who am i who am i
play

Who am I? Who am I? A researcher for computer security National - PowerPoint PPT Presentation

Apr 01, 2024 •10 likes •460 views

National Institute of Advanced Industrial Science and Technology DeviceDisEnabler: a lightweight hypervisor which hides devices to protect cyber espionage and tampering t t b i d t i Kuniyasu Suzaki y National Institute of Advanced

  1. National Institute of Advanced Industrial Science and Technology DeviceDisEnabler: a lightweight hypervisor which hides devices to protect cyber espionage and tampering t t b i d t i Kuniyasu Suzaki y National Institute of Advanced Industrial Science and Technology(AIST) Black Hat Sao Paul, Brazil, 26/November/2014

  2. National Institute of Advanced Industrial Science and Technology Who am I? Who am I? • A researcher for computer security – National Institute of Advanced Industrial Science and Technology N ti l I tit t f Ad d I d t i l S i d T h l (AIST) • More than 3,000 researchers. – Research Institute for Secure Systems (RISEC) • About 40 researchers for security Here is my office Research Institute for Secure Systems y – My office is at Tsukuba headquarter. • Current interests https://staff.aist.go.jp/k.suzaki/ p g jp – Security on hypervisor – Security on control systems Security on control systems 2

  3. National Institute of Advanced Industrial Science and Technology Do you know how many devices Do you know how many devices included in a mobile gadget? • Microphone, Speaker • Digital Camera • Digital Camera • GPS • Gyroscope • etc. (Many sensors) ( y ) • Around 2000 PDA(e g Palm Pilot Apple Newton) did not • Around 2000, PDA(e.g., Palm Pilot, Apple Newton) did not have such devices. • CURRENT mobile gadgets are not traditional computers. CURRENT bil d t t t diti l t They are an aggregation of sensor devices. 3

  4. National Institute of Advanced Industrial Science and Technology D Do you know the resolution of these devices? k th l ti f th d i ? • Microphone, Speaker – More than CD quality (44.1 kHz). • Digital camera – More than 100M pixel. p • GPS – Resolution is less than 10 m. Resolution is less than 10 m • Gyroscope – Sampling is more than 20 Hz. S li i th 20 H 4

  5. National Institute of Advanced Industrial Science and Technology Is there anything wrong with these y g g high resolution devices? • Yes! • High-resolution devices can be used for cyber espionage. p g – There are many incidents and research results. 5

  6. National Institute of Advanced Industrial Science and Technology Eavesdropping caused by microphone Eavesdropping caused by microphone • “Bundestrojaner” (Federal Trojan) had high impact for • Bundestrojaner (Federal Trojan) had high impact for society. • It is also named “R2D2” because the code has the string "C3PO-r2d2-POE" It is also named R2D2 because the code has the string C3PO r2d2 POE . • Allegedly, the malware R2D2 was installed by an officer All dl th l R2D2 i t ll d b ffi at a German Airport. – R2D2 records Skype audio conversations and sends the data to a d k di i d d h d remote website. – R2D2 was discovered by Chaos Computer Club (CCC) in 2011. R2D2 di d b Ch C t Cl b (CCC) i 2011 • Finally, it was publicized that German authorities ordered the cyber espionage malware. h b i l 6

  7. National Institute of Advanced Industrial Science and Technology Facial Reflection Keylogger Keylogger [T.Fiebig, WOOT’14] The front camera takes The front camera takes shot of user’s face (eye). Zooming Detect thumb Put on a keyboard T.fiebig, j.krissler and r.hanesch, “Security Impact of High Resolution Smartphone Cameras" woot 2014. https://www.usenix.org/conference/woot14/workshop-program/presentation/fiebig 7

  8. National Institute of Advanced Industrial Science and Technology Malicious location tracking by GPS Malicious location tracking by GPS • “Cerberus” and “mSpy” are normal applications (anti theft • Cerberus and mSpy are normal applications (anti-theft application), but they are used to track employee. • Japanese application named “karelog” (Boyfriend Log) steals data of Japanese application named karelog (Boyfriend Log) steals data of GPS without permission. – It was sold by the name of “GPS Control manager”. – It became the social problem in Japan and the company had to terminate the service. 8

