Global ETD Search

51	Design and evaluation of software obfuscations Majumdar, Anirban January 2008 (has links) Software obfuscation is a protection technique for making code unintelligible to automated program comprehension and analysis tools. It works by performing semantic preserving transformations such that the difficulty of automatically extracting the computational logic out of code is increased. Obfuscating transforms in existing literature have been designed with the ambitious goal of being resilient against all possible reverse engineering attacks. Even though some of the constructions are based on intractable computational problems, we do not know, in practice, how to generate hard instances of obfuscated problems such that all forms of program analyses would fail. In this thesis, we address the problem of software protection by developing a weaker notion of obfuscation under which it is not required to guarantee an absolute blackbox security. Using this notion, we develop provably-correct obfuscating transforms using dependencies existing within program structures and indeterminacies in communication characteristics between programs in a distributed computing environment. We show how several well known static analysis tools can be used for reverse engineering obfuscating transforms that derive resilience from computationally hard problems. In particular, we restrict ourselves to one common and potent static analysis tool, the static slicer, and use it as our attack tool. We show the use of derived software engineering metrics to indicate the degree of success or failure of a slicer attack on a piece of obfuscated code. We address the issue of proving correctness of obfuscating transforms by adapting existing proof techniques for functional program refinement and communicating sequential processes. The results of this thesis could be used for future work in two ways: first, future researchers may extend our proposed techniques to design obfuscations using a wider range of dependencies that exist between dynamic program structures. Our restricted attack model using one static analysis tool can also be relaxed and obfuscations capable of withstanding a broader class of static and dynamic analysis attacks could be developed based on the same principles. Secondly, our obfuscatory strength evaluation techniques could guide anti-malware researchers in the development of tools to detect obfuscated strains of polymorphic viruses. / Whole document restricted, but available by request, use the feedback form to request access. obfuscation software security program transformation global state monitoring slicing distributed computing
52	Design and evaluation of software obfuscations Majumdar, Anirban January 2008 (has links) Software obfuscation is a protection technique for making code unintelligible to automated program comprehension and analysis tools. It works by performing semantic preserving transformations such that the difficulty of automatically extracting the computational logic out of code is increased. Obfuscating transforms in existing literature have been designed with the ambitious goal of being resilient against all possible reverse engineering attacks. Even though some of the constructions are based on intractable computational problems, we do not know, in practice, how to generate hard instances of obfuscated problems such that all forms of program analyses would fail. In this thesis, we address the problem of software protection by developing a weaker notion of obfuscation under which it is not required to guarantee an absolute blackbox security. Using this notion, we develop provably-correct obfuscating transforms using dependencies existing within program structures and indeterminacies in communication characteristics between programs in a distributed computing environment. We show how several well known static analysis tools can be used for reverse engineering obfuscating transforms that derive resilience from computationally hard problems. In particular, we restrict ourselves to one common and potent static analysis tool, the static slicer, and use it as our attack tool. We show the use of derived software engineering metrics to indicate the degree of success or failure of a slicer attack on a piece of obfuscated code. We address the issue of proving correctness of obfuscating transforms by adapting existing proof techniques for functional program refinement and communicating sequential processes. The results of this thesis could be used for future work in two ways: first, future researchers may extend our proposed techniques to design obfuscations using a wider range of dependencies that exist between dynamic program structures. Our restricted attack model using one static analysis tool can also be relaxed and obfuscations capable of withstanding a broader class of static and dynamic analysis attacks could be developed based on the same principles. Secondly, our obfuscatory strength evaluation techniques could guide anti-malware researchers in the development of tools to detect obfuscated strains of polymorphic viruses. / Whole document restricted, but available by request, use the feedback form to request access. obfuscation software security program transformation global state monitoring slicing distributed computing
