussion 7 The Skype obfuscated protocol 38/78

  38. The Skype obfuscated protocol Voice-over-IP service where users are charged for computer-to-phone and phone-to-computer calls. The Skype client is heavily tamperproofed and obfuscated. 2005: Skype was bought by eBay for $2.6 billion. 2006: Hacked by two researchers at the EADS Corporate Research Center in France. The Skype obfuscated protocol 39/78

  39. The Skype obfuscated protocol The client binary contains: 1 hardcoded RSA keys 2 the IP address and port number of a known server Break the protection and build your own VoIP network! The Skype obfuscated protocol 40/78

  40. Skype protection: Stage 1 ERASED ERASED 1. initialize 2. load dll:s PC 3. erase 3. erase 3. erase 4. decrypt 4. decrypt 4. decrypt PC key key key ENCRYPTED 5. load hidden 5. load hidden dll table dll table PC 6. ... 6. ... dll table dll table dll table hidden dll table pink: cleartext code, loads dlls. blue: erase pink code, decrypts green code. green: loads hidden dlls (yellow). Erasing and hiding dlls: hard to recreate binary. The Skype obfuscated protocol 41/78

  41. Skype protection: Stage 2 Check for debuggers: 1 Signatures of known debuggers 2 Timing tests The Skype obfuscated protocol 42/78

  42. Skype protection: Stage 3 Checker network: C 1 C 37 . C 2 C 38 . . C 36 C 72 Hash function computes the address of the next location to be executed! Hash functions are obfuscated, but not enough — attacked by pattern-matching. The Skype obfuscated protocol 43/78

  43. ✞ uint32 hash7 () { addr_t addr; addr = ( addr_t )(( uint32 )addr ^( uint32 )addr); addr = ( addr_t )(( uint32 )addr + 0 x688E5C ); uint32 hash = 0 x320E83 ^ 0 x1C4C4 ; int bound = hash + 0 xFFCC5AFD ; do { uint32 data = *(( addr_t )(( uint32 )addr + 0 x10 )); goto b1; asm volatile (".byte 0x19"); b1: hash = hash ⊕ data; addr -= 1; bound --; } while ( bound !=0); goto b2; asm volatile (".byte 0 x73"); b2: goto b3; asm volatile (".word 0 xC8528417 ,0 xD8FBBD1 ,0 xA36CFB2F "); asm volatile (".word 0 xE8D6E4B7 ,0 xC0B8797A "); asm volatile (".byte 0x61 ,0xBD "); b3: hash -=0 x4C49F346 ; return hash; } ✝

  44. Outline Definitions 1 Introspection 2 Checker Network The Skype obfuscated protocol 3 Attacking self-hashing algorithms 4 State inspection 5 Overlapping instructions Response Mechanisms 6 Discussion 7 Attacking self-hashing algorithms 45/78

  45. Algorithm reWOS : Attacking self-hashing algorithms How to attack introspection algorithms? 1 Analyze the code to locate the checkers, or Attacking self-hashing algorithms 46/78

  46. Algorithm reWOS : Attacking self-hashing algorithms How to attack introspection algorithms? 1 Analyze the code to locate the checkers, or 2 Analyze the code to locate the responders, then Attacking self-hashing algorithms 46/78

  47. Algorithm reWOS : Attacking self-hashing algorithms How to attack introspection algorithms? 1 Analyze the code to locate the checkers, or 2 Analyze the code to locate the responders, then 3 Remove or disable them without destroying the rest of the program. Attacking self-hashing algorithms 46/78

  48. Algorithm reWOS : Attacking self-hashing algorithms How to attack introspection algorithms? 1 Analyze the code to locate the checkers, or 2 Analyze the code to locate the responders, then 3 Remove or disable them without destroying the rest of the program. Attack can just as well be external to the program! Attacking self-hashing algorithms 46/78

  49. Algorithm reWOS : Attacking self-hashing algorithms Processors treat code and data differently. Attacking self-hashing algorithms 47/78

