Search

Your search keyword '"Neng Gao"' showing total 7 results
Start Over Author "Neng Gao" Publisher acm
7 results on '"Neng Gao"'

3. System Service Call-oriented Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation

Author

Kai Chen, Chen Cao, Peng Liu, Xinyu Xing, Qiang Zeng, Min Yang, Lannan Luo, Neng Gao, Limin Liu, and Jian Liu

Subjects
0301 basic medicine, Exploit, Computer science, Vulnerability, 020207 software engineering, 02 engineering and technology, Symbolic execution, Computer security, computer.software_genre, 03 medical and health sciences, System service, 030104 developmental biology, 0202 electrical engineering, electronic engineering, information engineering, Android application, Android (operating system), computer, Concolic execution, Vulnerability discovery
Abstract

Android Application Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most of the existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. In particular, to our knowledge, there is no previous work that analyzes the framework through symbolic execution, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to some unique characteristics of the framework, such as its middleware nature and extraordinary complexity, many new challenges arise and are tackled in Centaur. In addition, we demonstrate how the system can be applied to discovering new vulnerability instances, which can be exploited by several recently uncovered attacks against the framework, and to generating PoC exploits.

Published
2017
Full Text
View/download PDF

4. Leakage Fingerprints

Author

Ma Yuan, Neng Gao, Jian Zhou, Yuan Zhao, Chenyang Tu, and Zeyi Liu

Subjects
Countermeasure, Computer engineering, Shuffling, Software security assurance, Computer science, Real-time computing, 0202 electrical engineering, electronic engineering, information engineering, Vulnerability, Entropy (information theory), 020201 artificial intelligence & image processing, 02 engineering and technology, Side channel attack, 020202 computer hardware & architecture
Abstract

Low-entropy masking schemes and shuffling technique are two common countermeasures against traditional side-channel analysis. Improved Rotating S-box Masking (RSM) is a combination of both countermeasures and is implemented by DPA contest committee to improve the software security level of AES-128. Compared with the original version, improved RSM mainly introduces both the offset and shuffle array as security foundations to counteract the existing attacks. In this paper, we first point out a general vulnerability referred to as "leakage fingerprints" and make use of it to successfully crack the offset array with 100% accuracy, which breaks down the masking countermeasure in the first step. Then, we show that cracking the shuffle array is still feasible but not necessary since several other vulnerabilities in the implementation level can be exploited to bypass the shuffle countermeasure directly. By selectively combining all these vulnerabilities, a dozen of attacks can be put forward, and we perform two of them as examples to verify their effectiveness. Official evaluation results show that, both attacks submitted by us are practical and feasible, and also operate with high efficiency. In terms of two major performance metrics, our best scheme requires 4 traces to reveal the AES master key with 80% Global Success Rate (GSR) and only 2 traces are enough to reduce the Maximum Partial Guessing Entropy (PGE) under 10.

Published
2016
Full Text
View/download PDF

5. Towards Analyzing the Input Validation Vulnerabilities associated with Android System Services

Author

Chen Cao, Neng Gao, Ji Xiang, and Peng Liu

Subjects
Computer science, business.industry, Data validation, Attack surface, Computer security, computer.software_genre, Web application security, System service, Android security, Vulnerability assessment, Vulnerability scanner, Android (operating system), business, computer
Abstract

Although the input validation vulnerabilities play a critical role in web application security, such vulnerabilities are so far largely neglected in the Android security research community. We found that due to the unique Framework Code layer, Android devices do need specific input validation vulnerability analysis in system services. In this work, we take the first steps to analyze Android specific input validation vulnerabilities. In particular, a) we take the first steps towards measuring the corresponding attack surface and reporting the current input validation status of Android system services. b) We developed a new input validation vulnerability scanner for Android devices. This tool fuzzes all the Android system services by sending requests with malformed arguments to them. Through comprehensive evaluation of Android system with over 90 system services and over 1,900 system service methods, we identified 16 vulnerabilities in Android system services. We have reported all the issues to Google and Google has confirmed them.

Published
2015
Full Text
View/download PDF

6. Remotely wiping sensitive data on stolen smartphones

Author

Neng Gao, Jiwu Jing, Wen Tao Zhu, Xingjie Yu, Zhan Wang, and Kun Sun

Subjects
Subscriber identity module, Password, business.product_category, Computer science, business.industry, Internet privacy, Service provider, Computer security, computer.software_genre, law.invention, Credit card, Information sensitivity, law, Cellular network, Internet access, business, computer
Abstract

Smartphones are playing an increasingly important role in personal life and carrying massive private data. Unfortunately, once the smartphones are stolen, all the sensitive information, such as contacts, messages, photos, credit card information and passwords, may fall into the hands of malicious people. In order to protect the private data, remote deletion mechanism is required to allow owners to wipe the sensitive data on the stolen phone remotely. Existing remote deletion techniques rely on the availability of either WiFi for Internet connection or SIM card for cellular network connection; however, these requirements may not be satisfied when the phones are stolen by some sophisticated adversaries. In this paper, we propose a new remote deletion mechanism that allows the phone owner to delete the private data remotely even if the WiFi is disabled and the SIM card is unplugged. The basic idea is to use emergency call mechanisms to establish a communication connection with a service provider to verify the state of the phone and perform remote deletion. We present a case study of our mechanism with the Universal Mobile Telecommunications System (UMTS) network.

Published
2014
Full Text
View/download PDF

7. ARECA

Author

Ji Xiang, Dengguo Feng, Jingqiang Lin, Jiwu Jing, Peng Liu, and Neng Gao

Subjects
biology, business.industry, Computer science, Internet privacy, Cryptography, Public key infrastructure, Computer security, computer.software_genre, biology.organism_classification, Public-key cryptography, Digital signature, Certificate authority, Key (cryptography), Intrusion tolerance, business, computer, Areca
Abstract

Certification Authorities (CA) are a critical component of a PKI. All the certificates issued by a CA will become invalid when the (signing) private key of the CA is compromised. Hence it is a very important issue to protect the private key of an online CA. ARECA systems, built on top of threshold cryptography, ensure the security of a CA through a series of defense-in-depth protections. ARECA systems won't be compromised when a few system components are compromised or some system administrators betray. The private key of a CA is protected by distributing different shares of the key to different (signing) components and by ensuring that any component of the CA is unable to reconstruct the private key. In addition, the multi-layer system architecture of ARECA makes it very difficult to attack from outside. Several threshold-cryptography-based methods are proposed in the literature to construct an intrusion tolerant CA, and the uniqueness of ARECA is that it engineers a novel two phase signature composition scheme and a multi-layer CA protection architecture. As a result, ARECA is (a) practical, (b) highly resilient to both insider and outsider attacks that compromise one or more components, and (c) can prevent a variety of outside attacks.

Published
2003
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results