53	Design and evaluation of software obfuscations Majumdar, Anirban January 2008 (has links) Software obfuscation is a protection technique for making code unintelligible to automated program comprehension and analysis tools. It works by performing semantic preserving transformations such that the difficulty of automatically extracting the computational logic out of code is increased. Obfuscating transforms in existing literature have been designed with the ambitious goal of being resilient against all possible reverse engineering attacks. Even though some of the constructions are based on intractable computational problems, we do not know, in practice, how to generate hard instances of obfuscated problems such that all forms of program analyses would fail. In this thesis, we address the problem of software protection by developing a weaker notion of obfuscation under which it is not required to guarantee an absolute blackbox security. Using this notion, we develop provably-correct obfuscating transforms using dependencies existing within program structures and indeterminacies in communication characteristics between programs in a distributed computing environment. We show how several well known static analysis tools can be used for reverse engineering obfuscating transforms that derive resilience from computationally hard problems. In particular, we restrict ourselves to one common and potent static analysis tool, the static slicer, and use it as our attack tool. We show the use of derived software engineering metrics to indicate the degree of success or failure of a slicer attack on a piece of obfuscated code. We address the issue of proving correctness of obfuscating transforms by adapting existing proof techniques for functional program refinement and communicating sequential processes. The results of this thesis could be used for future work in two ways: first, future researchers may extend our proposed techniques to design obfuscations using a wider range of dependencies that exist between dynamic program structures. Our restricted attack model using one static analysis tool can also be relaxed and obfuscations capable of withstanding a broader class of static and dynamic analysis attacks could be developed based on the same principles. Secondly, our obfuscatory strength evaluation techniques could guide anti-malware researchers in the development of tools to detect obfuscated strains of polymorphic viruses. / Whole document restricted, but available by request, use the feedback form to request access. obfuscation software security program transformation global state monitoring slicing distributed computing
54	Obfuskace síťového provozu pro zabránění jeho detekce pomocí IDS / Network Traffic Obfuscation for IDS Detection Avoidance Ovšonka, Daniel January 2013 (has links) This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.
55	Breaking WebAssembly Crypto Miner Detection by Obfuscation / Knäcker WebAssembly-cryptominerdetektering med obfuskering Ekner, Gustav January 2023 (has links) Blockchain-based cryptocurrencies is a fairly new concept with a worldwide spread, and there is a massive amount of currencies. Several of them involve so-called currency mining, a feature of Proof-of-Work based blockchains. One problem with currency mining is that it can be performed when visiting websites in the user's browser, exploiting the user's resources and consuming energy. This has spawned a wide variety of crypto mining detection algorithms in the research. A particular issue that can make detection difficult is if the code of the miner has been obfuscated. Because of the limited research on detecting obfuscated miners, this thesis selects a state-of-the-art detection algorithm and uses it to analyze crypto miners obfuscated with various obfuscation techniques. A dataset of Wasm binaries is constructed by filtering out miners with the help of the detection algorithm. The result indicates that multiple obfuscation techniques, all trivial to implement with basic find-and-replacement, are highly effective at hindering the miner detector. Some techniques lower the detection rate by 100% on the dataset. The effectiveness seems to depend primarily on how many lines are modified in the program, and secondly on what modifications exactly are performed. Also, the obfuscated samples do not take a longer time to analyze, on the contrary, the mean execution time of the detection algorithm becomes primarily shorter. The conclusion is that more research must be done in constructing detection algorithms robust towards code obfuscation, and that the detection rate of today's algorithms might be misleading