  50. Algorithm reWOS : Attacking self-hashing algorithms Processors treat code and data differently. TLBs (Translation Lookaside Buffers) and caches are split in separate parts for code and data. Attacking self-hashing algorithms 47/78

  51. Algorithm reWOS : Attacking self-hashing algorithms Processors treat code and data differently. TLBs (Translation Lookaside Buffers) and caches are split in separate parts for code and data. In the hash-based algorithms code is accessed 1 as code (when it’s being executed) and ⇒ sometimes a function will be read into the I-cache and sometimes into the D-cache. Attacking self-hashing algorithms 47/78

  52. Algorithm reWOS : Attacking self-hashing algorithms Processors treat code and data differently. TLBs (Translation Lookaside Buffers) and caches are split in separate parts for code and data. In the hash-based algorithms code is accessed 1 as code (when it’s being executed) and 2 as data (when it’s being hashed). ⇒ sometimes a function will be read into the I-cache and sometimes into the D-cache. Attacking self-hashing algorithms 47/78

  53. Algorithm reWOS : Attacking self-hashing algorithms Attack: modify the OS such that 1 redirect reads of the code to the original, unmodified program (hash values will be computed as expected!) Attacking self-hashing algorithms 48/78

  54. Algorithm reWOS : Attacking self-hashing algorithms Attack: modify the OS such that 1 redirect reads of the code to the original, unmodified program (hash values will be computed as expected!) 2 redirect execution of the code to the modified program (the modified code will get executed!) Attacking self-hashing algorithms 48/78

  55. Algorithm reWOS : Attacking self-hashing algorithms Attack( P , K ) : 1 Copy program P to P orig . 2 Modify P as desired to a hacked version P ′ . 3 Modify the operating system kernel K such that data reads are directed to P orig , instruction reads to P ′ . Attacking self-hashing algorithms 49/78

  56. Algorithm reWOS : Attacking self-hashing algorithms Typical memory management system: Virtual Address Offset Page Index TLB hit TLB miss TLB Page Tables Page Frame Offset Physical Address On a TLB miss walk the page tables (slow), and update the TLB with the new virtual-to-physical address mapping. Attacking self-hashing algorithms 50/78

  57. Algorithm reWOS : Attacking self-hashing algorithms Typical memory management system: Virtual Address Offset Page Index TLB hit TLB miss TLB Page Tables Page Frame Offset Physical Address On a TLB miss walk the page tables (slow), and update the TLB with the new virtual-to-physical address mapping. On the UltraSparc, the hardware gives the OS control on a TLB miss by throwing one of two exceptions depending on whether the miss was caused by a data or an instruction fetch Attacking self-hashing algorithms 50/78

  58. Algorithm reWOS : Attacking self-hashing algorithms 1 Copy P to P orig and modify P however you like. Physical Virtual Address frames 03 05 02 00 1 TLB I−TLB miss Instruction 2 fetch 2 → 3 Page Tables if (false) 3 abort(); if (expired) 4 D−TLB abort(); 2 → 4 5 Data fetch 6 Attacking self-hashing algorithms 51/78

  59. Algorithm reWOS : Attacking self-hashing algorithms 1 Copy P to P orig and modify P however you like. 2 Arrange the physical memory such that frame i comes from the hacked P and frame i + 1 is the corresponding original frame from P orig . Physical Virtual Address frames 03 05 02 00 1 TLB I−TLB miss Instruction 2 fetch 2 → 3 Page Tables if (false) 3 abort(); if (expired) 4 D−TLB abort(); 2 → 4 5 Data fetch 6 Attacking self-hashing algorithms 51/78

  60. Algorithm reWOS : Attacking self-hashing algorithms 1 Copy P to P orig and modify P however you like. 2 Arrange the physical memory such that frame i comes from the hacked P and frame i + 1 is the corresponding original frame from P orig . 3 Modify the kernel: if a page table lookup yields a v → p virtual-to-physical address mapping, I-TLB is updated with v → p and D-TLB with v → p + 1. Physical Virtual Address frames 03 05 02 00 1 TLB I−TLB miss Instruction 2 fetch 2 → 3 Page Tables if (false) 3 abort(); if (expired) 4 D−TLB abort(); 2 → 4 5 Data fetch 6 Attacking self-hashing algorithms 51/78

