Hardware-assisted trusted execution environments are secure isolation technologies that have been engineered to serve as efficient defense mechanisms provide a security boundary at the system level. Hardware vendors introduced variety of hardware-assisted including ARM TrustZone, Intel Management Engine, and AMD Platform Security Processor. Recently, Software Guard eXtensions (SGX) Memory Encryption Technology introduced. To best our knowledge, this paper presents first comparison study...

With the rapid proliferation of malware attacks on Internet, understanding these malicious behaviors plays a critical role in crafting effective defense. Advanced analysis relies virtualization or emulation technology to run samples confined environment, and analyze activities by instrumenting code execution. However, virtual machines emulators inevitably create artifacts execution making approaches vulnerable detection subversion. In this paper, we present MALT, debugging framework that...

Virtual Machine Introspection (VMI) systems have been widely adopted for malware detection and analysis. VMI use hypervisor technology system introspection to expose malicious activity. However, recent can detect the presence of virtualization or corrupt state thus avoiding detection. We introduce SPECTRE, a hardware-assisted dependability framework that leverages System Management Mode (SMM) inspect system. Contrary VMI, our trusted code base is limited BIOS SMM implementations. SPECTRE...

The advent of cloud computing and inexpensive multi-core desktop architectures has led to the widespread adoption virtualization technologies. Furthermore, security researchers embraced virtual machine monitors (VMMs) as a new mechanism guarantee deep isolation untrusted software components, which, coupled with their popularity, promoted VMMs prime target for exploitation. In this paper, we present HyperCheck, hardware-assisted tampering detection framework designed protect integrity...

Hardware-assisted Isolated Execution Environments (HIEEs) have been widely adopted to build effective and efficient defensive tools for securing systems. Hardware vendors introduced a variety of HIEEs including system management mode, Intel engine, ARM TrustZone, software guard extensions. This SoK paper presents comprehensive study existing compares their features from the security perspective. Additionally, we explore both offensive use scenarios discuss attacks against HIEE-based Overall,...

Processors nowadays are consistently equipped with debugging features to facilitate the program analysis. Specifically, ARM architecture involves a series of CoreSight components and debug registers aid system debugging, group authentication signals designed restrict usage these registers. Meantime, security is under-examined since it normally requires physical access use in traditional model. However, introduces new model that no ARMv7, which exacerbates our concern on features. In this...

The operating system kernel is often the security foundation for whole system. To prevent attacks, control-flow integrity (CFI) has been proposed to ensure that any control transfer during program's execution never deviates from its graph (CFG). Existing CFI solutions either work in user space or are coarse-grained; thus they cannot be readily deployed kernels vulnerable state-of-the-art attacks. In this paper, we present Fine-CFI, a enforces fine-grained kernels. Unlike previous systems,...

Mobile devices are prevalently used for processing personal private data and sometimes collecting evidence of social injustice or political oppression. The device owners may always feel reluctant to expose this type undesired observers inspectors. This usually can be achieved by encryption. However, the traditional encryption not work when an adversary is able coerce into revealing their encrypted content. Plausibly Deniable Encryption (PDE) thus designed protect sensitive against powerful...

Intrusion detection is an important defensive measure for automotive communications security. Accurate frame models assist vehicles to avoid malicious attacks. Uncertainty and diversity regarding attack methods make this task challenging. However, the existing works have limitation of only considering local features or weak feature mapping multifeatures. To address these limitations, we present a novel model intrusion by spatial–temporal correlation (STC) in-vehicle communication traffic...

A wide range of Arm endpoints leverage integrated and discrete GPUs to accelerate computation such as image processing numerical applications. However, in spite these important use cases, GPU security has yet be scrutinized by the community. By exploiting vulnerabilities kernel, attackers can directly access sensitive data used during computing, personally-identifiable computer vision tasks. Existing work Trusted Execution Environments (TEEs) address concerns on Intel-based platforms, while...

Being able to inspect and analyze the operational state of commodity machines is crucial for modern digital forensics. Indeed, volatile system including memory data CPU registers contain information that cannot be directly inferred or reconstructed by acquiring contents nonvolatile storage. Unfortunately, it still remains an open problem how reliably consistently retrieve machine without disrupting its operation. In this paper, we propose leverage commercial PCI network cards current x86...

Malware authors are abusing packers (or runtime-based obfuscators) to protect malicious apps from being analyzed. Although many unpacking tools have been proposed, they can be easily impeded by the anti-analysis methods adopted packers, and fail effectively collect hidden Dex data due evolving protection strategies of packers. Consequently, packing behaviors unknown analysts packed malware circumvent inspection. To fill gap, in this paper, we propose a novel hardware-assisted approach that...

A Trusted Execution Environment (TEE) provides an isolated environment for sensitive workloads. However, the code running in TEE may contain vulnerabilities that could be exploited by attackers and further leveraged to corrupt TEE. The increasing buggy inside concerns security of entire In this position paper, we present challenges towards securing trusted execution environments potential mitigation.

The Remote Sensing Image Change Captioning (RSICC) has recently emerged in the field of remote sensing image interpretation; it aims to automatically predict natural language captions significant semantic changes bi-temporal images. Recent studies RSICC have improved accuracy change images a large extent. Nevertheless, there still remain challenges multi-scale perception ground objects and feature enhancement To address these further improve RSICC, novel deep learning–based end-to-end...

The recent edge computing infrastructure introduces a new model that works as complement of the traditional cloud computing. nodes in reduce network latency and increase data privacy by offloading sensitive computation from to edge. Recent research focuses on applications performance computing, but less attention is paid security this paradigm. Inspired move hardware vendors introducing hardware-assisted Trusted Execution Environment (TEE), we believe applying these TEEs would be natural...

The increasing growth of cybercrimes targeting mobile devices urges an efficient malware analysis platform. With the emergence evasive malware, which is capable detecting that it being analyzed in virtualized environments, bare-metal has become definitive resort. Existing works mainly focus on extracting malicious behaviors exposed during analysis. However, after analysis, equally important to quickly restore system a clean state examine next sample. Unfortunately, state-of-the-art solutions...

We introduce MobiCeal, the first practical Plausibly Deniable Encryption (PDE) system for mobile devices that can defend against strong coercive multi-snapshot adversaries, who may examine storage medium of a user's device at different points time and force user to decrypt data. MobiCeal relies on "dummy write" obfuscate differences between multiple snapshots due existence hidden By incorporating PDE in block layer, supports broad deployment any block-based file systems devices. More...

The rapidly increasing connectedness of modern vehicles leads to new security challenges for intelligent connected (ICVs), where some potential attackers can achieve unauthorized access gain control the vehicle by injecting malicious information into in-vehicle electronic units (ECUs). Therefore, in this paper, a secure attribute-isolated communication architecture an ICV, which introduces attributes ECUs authorized among ECU nodes is proposed. First, analysis functional all environment and...