if there is a large amount of obfuscated miners on the web. / Blockkedjebaserade kryptovalutor är ett relativt nytt koncept som spridit sig globalt, och det finns en uppsjö med kryptovalutor. Flera av dem involverar mining (”valutagrävning”), en företeelse hos Proof-of-work-baserade blockkedjor. Ett problem med mining är att det kan genomföras när en användare besöker webbsidor i webbläsaren, och därmed utnyttja användarens resurser och förbruka onödig energi. Detta har lett till forskning på flera olika typer av detektorer för mining. Ett särskilt problem som kan försvåra detektering är om miner-koden har obfuskerats. På grund av den begränsade forskningen på att detektera obfuskerade miner-program väljs i detta examensarbete en state-of-the-art-algoritm för detektering, och denna används för att analysera miner-program obfuskerade med olika obfuskeringstekniker. Ett dataset av Wasm-binärer konstrueras genom att filtrera ut miner-program med hjälp av detekteringsalgoritmen. Resultatet indikerar att flera obfuskeringstekniker, samtliga triviala att implementera med grundläggande hitta-och-ersätt-operationer, är mycket effektiva för att hindra detektorn. Vissa tekniker minskar detekteringsgraden med 100% på det dataset som används. Effektiviteten verkar primärt bero på hur många rader som är modifierade i programmet, och sekundärt på exakt vad för slags modifikation som genomförs. Dessutom tar de obfuskerade programmen inte längre tid att analysera, i själva verket är genomsnittstiden för detekteringsalgoritmen i huvudsak kortare jämfört med de ej obfuskerade. Slutsatsen är att mer forskning måste genomföras för att konstruera detekteringsalgoritmer som är robusta mot kodobfuskering, och detekteringsgraden hos dagens detekteringsalgoritmer kan vara vilseledande om det finns en stor mängd obfuskerade miner-program på webben. Computer Security WebAssembly Crypto mining Code Obfuscation Browsers Datasäkerhet WebAssembly Kryptovalutautvinning Kodobfuskering Webbläsare Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Computer and Information Sciences Data- och informationsvetenskap
56	Random projections in a distributed environment for privacy-preserved deep learning / Slumpmässiga projektioner i en distribuerad miljö för privatiserad djupinlärning Bagger Toräng, Malcolm January 2021 (has links) The field of Deep Learning (DL) only over the last decade has proven useful for increasingly more complex Machine Learning tasks and data, a notable milestone being generative models achieving facial synthesis indistinguishable from real faces. With the increased complexity in DL architecture and training data, follows a steep increase in time and hardware resources required for the training task. These resources are easily accessible via cloud-based platforms if the data owner is willing to share its training data. To allow for cloud-sharing of its training data, The Swedish Transport Administration (TRV) is interested in evaluating resource effective, infrastructure independent, privacy-preserving obfuscation methods to be used on real-time collected data on distributed Internet-of-Things (IoT) devices. A fundamental problem in this setting is to balance the trade-off between privacy and DL utility of the obfuscated training data. We identify statistically measurable relevant metrics of privacy achievable via obfuscation and compare two prominent alternatives from the literature, optimization-based methods (OBM) and random projections (RP). OBM achieve privacy via direct optimization towards a metric, preserving utility-crucial patterns in the data, and is typically in addition evaluated in terms of a DL-based adversary’s sensitive feature estimation error. RP project data via a random matrix to lower dimensions to preserve sample pair-wise distances while offering privacy in terms of difficulty in data recovery. The goals of the project centered around evaluating RP on privacy metric results previously attained for OBM, compare adversarial feature estimation error in OBM and RP, as well as to address the possibly infeasible learning task of using composite multi-device datasets generated using independent projection matrices. The last goal is relevant to TRV in that multiple devices are likely to contribute to the same composite dataset. Our results complement previous research in that they indicate that both privacy and utility guarantees in a distributed setting, vary depending on data type and learning task. These results favor OBM that theoretically should offer more robust guarantees. Our results and conclusions would encourage further experimentation with RP in a distributed setting to better understand the influence of data type and learning task on privacy-utility, target-distributed data sources being a promising starting point. / Forskningsområdet Deep Learning (DL) bara under det senaste decenniet har visat sig vara användbart för allt mer komplexa maskinginlärnings-uppgifter och data, en anmärkningsvärd