  61. Algorithm reWOS : Attacking self-hashing algorithms Physical Virtual Address frames 03 05 02 00 1 TLB I−TLB miss Instruction 2 fetch 2 → 3 Page Tables if (false) 3 abort(); if (expired) 4 D−TLB abort(); 2 → 4 5 Data fetch 6 1 The attacker has modified the program to bypass a license-expired check. Attacking self-hashing algorithms 52/78

  62. Algorithm reWOS : Attacking self-hashing algorithms Physical Virtual Address frames 03 05 02 00 1 TLB I−TLB miss Instruction 2 fetch 2 → 3 Page Tables if (false) 3 abort(); if (expired) 4 D−TLB abort(); 2 → 4 5 Data fetch 6 1 The attacker has modified the program to bypass a license-expired check. 2 The original program pages are in blue. Attacking self-hashing algorithms 52/78

  63. Algorithm reWOS : Attacking self-hashing algorithms Physical Virtual Address frames 03 05 02 00 1 TLB I−TLB miss Instruction 2 fetch 2 → 3 Page Tables if (false) 3 abort(); if (expired) 4 D−TLB abort(); 2 → 4 5 Data fetch 6 1 The attacker has modified the program to bypass a license-expired check. 2 The original program pages are in blue. 3 The modified program pages are in pink. Attacking self-hashing algorithms 52/78

  64. Algorithm reWOS : Attacking self-hashing algorithms Virtual Address Physical frames 03 05 02 00 1 TLB I−TLB miss Instruction 2 fetch 2 → 3 Page Tables if (false) 3 abort(); if (expired) 4 D−TLB abort(); 2 → 4 5 Data fetch 6 1 The program tries to read its own code in order to execute it ⇒ the processor throws an I-TLB-miss exception, the OS updates the I-TLB to refer to the modified page. Attacking self-hashing algorithms 53/78

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

345 views • 12 slides
Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich),

Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich),

Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich), Hari K. Prasad, Kankipati, Sakhamuri, Yagati (NetIndia), Rop Gonggrijp &quot;Reaffirm it's belief in the infallibility of the EVMs&quot; Goals

1.02k views • 53 slides
ACR 3413 BASIC STRUCTURAL ENGINEERING 3 Lecture 1 Univers rsit ity y Putra a Malaysia ysia

ACR 3413 BASIC STRUCTURAL ENGINEERING 3 Lecture 1 Univers rsit ity y Putra a Malaysia ysia

ACR 3413 BASIC STRUCTURAL ENGINEERING 3 Lecture 1 Univers rsit ity y Putra a Malaysia ysia - Communication - Talk to Architect, M&amp;E Engineer and Other Consultants of their Requirements Item Verti tical Load {V} Horizon zonta tal

572 views • 40 slides
Maximilian Michels @stadtlegende max@crate.io mxm@apache.org 2 W H Y A R E W E TA L K I N G

Maximilian Michels @stadtlegende max@crate.io mxm@apache.org 2 W H Y A R E W E TA L K I N G

C R AT E D B : A S E A R C H E N G I N E O R A D ATA B A S E ? B O T H ! H O W W E B U I LT A S Q L D ATA B A S E O N T O P O F E L A S T I C S E A R C H A N D L U C E N E Maximilian Michels @stadtlegende max@crate.io

740 views • 29 slides
Lecture Outline Protocols for detecting manipulation How to think about

Lecture Outline Protocols for detecting manipulation How to think about

Lecture Outline Protocols for detecting manipulation How to think about architecture In general systems terms For security implications Tussles in architectures that affect multiple stakeholders Ethane: the

636 views • 37 slides
Security aid in producing vulnerability free code (bounds primary topic of the paper for today

Security aid in producing vulnerability free code (bounds primary topic of the paper for today

Security aid in producing vulnerability free code (bounds primary topic of the paper for today protect code from people with access to hardware checking, no-execute bit) aid in producing vulnerability free code (bounds secondary topic of the