  9. National Institute of Advanced Industrial Science and Technology Eavesdropping caused by Gyroscope Eavesdropping caused by Gyroscope • Gyroscope is not a microphone, but it turns to be a speech logger. y p p , p gg • It is called Gyrophone [USENIX Security 14, BlackHat Europe 14]. – Merit: Access to microphone requires permission, but access to gyroscope does not. It makes easy to use for cyber espionage. – The sampling rate of gyroscope (20-200Hz) does not fit speech (male 85 - 180 Hz female 165 - 255 Hz) but ALIASING helps to understand speech 180 Hz, female 165 255 Hz), but ALIASING helps to understand speech. Y.Michalevsky, D.Boneh, and Gabi Nakibly, “Gyrophone: Recognizing Speech from Gyroscope Signals”, https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/michalevsky 9

  10. National Institute of Advanced Industrial Science and Technology Mobile gadgets are used in a restricted area Mobile gadgets are used in a restricted area. • Mobile gadgets are commonly used in factories, meeting Mobile gadgets are commonly used in factories, meeting rooms, hospitals, where treat important information. • The administrator wants to prohibit devices which are • The administrator wants to prohibit devices which are not used for work. Factory Meeting 10

  11. National Institute of Advanced Industrial Science and Technology Extra Threat Extra Threat • Not only attackers but also users (workers) want to use • Not only attackers but also users (workers) want to use the devices on mobile gadgets. • The users may circumvent countermeasures. • Administrators have to deal with attackers as well as workers. 11

  12. National Institute of Advanced Industrial Science and Technology Current Countermeasures Current Countermeasures • Some BIOS/EFI can disenable devices. S BIOS/EFI di bl d i – It is useful, but all mobile gadgets do not have such function. have such function. • Samsung KNOX disenables devices, but it runs on Samsung’s Android only. • Security goods Protect cap p Security seal to hide camera They depend on user’s conscience. Can you trust them? 12

  13. National Institute of Advanced Industrial Science and Technology My proposal My proposal • “DeviceDisEnabler (DDE)”: a lightweight hypervisor “D i Di E bl (DDE)” li ht i ht h i which hides devices to protect cyber espionage and tampering i • Features 1. Lightweight and insertable to many mobile gadgets 2 2. Hiding PCI devices from an OS Hiding PCI devices from an OS 3. Prevention of circumvention • The OS cannot boot without the DDE because a part of the disk is encrypted by the DDE. • The encryption key is hidden from the user. 13

  14. National Institute of Advanced Industrial Science and Technology Targets of DDE Targets of DDE • Mobile gadgets (Note PC, Tablet, etc.) with x86/AMD64 architecture CPU. • DDE is developed on open source hypervisor “BitVisor”. p p yp • http://www.bitvisor.org/ • DDE disenables PCI devices which are not used for work. – Current implementation does not treat USB devices. Laptop PC used for presentation outside of a office L t PC d f t ti t id f ffi T bl t Tablet used in hospital d i h it l Camera Camera Microphone USB GPS Gyroscope Bluetooth 14

  15. National Institute of Advanced Industrial Science and Technology Division of roles between DDE and OS Division of roles between DDE and OS • DDE manages devices • DDE manages devices. – The DDE is independent of the OS and hides some devices from the OS from the OS. • OS has responsibility for the user account. • DDE’s Disk encryption is independent of the OS’s DDE’ Di k ti i i d d t f th OS’ encryption. – The DDE’s Disk encryption can coexist with OS’s disk encryption (e.g., Windows’s BotLocker). 15

