The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a seriou...The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.展开更多
The paper combine cloud computing with knowledge management, and classify the knowledge management of enterprise information management system, finally the paper plan and design the overall architecture of enterprise ...The paper combine cloud computing with knowledge management, and classify the knowledge management of enterprise information management system, finally the paper plan and design the overall architecture of enterprise management information system. According to the model of cloud computing, establish the cloud computing platform based on the construction of cloud computing and virtualization technology, in order to achieve the overall architecture of the management information system of enterprise that migrate to the cloud computing enviromlaent. This paper mainly introduced in the cloud computing architecture of enterprise management information system under the environment of cloud computing and implementation of knowledge management system.展开更多
APT attacks are prolonged and have multiple stages, and they usually utilize zero-day or one-day exploits to be penetrating and stealthy. Among all kinds of security tech- niques, provenance tracing is regarded as an ...APT attacks are prolonged and have multiple stages, and they usually utilize zero-day or one-day exploits to be penetrating and stealthy. Among all kinds of security tech- niques, provenance tracing is regarded as an important approach to attack investigation, as it discloses the root cause, the attacking path, and the results of attacks. However, existing techniques either suffer from the limitation of only focusing on the log type, or are high- ly susceptible to attacks, which hinder their applications in investigating APT attacks. We present CAPT, a context-aware provenance tracing system that leverages the advantages of virtualization technologies to transparently collect system events and network events out of the target machine, and processes them in the specific host which introduces no space cost to the target. CAPT utilizes the contexts of collected events to bridge the gap between them, and provides a panoramic view to the attack investigation. Our evaluation results show that CAPT achieves the efi'ective prov- enance tracing to the attack cases, and it only produces 0.21 MB overhead in 8 hours. With our newly-developed technology, we keep the run-time overhead averages less than 4%.展开更多
Kernel hooks are very important con- trol data in OS kernel. Once these data are com- promised by attackers, they can change the control flow of OS kemel's execution. Previ- ous solutions suffer from limitations in t...Kernel hooks are very important con- trol data in OS kernel. Once these data are com- promised by attackers, they can change the control flow of OS kemel's execution. Previ- ous solutions suffer from limitations in that: 1) some methods require modifying the source code of OS kernel and kernel modules, which is less practical for wide deployment; 2) other methods cannot well protect the kernel hooks and function return addresses inside kernel mo- dules whose memory locations cannot be pre- determined. To address these problems, we propose OPKH, an on-the-fly hook protection system based on the virtualization technology. Compared with previous solutions, OPKH off- ers the protected OS a fully transparent envi- ronment and an easy deployment. In general, the working procedure of OPKH can be di- vided into two steps. First, we utilise the me- mory virtualization for offiine profiling so that the dynamic hooks can be identified. Second, we exploit the online patching technique to in- strument the hooks for run-time protection. The experiments show that our system can pro- tect the dynamic hooks effectively with mini- mal performance overhead.展开更多
Heap overflow attack is one of the major memory corruption attacks that have become prevalent for decades. To defeat this attack,many protection methods are proposed in recent years. However,most of these existing met...Heap overflow attack is one of the major memory corruption attacks that have become prevalent for decades. To defeat this attack,many protection methods are proposed in recent years. However,most of these existing methods focus on user-level heap overflow detection. Only a few methods are proposed for kernel heap protection. Moreover,all these kernel protection methods need modifying the existing OS kernel so that they may not be adopted in practice. To address this problem,we propose a lightweight virtualization-based solution that can protect the kernel heap buffers allocated for the target kernel modules. The key idea of our approach is to combine the static binary analysis and virtualization technology to trap a memory allocation operation of the target kernel module,and then add one secure canary word to the end of the allocated buffer. After that,a monitor process is launched to check the integrity of the canaries. The evaluations show that our system can detect kernel heap overflow attacks effectively with minimal performance cost.展开更多
基金supported in part by the following grants:National Science Foundation of China(Grant No.61272400)Chongqing Innovative Team Fund for College Development Project(Grant No.KJTD201310)+3 种基金Chongqing Youth Innovative Talent Project(Grant No.cstc2013kjrc-qnrc40004)Science and Technology Research Program of the Chongqing Municipal Education Committee(Grant No.KJ1500425)Foundation of CQUPT(Grant No.WF201403)Chongqing Graduate Research and Innovation Project(Grant No.CYS14146)
文摘The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.