milstolpe är generativa modeller som erhåller verklighetstrogna syntetiska ansiktsbilder. Med den ökade komplexiteten i DL -arkitektur och träningsdata följer ett kraftigt ökat behov av tid och hårdvaruresurser för träningsuppgiften. Dessa resurser är lättillgängliga via molnbaserade plattformar om dataägaren är villig att dela sin träningsdata. För att möjliggöra molndelning av träningsdata är Trafikverket (TRV) intresserat av att utvärdera resurseffektiva, infrastrukturoberoende, privatiserade obfuskeringsmetoder som ska användas på data hämtad i realtid via distribuerade Internet-of-Things ( IoT) -enheter; det grundläggande problemet är avvägningen mellan privatisering och användbarhet av datan i DL-syfte. Vi identifierar statistiskt mätbara relevanta mått av privatisering som kan uppnås via obfuskering och jämför två framstående alternativ från litteraturen, optimeringsbaserade metoder (OBM) och slumpmässiga projektioner (RP). OBM uppnår privatisering via matematisk optimering av ett mått av data-privatisering, vilket bevarar övriga nödvändiga mönster i data för DL-uppgiften. OBM-metoder utvärderas vanligtvis i termer av en DL-baserad motståndares uppskattningsfel av känsliga attribut i datan. RP obfuskerar data via en slumpmässig projektion till lägre dimensioner för att bevara avstånd mellan datapunkter samtidigt som de erbjuder privatisering genom teoretisk svårighet i dataåterställning. Målen för examensarbetet centrerades kring utvärdering av RP på privatiserings-mått som tidigare uppnåtts för OBM, att jämföra DL-baserade motståndares uppskattningsfel på data från OBM och RP, samt att ta itu med den befarat omöjliga inlärningsuppgiften att använda sammansatta dataset från flera IoT-enheter som använder oberoende projektionsmatriser. Sistnämnda målet är relevant i en miljö sådan som TRVs, där flera IoT-enheter oberoende bidrar till ett och samma dataset och DL-uppgift. Våra resultat kompletterar tidigare forskning genom att de indikerar att både privatisering och användbarhetsgarantier i en distribuerad miljö varierar beroende på datatyp och inlärningsuppgift. Dessa resultat gynnar OBM som teoretiskt sett bör erbjuda mer robusta garantier vad gäller användbarhet. Våra resultat och slutsatser uppmuntrar framtida experiment med RP i en distribuerad miljö för att bättre förstå inverkan av datatyp och inlärningsuppgift på graden av privatisering, datakällor distribuerade baserat på klassificerings-target är en lovande utgångspunkt. Random projections Generative adversarial networks Privacy metrics Deep learning Obfuscation. Slumpmässiga projektioner Generativa kontroversiella nätverk Privatiserings-mått Djupinlärning Obfuskering. Computer Sciences Datavetenskap (datalogi)
57	Implantations et protections de mécanismes cryptographiques logiciels et matériels / Implementations and protections of software and hardware cryptographic mechanisms Cornelie, Marie-Angela 12 April 2016 (has links) La protection des mécanismes cryptographiques constitue un enjeu important lors du développement d'un système d'information car ils permettent d'assurer la sécurisation des données traitées. Les supports utilisés étant à la fois logiciels et matériels, les techniques de protection doivent s'adapter aux différents contextes.Dans le cadre d'une cible logicielle, des moyens légaux peuvent être mis en oeuvre afin de limiter l'exploitation ou les usages. Cependant, il est généralement difficile de faire valoir ses droits et de prouver qu'un acte illicite a été commis. Une alternative consiste à utiliser des moyens techniques, comme l'obscurcissement de code, qui permettent de complexifier les stratégies de rétro-conception en modifiant directement les parties à protéger.Concernant les implantations matérielles, on peut faire face à des attaques passives (observation de propriétés physiques) ou actives, ces dernières étant destructives. Il est possible de mettre en place des contre-mesures mathématiques ou matérielles permettant de réduire la fuite d'information pendant l'exécution de l'algorithme, et ainsi protéger le module face à certaines attaques par canaux cachés.Les travaux présentés dans ce mémoire proposent nos contributions sur ces sujets tes travaux. Nous étudions et présentons les implantations logicielle et matérielle réalisées pour le support de courbes elliptiques sous forme quartique de Jacobi étendue. Ensuite, nous discutons des problématiques liées à la génération de courbes utilisables en cryptographie et nous proposons une adaptation à la forme quartique de Jacobi étendue ainsi que son implantation. Dans une seconde partie, nous abordons la notion d'obscurcissement de code source. Nous détaillons les techniques que nous avons implantées afin de compléter un outil existant ainsi que le module de calcul de complexité qui a été développé. / The protection of cryptographic mechanisms is an important challenge while developing a system of information because they allow to ensure the security of processed data. Since both