  16. National Institute of Advanced Industrial Science and Technology (1) Insertable Hypervisor on an existing OS (1) Insertable Hypervisor on an existing OS • Thin type-I (bare-metal) hypervisor – Para-passthrough architecture (BitVisor[VEE’09]) P th h hit t (BitVi [VEE’09]) • No Device Model. Guest OS can access devices directly. – Small Trusted Computing Base (TCB) Small Trusted Computing Base (TCB) • Type-I hypervisor has no Host OS. • DDE is inserted using chainload function of boot loader • DDE is inserted using chainload function of boot-loader. BIOS Existing System Go back to GRUB Applications (User Space) GRUB DeviceDisEnabler GRUB D i Di E bl Preinstalled OS (resides in memory) chain loader DeviceDisEnabler Insert at boot time (hypervisor) (hypervisor) NTLDR Windows Hardware (Windows Bootloader) 16

  17. National Institute of Advanced Industrial Science and Technology (2) Hiding PCI devices from an OS (2) Hiding PCI devices from an OS • A mobile gadget has many devices on PCI. • Tool: PCI-Z (ThinkPad Helix) – http://www.pci-z.com/ http://www pci z com/ 17

  18. Device classes National Institute of Advanced Industrial Science and Technology H How an OS recognizes a device on PCI OS i d i PCI • An OS gets the information of devices on PCI from “ PCI configuration space” . g p – The information includes Vendor ID, Device ID, and Device Class Code, etc. • Vendor ID and Device Class code are defined by PCI-SIG. 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mathematical Induction n The inductive proof will sometimes point out an algorithmic solution to a

Mathematical Induction n The inductive proof will sometimes point out an algorithmic solution to a

2/28/16 Why induction? n Prove algorithm correctness Mathematical Induction n The inductive proof will sometimes point out an algorithmic solution to a problem n Strongly connected to recursion Rosen Chapter 5 Motivation Motivation n A group

524 views • 8 slides
What is colour? Eliminativism : The view that either (a) colours as we perceive them do not exist

What is colour? Eliminativism : The view that either (a) colours as we perceive them do not exist

What is colour? Eliminativism : The view that either (a) colours as we perceive them do not exist in nature, that is, there is no room for them in our scientific ontologies (error theory); or (b) while there is colour, nonetheless the particular

630 views • 35 slides
Review for Final Exam 18.05 Spring 2014 Jeremy Orloff and Jonathan Bloom Unit 1: Probability 1.

Review for Final Exam 18.05 Spring 2014 Jeremy Orloff and Jonathan Bloom Unit 1: Probability 1.

Review for Final Exam 18.05 Spring 2014 Jeremy Orloff and Jonathan Bloom Unit 1: Probability 1. Sets. 2. Counting. 3. Sample space, outcome, event, probability function. 4. Probability: conditional probability, independence, Bayes theorem. 5.

841 views • 72 slides
Data Mining: Data Lecture Notes for Chapter 2 Slides by Tan, Steinbach, Kumar adapted by Michael

Data Mining: Data Lecture Notes for Chapter 2 Slides by Tan, Steinbach, Kumar adapted by Michael

Data Mining: Data Lecture Notes for Chapter 2 Slides by Tan, Steinbach, Kumar adapted by Michael Hahsler Look for accompanying R code on the course web site. 1 Topics Attributes/Features Types of Data Sets Data Quality Data

1.34k views • 73 slides
Final items Please email an updated final version of your notebook paper by 1. March 2020 to

Final items Please email an updated final version of your notebook paper by 1. March 2020 to

Final items Please email an updated final version of your notebook paper by 1. March 2020 to gawad@nist.gov If your draft notebook paper is considered FINAL, then also let us know! Please update citations to give credit for resources

161 views • 15 slides
National Space Agencies Facing New European Competences and Policies Augusto Cramarossa Italian

National Space Agencies Facing New European Competences and Policies Augusto Cramarossa Italian

National Space Agencies Facing New European Competences and Policies Augusto Cramarossa Italian Space Agency - ASI Head of the ASI President Technical Cabinet 1 Agenzia Spaziale Italiana ASI The Italian Space Agency was founded in

937 views • 78 slides
Nuclear Energy: a New Beginning? - Findings from a recent MIT study - Jacopo Buongiorno TEPCO

Nuclear Energy: a New Beginning? - Findings from a recent MIT study - Jacopo Buongiorno TEPCO