文摘The paper combine cloud computing with knowledge management, and classify the knowledge management of enterprise information management system, finally the paper plan and design the overall architecture of enterprise management information system. According to the model of cloud computing, establish the cloud computing platform based on the construction of cloud computing and virtualization technology, in order to achieve the overall architecture of the management information system of enterprise that migrate to the cloud computing enviromlaent. This paper mainly introduced in the cloud computing architecture of enterprise management information system under the environment of cloud computing and implementation of knowledge management system.
基金partially supported by the NSFC-General Technology Basic Research Joint Fund (U1536204)the National Key Technologies R&D Program (2014BAH41B00)+3 种基金the National Nature Science Foundation of China (61672394 61373168 61373169)the National High-tech R&D Program of China (863 Program) (2015AA016004)
文摘APT attacks are prolonged and have multiple stages, and they usually utilize zero-day or one-day exploits to be penetrating and stealthy. Among all kinds of security tech- niques, provenance tracing is regarded as an important approach to attack investigation, as it discloses the root cause, the attacking path, and the results of attacks. However, existing techniques either suffer from the limitation of only focusing on the log type, or are high- ly susceptible to attacks, which hinder their applications in investigating APT attacks. We present CAPT, a context-aware provenance tracing system that leverages the advantages of virtualization technologies to transparently collect system events and network events out of the target machine, and processes them in the specific host which introduces no space cost to the target. CAPT utilizes the contexts of collected events to bridge the gap between them, and provides a panoramic view to the attack investigation. Our evaluation results show that CAPT achieves the efi'ective prov- enance tracing to the attack cases, and it only produces 0.21 MB overhead in 8 hours. With our newly-developed technology, we keep the run-time overhead averages less than 4%.
基金supported in part by the National High Technology Research and Development Program of China(863 Program)under Grant No.2009AA01Z433the Project of National Ministry under Grant No.A21201-10006the Open Foundation of State Key Laboratory of Information Security(Institute of Information Engineering,Chinese Academy of Sciences)under Grant No.2013-4-1
文摘Kernel hooks are very important con- trol data in OS kernel. Once these data are com- promised by attackers, they can change the control flow of OS kemel's execution. Previ- ous solutions suffer from limitations in that: 1) some methods require modifying the source code of OS kernel and kernel modules, which is less practical for wide deployment; 2) other methods cannot well protect the kernel hooks and function return addresses inside kernel mo- dules whose memory locations cannot be pre- determined. To address these problems, we propose OPKH, an on-the-fly hook protection system based on the virtualization technology. Compared with previous solutions, OPKH off- ers the protected OS a fully transparent envi- ronment and an easy deployment. In general, the working procedure of OPKH can be di- vided into two steps. First, we utilise the me- mory virtualization for offiine profiling so that the dynamic hooks can be identified. Second, we exploit the online patching technique to in- strument the hooks for run-time protection. The experiments show that our system can pro- tect the dynamic hooks effectively with mini- mal performance overhead.
基金supported in part by National Natural Science Foundation of China (NSFC) under Grant No.61602035the National Key Research and Development Program of China under Grant No.2016YFB0800700+1 种基金the Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information SecurityOpen Found of Key Laboratory of IOT Application Technology of Universities in Yunnan Province under Grant No.2015IOT03
文摘Heap overflow attack is one of the major memory corruption attacks that have become prevalent for decades. To defeat this attack,many protection methods are proposed in recent years. However,most of these existing methods focus on user-level heap overflow detection. Only a few methods are proposed for kernel heap protection. Moreover,all these kernel protection methods need modifying the existing OS kernel so that they may not be adopted in practice. To address this problem,we propose a lightweight virtualization-based solution that can protect the kernel heap buffers allocated for the target kernel modules. The key idea of our approach is to combine the static binary analysis and virtualization technology to trap a memory allocation operation of the target kernel module,and then add one secure canary word to the end of the allocated buffer. After that,a monitor process is launched to check the integrity of the canaries. The evaluations show that our system can detect kernel heap overflow attacks effectively with minimal performance cost.
