Binary Codes for Enhancing the Most Significant Bit-Based Selective Encryption

Kafi, Mehrshad

January 2022

Selective encryption (SE) methods for images often encrypt the sign bits, i.e., the most significant bits (MSBs) of the codewords corresponding to key syntax elements (in compressed images) or to pixel intensities (for uncompressed images). Our work is motivated by the key observation that the binary code (BC) used for these representations has an impact on the quality of the reconstruction at the eavesdropper (Eve), which can be regarded as a measure of the degree of security of the encryption (the lower the quality, the higher the level of security). Therefore, we address the design of BCs that enhance the security of MSB-based SE by increasing the degradation at Eve’s side when she uses a simple replacement attack (replacing all MSBs either by 0s or by 1s). We first consider the scenario of fixed-length BCs, i.e., where all the codewords have the same length. We formulate the design problem as an optimization problem with the objective of maximizing the distortion at Eve’s without any constraint or with a constraint on the entropy of the MSBs in order to shorten the size of the MSB stream to reduce the computational overhead of encryption. We show that the problem can be cast as a binary integer linear program equivalent to a weighted non-bipartite graph matching problem, for which polynomial-time solution algorithms exist. We empirically assess the performance of the optimized BCs on a Mixed Gaussian source, as well as on Gaussian and Laplacian sources, the latter two being commonly used to model the distribution of transform coefficients and prediction residuals. Our experiments lead to the conclusion that MSB-based SE schemes could benefit from the proposed BC designs. For the case of uncompressed images, we also propose a family of structured BCs for the pixel intensity values. These BCs are constructed such that intensity values that are close have reconstructions that are far apart. As a result, the reconstruction with the replacement attack significantly destroys the smooth areas and blurs the edges, therefore increasing the degree of security. Next, we focus on the construction of variable-length BCs for the non-zero quantized AC coefficients in JPEG compressed images. For this, we first formulate the BC design problem as the problem of maximizing the distortion at Eve’s side with a constraint on the entropy. This problem can also be cast as a weighted non-bipartite graph matching problem and, therefore, can be solved efficiently. Furthermore, by gaining insights from the optimization results, a simpler and faster method for BC design is devised, which consists of only swapping a few codewords in the original code used in JPEG. We assess the practical performance of the proposed BCs for the SE method of JPEG images that encrypts only the MSBs of the non-zero quantized AC coefficients, along with the full encryption of the DC coefficients. Our experimental results show that high visual security can be achieved with only a small sacrifice in compression efficiency. In addition, the proposed BCs can be tuned to achieve various levels of degradation at Eve’s side, a property that is convenient for certain applications. / Thesis / Doctor of Philosophy (PhD)

Análise dos caminhos de execução de programas para a paralelização automática de códigos binários para a plataforma Intel x86 / Analysis of the execution paths of programs to perform automatic parallelization of binary codes on the platform Intel x86

Eberle, André Mantini

06 October 2015

Aplicações têm tradicionalmente utilizado o paradigma de programação sequencial. Com a recente expansão da computação paralela, em particular os processadores multinúcleo e ambientes distribuídos, esse paradigma tornou-se um obstáculo para a utilização dos recursos disponíveis nesses sistemas, uma vez que a maior parte das aplicações tornam-se restrita à execução sobre um único núcleo de processamento. Nesse sentido, este trabalho de mestrado introduz uma abordagem para paralelizar programas sequenciais de forma automática e transparente, diretamente sobre o código-binário, de forma a melhor utilizar os recursos disponíveis em computadores multinúcleo. A abordagem consiste na desmontagem (disassembly) de aplicações Intel x86 e sua posterior tradução para uma linguagem intermediária. Em seguida, são produzidos grafos de fluxo e dependências, os quais são utilizados como base para o particionamento das aplicações em unidades paralelas. Por fim, a aplicação é remontada (assembly) e traduzida novamente para a arquitetura original. Essa abordagem permite a paralelização de aplicações sem a necessidade de esforço suplementar por parte de desenvolvedores e usuários. / Traditionally, computer programs have been developed using the sequential programming paradigm. With the advent of parallel computing systems, such as multi-core processors and distributed environments, the sequential paradigm became a barrier to the utilization of the available resources, since the program is restricted to a single processing unit. To address this issue, we introduce a transparent automatic parallelization methodology using a binary rewriter. The steps involved in our approach are: the disassembly of an Intel x86 application, transforming it into an intermediary language; analysis of this intermediary code to obtain flow and dependency graphs; partitioning of the application into parallel units, using the obtained graphs and posterior reassembly of the application, writing it back to the original Intel x86 architecture. By transforming the compiled application software, we aim at obtaining a program which can explore the parallel resources, with no extra effort required either from users or developers.