Nuclear Energy: a New Beginning? - Findings from a recent MIT study - Jacopo Buongiorno TEPCO Professor of Nuclear Science and Engineering Director, Center for Advanced Nuclear Energy Systems 2018 study on the Future of Nuclear Key

576 views • 36 slides
Assessing the Greatest Opportunity for Prevention of Occupational Cancer L Rushton 1 , T. Brown

Assessing the Greatest Opportunity for Prevention of Occupational Cancer L Rushton 1 , T. Brown

Assessing the Greatest Opportunity for Prevention of Occupational Cancer L Rushton 1 , T. Brown 2 , R Bevan 3 , J Cherrie 4 , L Fortunato 1 , S Bagga 3 , P Holmes 3 , S Hutchings 1 , R Slack 3 , M Van Tongeren 4 , C Young 2 1 Dept.

550 views • 16 slides
Distributed Deep Learning: Methods and Resources Sergey Nikolenko Maxim Prasolov Chief Research

Distributed Deep Learning: Methods and Resources Sergey Nikolenko Maxim Prasolov Chief Research

Distributed Deep Learning: Methods and Resources Sergey Nikolenko Maxim Prasolov Chief Research Officer, Neuromation CEO, Neuromation Researcher, Steklov Institute of Mathematics at St. Petersburg September 23, 2017, AI Ukraine, Kharkiv

562 views • 35 slides
Muon Accelerator Program Monthly Status Review December 14, 2012 Outline Introduction

Muon Accelerator Program Monthly Status Review December 14, 2012 Outline Introduction

Muon Accelerator Program Monthly Status Review December 14, 2012 Outline Introduction MAP Management Update L2 Manager Updates AOB December 14, 2012 MAP Monthly Status Report 2 Introduction Goals for our monthly status

398 views • 23 slides
Appendix 1 1 LBBD Staff - Eye Health Survey Results May 2015 Matthew Cole Name: Job title:

Appendix 1 1 LBBD Staff - Eye Health Survey Results May 2015 Matthew Cole Name: Job title:

Appendix 1 1 LBBD Staff - Eye Health Survey Results May 2015 Matthew Cole Name: Job title: Director of Public Health Date: May 2015 2 Eye Health Survey What did we do? We asked council employees about their eye health How did we ask

527 views • 21 slides
Fitting SVM models in Matlab mdl = fitcsvm(X,y) fit a classifier using SVM X is a

Fitting SVM models in Matlab mdl = fitcsvm(X,y) fit a classifier using SVM X is a

Fitting SVM models in Matlab mdl = fitcsvm(X,y) fit a classifier using SVM X is a matrix columns are predictor variables rows are observations y is a response vector +1/-1 for each row in X can be any set of

389 views • 13 slides
Computer Networks Kurtis Heimerl kheimerl@cs Vikram Iyer vsiyer@cs Qian (Will) Yan

Computer Networks Kurtis Heimerl kheimerl@cs Vikram Iyer vsiyer@cs Qian (Will) Yan

CSE 461: Computer Networks Kurtis Heimerl kheimerl@cs Vikram Iyer vsiyer@cs Qian (Will) Yan qiany7 @cs Chunjong (CJ) Park cjparkuw@cs Who we are ICTD Information and Communication Technology for Development Development

1.03k views • 48 slides
another pair of eyes: reviewing code well adam dangoor twitter: adamdangoor github:

another pair of eyes: reviewing code well adam dangoor twitter: adamdangoor github:

another pair of eyes: reviewing code well adam dangoor twitter: adamdangoor github: adamtheturtle Hello everyone, Im Adam. And Im going to talk about code review. why? but why code review? why? great reviews have helped

920 views • 90 slides
Plan for Quality to Improve Patient Safety at the POC SHARON S. EHRMEYER, PH.D., MT(ASCP)

Plan for Quality to Improve Patient Safety at the POC SHARON S. EHRMEYER, PH.D., MT(ASCP)