193 views • 18 slides
Inference in Belief Networks CMPUT 366: Intelligent Systems P&amp;M 8.4 Lecture Outline

Inference in Belief Networks CMPUT 366: Intelligent Systems P&amp;M 8.4 Lecture Outline

Inference in Belief Networks CMPUT 366: Intelligent Systems P&amp;M 8.4 Lecture Outline 1. Recap 2. Factors 3. Variable Elimination 4. Efficiency Recap: Belief Networks Definition: A belief network (or Bayesian network )

1.27k views • 23 slides
Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini Vasudevan UC Berkeley Secret Sharing [Shamir 79, Blakley 79] Share 1 , , Reconstruction: Given at least

1.45k views • 20 slides
Lessons from Star Wars Adam Shostack @adamshostack Agenda What is threat modeling? A

Lessons from Star Wars Adam Shostack @adamshostack Agenda What is threat modeling? A

Threat Modeling: Lessons from Star Wars Adam Shostack @adamshostack Agenda What is threat modeling? A simple approach to threat modeling Top 10 lessons Learning more What is threat modeling? A SIMPLE APPROACH TO THREAT

606 views • 41 slides
12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic graphics 2.Detecting manipulated images Photo manipulation is the application of image editing techniques to photographs in order to create an

306 views • 13 slides
LETS ENCRYPT Olivier Yiptong oyiptong@mozilla.com PRIVACY MATTERS PRIVACY MATTERS: HTTPS

LETS ENCRYPT Olivier Yiptong oyiptong@mozilla.com PRIVACY MATTERS PRIVACY MATTERS: HTTPS

LETS ENCRYPT Olivier Yiptong oyiptong@mozilla.com PRIVACY MATTERS PRIVACY MATTERS: HTTPS Con fi dentiality Data Integrity Authentication NO PRIVACY: HTTP Public-only communication (Possibly?) Tampered messages Of

244 views • 23 slides
Mobile App Security An introduction Marc Obrador Who am I? Marc Obrador Co-founder &amp; Head

Mobile App Security An introduction Marc Obrador Who am I? Marc Obrador Co-founder &amp; Head

Mobile App Security An introduction Marc Obrador Who am I? Marc Obrador Co-founder &amp; Head of Product Architecture @ Build38 Barcelona marc@build38.com @marcobrador /in/marc-obrador Build38 | Intro to Mobile App Security February 2020

808 views • 32 slides
Outline Threat modeling, contd Shellcode techniques CSci 4271W Development of Secure

Outline Threat modeling, contd Shellcode techniques CSci 4271W Development of Secure

Outline Threat modeling, contd Shellcode techniques CSci 4271W Development of Secure Software Systems Binary-level GDB commands and demo Day 5: Memory safety attacks In-person lab logistics reminders Stephen McCamant Project 1 bcimgview

1.17k views • 6 slides
Introduction to Artificial Intelligence Bayesian Networks Janyl Jumadinova September 26, 2016

Introduction to Artificial Intelligence Bayesian Networks Janyl Jumadinova September 26, 2016

Introduction to Artificial Intelligence Bayesian Networks Janyl Jumadinova September 26, 2016 Bayesian Networks A simple, graphical notation for conditional independence assertions 2/14 Bayesian Networks A simple, graphical notation

576 views • 34 slides
IPC, Threads, Races, Critical Sections 7A. Threads 7B. Inter-Process Communication Operating

IPC, Threads, Races, Critical Sections 7A. Threads 7B. Inter-Process Communication Operating

4/18/2016 IPC, Threads, Races, Critical Sections 7A. Threads 7B. Inter-Process Communication Operating Systems Principles 7C. Critical Sections IPC, Threads, Races, Critical Sections 7D. Asynchronous Event Completions Mark Kampe

245 views • 8 slides
Advanced icommands 2010 iRODS User Group Meeting mwan@diceresearch.org 1 Go over not

Advanced icommands 2010 iRODS User Group Meeting mwan@diceresearch.org 1 Go over not

