APT attacks are prolonged and have multiple stages, and they usually utilize zero-day or one-day exploits to be penetrating and stealthy. Among all kinds of security techniques, provenance tracing is regarded as an im...APT attacks are prolonged and have multiple stages, and they usually utilize zero-day or one-day exploits to be penetrating and stealthy. Among all kinds of security techniques, provenance tracing is regarded as an important approach to attack investigation, as it discloses the root cause, the attacking path, and the results of attacks. However, existing techniques either suffer from the limitation of only focusing on the log type, or are highly susceptible to attacks, which hinder their applications in investigating APT attacks. We present CAPT, a context-aware provenance tracing system that leverages the advantages of virtualization technologies to transparently collect system events and network events out of the target machine, and processes them in the specific host which introduces no space cost to the target. CAPT utilizes the contexts of collected events to bridge the gap between them, and provides a panoramic view to the attack investigation. Our evaluation results show that CAPT achieves the effective provenance tracing to the attack cases, and it only produces 0.21 MB overhead in 8 hours. With our newly-developed technology, we keep the run-time overhead averages less than 4%.展开更多
2002年,CHOW等人根据数字版权管理(Digital Rights Management,DRM)应用场景定义了白盒攻击环境的概念,并将其模型化为一种极端的攻击模型,即白盒模型。白盒模型颠覆了以往攻击模型中对攻击者能力的诸多限制,从软件保护角度考虑,攻击者...2002年,CHOW等人根据数字版权管理(Digital Rights Management,DRM)应用场景定义了白盒攻击环境的概念,并将其模型化为一种极端的攻击模型,即白盒模型。白盒模型颠覆了以往攻击模型中对攻击者能力的诸多限制,从软件保护角度考虑,攻击者被认为拥有对目标软件及其执行的完全控制权。因此,在白盒模型中,数字版权管理系统中的设备,如智能卡、机顶盒等都存在被攻击者篡改的可能。文章基于CLEFIA算法的白盒实现方案,为数字版权管理系统提供一种软件防篡改方案。该方案将软件的二进制代码文件所解释的查找表隐藏在CLEFIA算法的白盒实现方案的查找表集合中,使软件的防篡改安全性与CLEFIA算法的白盒实现方案的加解密正确性结合在一起。一旦软件发生篡改,CLEFIA算法的白盒实现方案的加解密结果将产生错误。CLEFIA算法白盒实现方案的明密文对也将发生变化,而攻击者很难对其进行修复。展开更多
In the course of reading we can guess or infer the meaning of some new words, difficult words or keywords through the information, logic, background knowledge and language structure, etc. And it is a very useful readi...In the course of reading we can guess or infer the meaning of some new words, difficult words or keywords through the information, logic, background knowledge and language structure, etc. And it is a very useful reading skill. When obtaining this kind of skill, the readers can quickly infer the meaning of new words from the clue offered by the context or the structure characteristic of new words, therefore, to improve the reading speed and reading ability.展开更多
基金partially supported by the NSFC-General Technology Basic Research Joint Fund (U1536204)the National Key Technologies R&D Program (2014BAH41B00)+3 种基金the National Nature Science Foundation of China (61672394 61373168 61373169)the National High-tech R&D Program of China (863 Program) (2015AA016004)
文摘APT attacks are prolonged and have multiple stages, and they usually utilize zero-day or one-day exploits to be penetrating and stealthy. Among all kinds of security techniques, provenance tracing is regarded as an important approach to attack investigation, as it discloses the root cause, the attacking path, and the results of attacks. However, existing techniques either suffer from the limitation of only focusing on the log type, or are highly susceptible to attacks, which hinder their applications in investigating APT attacks. We present CAPT, a context-aware provenance tracing system that leverages the advantages of virtualization technologies to transparently collect system events and network events out of the target machine, and processes them in the specific host which introduces no space cost to the target. CAPT utilizes the contexts of collected events to bridge the gap between them, and provides a panoramic view to the attack investigation. Our evaluation results show that CAPT achieves the effective provenance tracing to the attack cases, and it only produces 0.21 MB overhead in 8 hours. With our newly-developed technology, we keep the run-time overhead averages less than 4%.
文摘2002年,CHOW等人根据数字版权管理(Digital Rights Management,DRM)应用场景定义了白盒攻击环境的概念,并将其模型化为一种极端的攻击模型,即白盒模型。白盒模型颠覆了以往攻击模型中对攻击者能力的诸多限制,从软件保护角度考虑,攻击者被认为拥有对目标软件及其执行的完全控制权。因此,在白盒模型中,数字版权管理系统中的设备,如智能卡、机顶盒等都存在被攻击者篡改的可能。文章基于CLEFIA算法的白盒实现方案,为数字版权管理系统提供一种软件防篡改方案。该方案将软件的二进制代码文件所解释的查找表隐藏在CLEFIA算法的白盒实现方案的查找表集合中,使软件的防篡改安全性与CLEFIA算法的白盒实现方案的加解密正确性结合在一起。一旦软件发生篡改,CLEFIA算法的白盒实现方案的加解密结果将产生错误。CLEFIA算法白盒实现方案的明密文对也将发生变化,而攻击者很难对其进行修复。
文摘In the course of reading we can guess or infer the meaning of some new words, difficult words or keywords through the information, logic, background knowledge and language structure, etc. And it is a very useful reading skill. When obtaining this kind of skill, the readers can quickly infer the meaning of new words from the clue offered by the context or the structure characteristic of new words, therefore, to improve the reading speed and reading ability.