Plan for Quality to Improve Patient Safety at the POC SHARON S. EHRMEYER, PH.D., MT(ASCP) PROFESSOR, DEPARTMENT OF PATHOLOGY AND LABORATORY MEDICINE SCHOOL OF MEDICINE AND PUBLIC HEALTH MADISON, WI = Quality Meeting the requirements or needs

868 views • 51 slides
Learning objectives Distinguish system and acceptance testing How and why they

Learning objectives Distinguish system and acceptance testing How and why they

Learning objectives Distinguish system and acceptance testing How and why they differ from each other and from System, Acceptance, and Regression unit and integration testing Understand basic approaches for quantitative

321 views • 8 slides
XMRV, CFS, and the Internet: How Patient Communities Are Changing Medicine John Cmar, MD, FACP

XMRV, CFS, and the Internet: How Patient Communities Are Changing Medicine John Cmar, MD, FACP

XMRV, CFS, and the Internet: How Patient Communities Are Changing Medicine John Cmar, MD, FACP Dragon*Con 2011 disclosures disclosures liverpoolmuseums.co.uk disclaimer why this is important... agenda online patient advocacy groups

835 views • 51 slides
Categorical data Reasoning by diagrams R.W. Oldford Crossed data - tables The main data

Categorical data Reasoning by diagrams R.W. Oldford Crossed data - tables The main data

Categorical data Reasoning by diagrams R.W. Oldford Crossed data - tables The main data structure for crossed categorical data is a table . Each variate has a finite number of values (categories) city <- c ("Kitchener",

487 views • 47 slides
Slide into January Intel Chip Paint a 2" wooden square dark gray. Let dry. When the paint

Slide into January Intel Chip Paint a 2" wooden square dark gray. Let dry. When the paint

~.,...,_SI"'_ Slide into January Intel Chip Paint a 2" wooden square dark gray. Let dry. When the paint dries, paint in white "Intel". Let dry. Then attach a piece of PVC pipe to the back with hot glue. Computer Mouse Using

404 views • 12 slides
Hidden Markov Models COSI 114 Computational Linguistics James Pustejovsky February10, 2015

Hidden Markov Models COSI 114 Computational Linguistics James Pustejovsky February10, 2015

Hidden Markov Models COSI 114 Computational Linguistics James Pustejovsky February10, 2015 Brandeis University Slides thanks to David Blei Markov Models { s , s , , s } Set of states: 1 2 N Process moves from one

1.49k views • 123 slides
On to Telescopes General Astronomy: Stars & Galaxies AST CLASS Learning from light:

On to Telescopes General Astronomy: Stars & Galaxies AST CLASS Learning from light:

ASTR 1120 On to Telescopes General Astronomy: Stars & Galaxies AST CLASS Learning from light: temperature (from continuum spectrum) chemical composition (from spectral lines) velocity (from Doppler shift) ODA Detecting light:

450 views • 12 slides
Clear, Concise, Compelling: How to Present your Science to Best Effect Sinad Griffin

Clear, Concise, Compelling: How to Present your Science to Best Effect Sinad Griffin

Clear, Concise, Compelling: How to Present your Science to Best Effect Sinad Griffin (@sineatrix) Berkeley Lab/UC Berkeley Task: Open Day Talk Some high school students are visiting your university (16-18 years old). You have one minute to

904 views • 34 slides
1 Provide brief background on NepRWA, nonprofit, grassroots member / volunteer organization. Want

1 Provide brief background on NepRWA, nonprofit, grassroots member / volunteer organization. Want

1 Provide brief background on NepRWA, nonprofit, grassroots member / volunteer organization. Want the river to be clean, accessible, with native fish and wildlife and a place that families and the entire community go to spend time together, relax

418 views • 30 slides
Laziness needed. A thunk is a piece of code that performs a Laziness delayed computation. #2

Laziness needed. A thunk is a piece of code that performs a Laziness delayed computation. #2

One-Slide Summary Building an interpreter is a fundamental idea in computing. Eval and Apply are mutually recursive . The most complicated parts of meval are the handling of function abstraction (lambda) and function application. The

266 views • 7 slides

More recommend