Análise de dependências

Automatic parallelization

Binary code

Binary rewriter

Código-binário

Dependency analysis

Intel x86 platform

Paralelização automática

Plataforma Intel x86

Análise dos caminhos de execução de programas para a paralelização automática de códigos binários para a plataforma Intel x86 / Analysis of the execution paths of programs to perform automatic parallelization of binary codes on the platform Intel x86

André Mantini Eberle

06 October 2015

Aplicações têm tradicionalmente utilizado o paradigma de programação sequencial. Com a recente expansão da computação paralela, em particular os processadores multinúcleo e ambientes distribuídos, esse paradigma tornou-se um obstáculo para a utilização dos recursos disponíveis nesses sistemas, uma vez que a maior parte das aplicações tornam-se restrita à execução sobre um único núcleo de processamento. Nesse sentido, este trabalho de mestrado introduz uma abordagem para paralelizar programas sequenciais de forma automática e transparente, diretamente sobre o código-binário, de forma a melhor utilizar os recursos disponíveis em computadores multinúcleo. A abordagem consiste na desmontagem (disassembly) de aplicações Intel x86 e sua posterior tradução para uma linguagem intermediária. Em seguida, são produzidos grafos de fluxo e dependências, os quais são utilizados como base para o particionamento das aplicações em unidades paralelas. Por fim, a aplicação é remontada (assembly) e traduzida novamente para a arquitetura original. Essa abordagem permite a paralelização de aplicações sem a necessidade de esforço suplementar por parte de desenvolvedores e usuários. / Traditionally, computer programs have been developed using the sequential programming paradigm. With the advent of parallel computing systems, such as multi-core processors and distributed environments, the sequential paradigm became a barrier to the utilization of the available resources, since the program is restricted to a single processing unit. To address this issue, we introduce a transparent automatic parallelization methodology using a binary rewriter. The steps involved in our approach are: the disassembly of an Intel x86 application, transforming it into an intermediary language; analysis of this intermediary code to obtain flow and dependency graphs; partitioning of the application into parallel units, using the obtained graphs and posterior reassembly of the application, writing it back to the original Intel x86 architecture. By transforming the compiled application software, we aim at obtaining a program which can explore the parallel resources, with no extra effort required either from users or developers.

Análise de dependências

Código-binário

Paralelização automática

Plataforma Intel x86

Automatic parallelization

Binary code

Binary rewriter

Dependency analysis

Intel x86 platform

From Ancients to Dust... : Through Veneration and Condemnation: Exploring of the role of Cultural Heritage and Iconoclasm

Åkerlund, Simon

January 2017

This essay attempts to discover a correlation between a perceived veneration of an inherent value of the cultural heritage which is enlightened in the face of the iconoclastic acts of IS (Islamic State). Firstly, the essay establishes how UNESCO could be perceived as a Social System which educates its central binary codes through communication. The codes central to the System are cultural preservation and cultural destruction. Through examining the official documents of the System and analysing their content through Content Analysis, the essay delineates how an inherent value is manifested in cultural heritage. Further it examines whether the System is successful in communicating and implementing its positive binary code into its surrounding environment. The conclusions are that the System aspires to connect what it deems an “outstanding universal value” with an inherent value of democratic human rights. It is also concluded that the System is successful in implementing its positive core binary code into its environment. However, there are indications that this efficiency could dramatically decrease in the future, thereby rendering the System’s value as an ideological standpoint less valuable in the face of theologically motivated iconoclasms.

Systems Theory

Binary Code

Iconoclasm

IS

UNESCO

Inherent value

Human rights

Outstanding Universal Value

Critical Discourse Analysis

Content Analysis.

Religious Studies

Religionsvetenskap

Recherche de vulnérabilités logicielles par combinaison d'analyses de code binaire et de frelatage (Fuzzing) / Software vulnerability research combining fuzz testing and binary code analysis

