A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Rice, Erich
- Mitigating Virtual Machine Denial of Service Attacks from Mobile APPS
Authors
1 Saint Cloud State University, US
Source
Journal of Network and Information Security, Vol 3, No 2 (2015), Pagination: 21-31Abstract
With the advances in cloud computing and the use of virtualisation, the complexity of computing systems had never been greater. Due to this greater complexity securing these systems have also become more complex and difficult, especially given the ease with which hackers can bring to bear Denial of Service (DoS) attacks. Luckily, advances in technology have also provided the means of administering these complex computing systems through the use of mobile devices, such as with an Android OS based smartphone. In this paper we provide an option for managing the eradication of rogue processes created through DoS attacks by way of a mobile device application or app. Through the use of this mobile app built on the Android platform a system administrator would be alerted to a potential security incident and be given the tools to kill a rogue process without having to be onsite or initiate a terminal session through secure shell or another terminal program. This type of option could be very appealing to small or mid-sized enterprises which cannot afford the cost of having personnel staffed onsite 24 hours a day, seven days a week. The mobile app was built with security in mind and would provide a system administrator a quicker and more direct ability to curtail DoS attacks before they caused greater harm.Keywords
Denial of Service (DoS), Mobile APPS, Android, Rogue Processes.- Design, Implementation and Performance Analysis of a Distributed Key Encryption System Deployed within a Public Cloud
Authors
1 Saint Cloud State University, US
Source
Journal of Network and Information Security, Vol 4, No 1 (2016), Pagination: 1-16Abstract
The advent of cloud computing has decreased the cost of enterprise level system design and implementation, while at the same time increasing the need for a sound and secure strategy for security. While the use of encryption algorithms continues to be the main line of defense in performing secure data transmissions, the use of a Cloud Computing environment offers both advantages and disadvantages in the encryption process. Though the new series of encryption algorithms are quite robust, they require a "key" to make their use unique for an individual session, thus if the key is compromised then the underlying encryption algorithm can be broken. In a classically designed system, the entire cryptographic key is contained on one node within the network, if this node is compromised even though robustly protected, then the entire network would be at risk.
The flip side to the potential breaking in dilemma outlined above is perhaps an even scarier option, one in which the node on which the key is kept is corrupted either through malicious intent, unintended mishap, or simple system failure. This scenario opens up the possibility that the key is unrecoverable, in which case the data that has been encrypted with the cryptographic key may be rendered unrecoverable as well.
This paper analyzed how a distributed key system, broken up over varying numbers of multiple nodal instances, and distributed across the Amazon Web Services (AWS) Cloud reacted and performed their intended task of authenticating a web service. Different numbers of nodes were evaluated and timing was recorded to assure that latency did not exceed the specified level of three seconds, where e-commerce or other Web based activities would be negatively impacted. As additional numbers of nodes were added to the system the latency increased. Also, as nodes were taken offline the latency also increased, as there were fewer options of key nodes that could reply to the system to replicate the key. And finally, when more than the required nodes were taken offline the system failed to authenticate the Client.
Keywords
Distributed Systems, Cloud Computing, Key Management, Fault Tolerance.- Security Vulnerabilities of Registers in LINUX Hosts:Buffer Overflow and Service Disruption Concerns
Authors
1 Department of Information Systems, St. Cloud State University, St. Cloud, Minnesota, US
2 Department of Information Assurance, St. Cloud State University, St. Cloud, Minnesota, US
Source
International Journal of Distributed and Cloud Computing, Vol 4, No 2 (2016), Pagination: 31-41Abstract
Security has become extremely important in the information technology field. Often times the most important resource a company has is the data that it has diligently gathered, the loss or deletion of which could cause the failure of the organization. With the advent of Cloud Computing and the use of shared or Colo (colocation) hardware this has become of even greater concern to organizations. This paper looks at ways in which the LINUX operating system and various software tools can be utilized to shed light on potential vulnerabilities, especially how memory is stored at the base layers of the operating system. The main focus is on the registers, and how certain LINUX based tools such as a debugger can be used to determine where memory resides and how it could potentially be attacked, changed, or deleted. Also, the paper discusses how these various techniques and utilities could be used to provide IT professionals with a better understanding of how these attacks could occur as well as the level of sophistication needed to deal with and prevent them.
Keywords
Cloud Computing, LINUX, Registers, Security, Virtualization.References
- Abdul, R., Guster, D., & Schmidt, M. (2017). Application level memory management strategies via the “garbage collector: Performance and security ramifications. This paper is to be presented at the 2017 Midwest Instructional Computing Symposium.
- Aldrich, J. (2013). Why Objects are Inevitable, Onward! Proceedings of the 2013 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software, (pp.101-116).
- Aleph One. (2016). Smashing the Stack for Fun and Profit. Retrieved from http://insecure.org/stf/ smashstack.html.
- Avijit, K., Gupta, P., & Gupta, D. (2004). TIED, libsafeplus: Tools for runtime buffer overflow protection. Proceedings of the 13th Conference on USENIX Security Symposium, (pp.4-4), August 09-13, 2004, San Diego, CA.