hardware and software supports are used, the protection techniques have to be adapted depending on the context.For a software target, legal means can be used to limit the exploitation or the use. Nevertheless, it is in general difficult to assert the rights of the owner and prove that an unlawful act had occurred. Another alternative consists in using technical means, such as code obfuscation, which make the reverse engineering strategies more complex, modifying directly the parts that need to be protected.Concerning hardware implementations, the attacks can be passive (observation of physical properties) or active (which are destructive). It is possible to implement mathematical or hardware countermeasures in order to reduce the information leakage during the execution of the code, and thus protect the module against some side channel attacks.In this thesis, we present our contributions on theses subjects. We study and present the software and hardware implementations realised for supporting elliptic curves given in Jacobi Quartic form. Then, we discuss issues linked to the generation of curves which can be used in cryptography, and we propose an adaptation to the Jacobi Quartic form and its implementation. In a second part, we address the notion of code obfuscation. We detail the techniques that we have implemented in order to complete an existing tool, and the complexity module which has been developed. Offuscation de codes Mesure de complexité Mécanismes cryptographiques Arithmétique des courbes elliptiques Code obfuscation Complexity measure Cryptographic mechanisms The arithmetic of Elliptic Curves Arithmetic operators on finite fields 004
58	Privacy-preserving spectrum sharing / Un partage de spectre préservant la confidentialité Ben-Mosbah, Azza 24 May 2017 (has links) Les bandes des fréquences, telles qu'elles sont aménagées aujourd'hui, sont statiquement allouées. Afin d'améliorer la productivité et l'efficacité de l'utilisation du spectre, une nouvelle approche a été proposée : le "partage dynamique du spectre". Les régulateurs, les industriels et les scientifiques ont examiné le partage des bandes fédérales entre les détenteurs de licences (utilisateurs primaires) et les nouveaux entrants (utilisateurs secondaires). La nature d'un tel partage peut faciliter les attaques d'inférence et mettre en péril les paramètres opérationnels des utilisateurs primaires. Par conséquent, le but de cette thèse est d'améliorer la confidentialité des utilisateurs primaires tout en permettant un accès secondaire au spectre. Premièrement, nous présentons une brève description des règles de partage et des exigences en termes de confidentialité dans les bandes fédérales. Nous étudions également les techniques de conservation de confidentialité (obscurcissement) proposées dans les domaines d'exploration et d'édition de données pour contrecarrer les attaques d'inférence. Ensuite, nous proposons et mettons en œuvre notre approche pour protéger la fréquence et la localisation opérationnelles contre les attaques d'inférence. La première partie étudie la protection de la fréquence opérationnelle en utilisant un obscurcissement inhérent et explicite pour préserver la confidentialité. La deuxième partie traite la protection de la localisation opérationnelle en utilisant la confiance comme principale contre-mesure pour identifier et atténuer un risque d'inférence. Enfin, nous présentons un cadre axé sur les risques qui résume notre travail et s'adapte à d'autres approches de protection de la confidentialité. Ce travail est soutenu par des modèles, des simulations et des résultats qui focalisent sur l'importance de quantifier les techniques de préservation de la confidentialité et d'analyser le compromis entre la protection de la confidentialité et l'efficacité du partage du spectre / Radio frequencies, as currently allocated, are statically managed. Spectrum sharing between commercial users and incumbent users in the Federal bands has been considered by regulators, industry, and academia as a great way to enhance productivity and effectiveness in spectrum use. However, allowing secondary users to share frequency bands with sensitive government incumbent users creates new privacy threats in the form of inference attacks. Therefore, the aim of this thesis is to enhance the privacy of the incumbent while allowing secondary access to the spectrum. First, we present a brief description of different sharing regulations and privacy requirements in Federal bands. We also survey the privacy-preserving techniques (i.e., obfuscation) proposed in data mining and publishing to thwart inference attacks. Next, we propose and implement our approach to protect the operational frequency and location of the incumbent operations from inferences. We follow with research on frequency protection using inherent and explicit obfuscation to preserve the incumbent's privacy. Then, we address location protection using trust as the main countermeasure to