Bekrar, Sofia

10 October 2013

Le frelatage (ou fuzzing) est l'une des approches les plus efficaces pour la détection de vulnérabilités dans les logiciels de tailles importantes et dont le code source n'est pas disponible. Malgré une utilisation très répandue dans l'industrie, les techniques de frelatage "classique" peuvent avoir des résultats assez limités, et pas toujours probants. Ceci est dû notamment à une faible couverture des programmes testés, ce qui entraîne une augmentation du nombre de faux-négatifs; et un manque de connaissances sur le fonctionnement interne de la cible, ce qui limite la qualité des entrées générées. Nous présentons dans ce travail une approche automatique de recherche de vulnérabilités logicielles par des processus de test combinant analyses avancées de code binaire et frelatage. Cette approche comprend : une technique de minimisation de suite de tests, pour optimiser le rapport entre la quantité de code testé et le temps d'exécution ; une technique d'analyse de couverture optimisée et rapide, pour évaluer l'efficacité du frelatage ; une technique d'analyse statique, pour localiser les séquences de codes potentiellement sensibles par rapport à des patrons de vulnérabilités; une technique dynamique d'analyse de teinte, pour identifier avec précision les zones de l'entrée qui peuvent être à l'origine de déclenchements de vulnérabilités; et finalement une technique évolutionniste de génération de test qui s'appuie sur les résultats des autres analyses, afin d'affiner les critères de décision et d'améliorer la qualité des entrées produites. Cette approche a été mise en œuvre à travers une chaîne d'outils intégrés et évalués sur de nombreuses études de cas fournies par l'entreprise. Les résultats obtenus montrent son efficacité dans la détection automatique de vulnérabilités affectant des applications majeures et sans accès au code source. / Fuzz testing (a.k.a. fuzzing) is one of the most effective approaches for discovering security vulnerabilities in large and closed-source software. Despite their wide use in the software industry, traditional fuzzing techniques suffer from a poor coverage, which results in a large number of false negatives. The other common drawback is the lack of knowledge about the application internals. This limits their ability to generate high quality inputs. Thus such techniques have limited fault detection capabilities. We present an automated smart fuzzing approach which combines advanced binary code analysis techniques. Our approach has five components. A test suite reduction technique, to optimize the ratio between the amount of covered code and the execution time. A fast and optimized code coverage measurement technique, to evaluate the fuzzing effectiveness. A static analysis technique, to locate potentially sensitive sequences of code with respect to vulnerability patterns. An origin-aware dynamic taint analysis technique, to precisely identify the input fields that may trigger potential vulnerabilities. Finally, an evolutionary based test generation technique, to produce relevant inputs. We implemented our approach as an integrated tool chain, and we evaluated it on numerous industrial case studies. The obtained results demonstrate its effectiveness in automatically discovering zero-day vulnerabilities in major closed-source applications. Our approach is relevant to both defensive and offensive security purposes.

Frelatage

Vulnérabilités logicielles

Analyse de couverture

Analyse de code binaire

Génération de tests

Analyse de teinte

Fuzzing

Software vulnerabilities

Coverage analysis

Binary code analysis

Test generation

Taint analysis

Semantic monitoring mechanisms dedicated to security monitoring in IaaS cloud / Mécanismes de monitoring sémantique dédiés à la sécurité des infrastructures cloud IaaS

Hebbal, Yacine

18 September 2017

L’introspection de machine virtuelle (VM) consiste à superviser les états et les activités de celles-ci depuis la couche de virtualisation, tirant ainsi avantage de son emplacement qui offre à la fois une bonne visibilité des états et des activités des VMs ainsi qu’une bonne isolation de ces dernières. Cependant, les états et les activités des VMs à superviser sont vus par la couche de virtualisation comme une suite binaire de bits et d’octets en plus des états des ressources virtuelles. L’écart entre la vue brute disponible à la couche de virtualisation et celle nécessaire pour la supervision de sécurité des VMs constitue un challenge pour l’introspection appelé « le fossé sémantique ». Pour obtenir des informations sémantiques sur les états et les activités des VMs à fin de superviser leur sécurité, nous présentons dans cette thèse un ensemble de techniques basé sur l’analyse binaire et la réutilisation du code binaire du noyau d’une VM. Ces techniques permettent d’identifier les adresses et les noms de la plupart des fonctions noyau d’une VM puis de les instrumenter (intercepter, appeler et analyser) pour franchir le fossé sémantique de manière automatique et efficiente même dans les cas des optimisations du compilateur et de la randomisation de l’emplacement du code noyau dans la mémoire de la VM. / Virtual Machine Introspection (VMI) consists inmonitoring VMs security from the hypervisor layer which offers thanks to its location a strong visibility on their activities in addition to a strong isolation from them. However, hypervisor view of VMs is just raw bits and bytes in addition to hardware states. The semantic difference between this raw view and the one needed for VM security monitoring presents a significant challenge for VMI called “the semantic gap”. In order to obtain semantic information about VM states and activities for monitoring their security from the hypervisor layer, we present in this thesis a set of techniques based on analysis and reuse of VM kernel binary code. These techniques enable to identify addresses and names of most VM kernel functions then instrument (call, intercept and analyze) them to automatically bridge the semantic gap regardless of challenges presented by compiler optimizations and kernel base address randomization.

Introspection de Machine Virtuelle

Le Fossé Sémantique

Analyse Binaire Statique

Réutilisation du Code Binaire

Virtual Machine Introspection

Semantic Gap

Static Binary Analysis

Binary Code Reuse

004