- Buchanan, E., Roemer, R., Shacham, H., & Savage, S. (2008). When good instructions go bad: Generalizing return-oriented programming to RISC. Proceedings of the 15th ACM Conference on Computer and Communications Security (pp. 27-38). doi:10.1145/1455770.1455776. ISBN 978-1-59593-810-7.
- Callum, C.,Singer, J., & Vengerov, D. (2015). The judgement of Forseti: Economic utility for dynamic heap sizing of multiple runtimes. ISMM: Proceedings of the 2015 International Symposium on Memory Management, (pp. 143-156).
- Chen, H., Mao, Y., Wang, X., Zhou, D., Zeldovich, N., & Kaashoek, M. F. (2011). Linux kernel vulnerabilities: State-of-the-art defenses and open problems. Proceedings of the 2nd Asia-Pacific Workshop on Systems, July, 11-12, Shanghai, China.
- Criswell, J., Geoffray, N., & Vikram, A. (2009). Memory Safety for low-level Software/Hardware Interactions. Proceedings of the 18th Conference on USENIX Security Symposium, (pp.83-100), Montreal, Canada.
- CVE. (2016). Retrieved from https://www.cvedetails. com/vulnerability-list/vendor_id-33/product_ id- 47/cvssscoremin-7/cvssscoremax-7.99/LinuxLinux-Kernel.html.
- Eazynotes. (2016). Retrieved from http://www.eazynotes.com/pages/computer-system-architecture/computerregisters.html.
- Ferreira, K. B., Pedretti, K., Bridges, P. G., Brightwell, R., Fiala, D., & Mueller, F. (2012). Evaluating operating system vulnerability to memory errors. ROSS 2012: Proceedings of the 2nd International Workshop on Runtime and Operating Systems for Supercomputers [Workshop Papers].
- Francillon, A., Perito, D., & Castelluccia, C. (2009). Defending embedded systems against control flow attacks. In Proceedings of SecuCode 2009, S. Lachmund and C. Schaefer, Eds. ACM Press, pp. 19-26.
- Genkin, D., Pachmanov, L., Pipman, I., Shamir, A., & Tromer, E. (2016). Physical Key Extraction Attacks on PCs. Communications of the ACM, 59(6), 70-79.
- Guimaraes, J. (1995). The object oriented model and its advantages. ACM SIGPLAN OOPS Messenger, 6(1), 40-49.
- Lee, J., Ham, H., Kim, I. & Song, J. (2015). Poster: Page table manipulation attack. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, (pp. 1644-1646).
- Levy, S., Ferreira, K. B., Bridges, P. G., Thompson, A. P., & Trott, C. (2015). A study of the viability of exploiting memory content similarity to improve resilience to memory errors. International Journal of High Performance Computing Applications, 29(1), 5-20.
- Li, J., Wang, Z., Jiang, X., Grace, M., & Bahram, S. (2010). Defeating return- Oriented ischolar_mainkits with “return-less” kernels. In Proceedings of EuroSys, G. Muller, Ed. ACM Press, (pp. 195-208).
- Pappas, V. (2012). kBouncer: Efficient and Transparent ROP Mitigation. Retrieved from http://www.cs.columbia.edu/~vpappas/papers/kbouncer.pdf.
- Petsios, T., Kemerlis, V. P., Polychronakis, M., & Keromytis, A. D. (2015). Dyna guard: Armoring canary-based protections against brute-force attacks. Proceedings of the 31st Annual Computer Security Applications Conference, December 07-11, 2015, Los Angeles, CA, USA. [doi>10.1145/2818000.28 18031].
- Project Zero. (2015). Retrieved from https://googleprojectzero. blogspot.com/2015/06/what-is-good-memorycorruption.html.
- Riley, R., Jiang, X., & Xu, D. (2008). Guest-transparent prevention of kernel ischolar_mainkits with VMM-based memory shadowing. Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, September, (pp.15-17), Cambridge, MA, USA. [doi>10.1007/978-3-540-87403-4_1].
- Stack Exchange. (2017). Buffer overflow and register contents. Retrieved from http://security.stackexchange.com/questions/89139/buffer-overflow-and-register-contents.
- Stack Overflow. (2016). Retrieved from http://stackoverflow.com/questions/21761185/is-there-a-differencebetweensudo-mode-and-kernel-mode.
- Xiao, J., Huang, H., & Wang, H. (2010). Kernel Data Attack is a Realistic Security Threat. Security and Privacy in Communication Networks Volume 164 of the series Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, (pp. 135-154).
- Xu, W. (2015). From Collision to Exploitation: Unleashing use-after-free vulnerabilities in Linux Kernel.
- Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, (pp.
- -425).
- Zhou, Z., Reiter, M. K., & Zhang, Y. (2016). A Software Approach to Defeating Side Channels in Last-level Caches.arXiv preprint arXiv:1603.05615.