Advanced icommands 2010 iRODS User Group Meeting mwan@diceresearch.org 1 Go over not commonly used icommands and features iput -P output the progress -I redirect the connection to resource server -N numThreads number of

307 views • 8 slides
Panel Presentation NCSLI 2013 Session 6B Easy Translation of TAR or TUR into Uncertainty

Panel Presentation NCSLI 2013 Session 6B Easy Translation of TAR or TUR into Uncertainty

Panel Presentation NCSLI 2013 Session 6B Easy Translation of TAR or TUR into Uncertainty William Guthrie Statistical Engineering Division Information Technology Laboratory National Institute of Standards and Technology Generic

303 views • 8 slides
Early TAR Experience at Northwest Permanente Kimberly Workman, MD Chief, Department of

Early TAR Experience at Northwest Permanente Kimberly Workman, MD Chief, Department of

5/8/2014 Early TAR Experience at Northwest Permanente Kimberly Workman, MD Chief, Department of Orthopedic Surgery I have no disclosures Kaiser Sunnyside Medical Center Steven Laxson, DPM Residency Director Legacy Health/Kaiser Department

298 views • 7 slides
Usage Of dCache Resilient Pools for User Code Distribution Recap Analyzers and some

Usage Of dCache Resilient Pools for User Code Distribution Recap Analyzers and some

Usage Of dCache Resilient Pools for User Code Distribution Recap Analyzers and some production groups lost access to a subset of their frequently changing code located on Bluearc and have to download files from dCache scratch area. The

213 views • 5 slides
Graphs with large total angular resolution Oswin Aichholzer Matias Korman Yoshio Okamoto Irene

Graphs with large total angular resolution Oswin Aichholzer Matias Korman Yoshio Okamoto Irene

W I S S E N T E C H N I K L E I D E N S C H A F T Graphs with large total angular resolution Oswin Aichholzer Matias Korman Yoshio Okamoto Irene Parada Daniel Perz Andr e van Renssen Birgit Vogtenhuber 18.

680 views • 34 slides
Tools and Advanced Commands Emanuele Valea &lt;valea@lirmm.fr&gt; LIRMM CNRS / Universit de

Tools and Advanced Commands Emanuele Valea &lt;valea@lirmm.fr&gt; LIRMM CNRS / Universit de

Tools and Advanced Commands Emanuele Valea &lt;valea@lirmm.fr&gt; LIRMM CNRS / Universit de Montpellier Outline Advanced commands: find grep tar, gzip, gunzip Filters: sort cut sed Outline Advanced

568 views • 38 slides
Improving Dark Matter searches using Track Assisted Reclustered (TAR) jets with the ATLAS detector

Improving Dark Matter searches using Track Assisted Reclustered (TAR) jets with the ATLAS detector

Improving Dark Matter searches using Track Assisted Reclustered (TAR) jets with the ATLAS detector at s = 13 TeV Fabrizio Napolitano Universitt Heidelberg On behalf of the ATLAS collaboration YSF - Interpreting the LHC Run 2 Data and

557 views • 32 slides
Threshold cointegration in R with package tsDyn Matthieu Stigler Matthieu.Stigler at gmail.com

Threshold cointegration in R with package tsDyn Matthieu Stigler Matthieu.Stigler at gmail.com

Threshold cointegration in R with package tsDyn Matthieu Stigler Matthieu.Stigler at gmail.com 8 July 2009 National Institute for Public Finance and Policy, India Agroscope, Federal Office for Agriculture, Switzerland Matthieu Stigler

419 views • 39 slides
Book: Dinosaurs? &amp; Dinosaur Wars Frederick P. Brooks' Mythical Man-Month (1975). Description

Book: Dinosaurs? &amp; Dinosaur Wars Frederick P. Brooks' Mythical Man-Month (1975). Description

Book: Dinosaurs? &amp; Dinosaur Wars Frederick P. Brooks' Mythical Man-Month (1975). Description of the software crises - likens large scale programming to a tar pit Opera&amp;ng Systems No scene from prehistory is quite so vivid as that of the

237 views • 13 slides

More recommend