identify and mitigate an inference risk. Finally, we present a risk-based framework that integrates our work and accommodates other privacy-preserving approaches. This work is supported with models, simulations and results that showcase our work and quantify the importance of evaluating privacy-preserving techniques and analyzing the trade-off between privacy protection and spectrum efficiency Partage du spectre Détenteur de licence fédéral Utilisateurs secondaires commerciaux Attaque d'inférence Sécurité opérationnelle Protection de la confidentialité Offuscation Gestion de confiance Efficacité du spectre Spectrum sharing Federal incumbent Commercial secondary users Inference attack Operational security Privacy protection Obfuscation Trust management Spectrum efficiency
59	Detecting PowerShell Obfuscation Techniques using Natural Language Processing / Detektering av obfuskeringstekniker för PowerShell med hälp av Natural Language Processing Klasmark, Jacob January 2022 (has links) PowerShell obfuscation is often used to avoid getting detected by Anti Virus programs. There are several different techniques to change a PowerShell script and still perform the same tasks. Detecting these obfuscated files is a good addition in order to detect malicious files. Identifying the specific technique used can also be beneficial for an analyst tasked with investigating the detected files. In order to detect these different techniques we are using Natural Language Processing with the idea that each technique will be sort of like a unique language that can be detected. We tried several different models and iterations of data processing and ended up using a Random Forest Classifier and achieved a detection accuracy of 98%. / PowerShell obfuskering används ofta för att undvika att bli upptäckt av Antivirusprogram. Det finns flera olika tekniker för att förändra ett PowerShell script me ändå behålla dess funktionalitet. Att detektera dessa obfuskerade filer är ett bra tillägg för att identifiera skadliga filer. Identifiering av den specifika tekniken som används kan vara en hjälp för analytiker som har som uppgift att utreda den identifierade filen. För att detektera dessa tekniker använder vi Natural Language Processing med idén att varje teknik på något sätt kommer se ut som ett eget språk som då kan detekteras. Vi provade flera olika modeller och kom fram till att Random Forest Classifier presterade bäst med en träffsäkerhet på 98%. Obfuscation detection PowerShell Natural Language Processing Machine Learning Security Operations Center Obfuskeringsdetektion PowerShell Natural Language Processing Maskinlärning Security Operations Center Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Computer and Information Sciences Data- och informationsvetenskap
60	Auster: A service designed on the context of a surveillance society in an increasingly connected world Koelemeijer, Dorien January 2015 (has links) The privacy and surveillance issues that are consequences of the Internet of Things are the motivation and grounding for this thesis project. The Internet of Things (IoT) is a scenarioin which physical objects are able to communicate to each other and the environment, by transferring data over communication networks. The IoT allows technology to become smaller and more ubiquitous, and by being integrated in the environment around us, the world is becoming increasingly connected. Even though these developments will generally make our lives easier and more enjoyable, the Internet of Things also faces some challenges. One of these are the aforementioned privacy and surveillance issues that are the results of transferring sensitive data over communication networks. The aim of this thesis project is therefore to answer, both in a theoretical, as well as in a practical way, the following research question: How can the Internet of Things be more accessible and safe for the everyday user? Accordingly, the Auster online platform, the Auster app and the Data Obfuscation Kit were developed to provide people with the tools and knowledge to construct home automation projects themselves, as an alternative for using applications from governments and corporations alike. The aim is to create a way to endow people with the capability to exploit their talents, realise their visions and share this with a community joining forces. By enabling people to create their own home automation projects, personal data is kept in the user’s possession and the collection of data by governments and companies alike is prevented. Moreover, by giving the control over technology back to the user, creativity and innovation in the field of the Internet of Things in domestic environments are expected to increase. interaction design human computer interaction internet of things the internet of things IoT surveillance sousveillance hacking do it yourself diy data big data data obfuscation arduino decentralisation internet privacy security data mining data analysis Engineering and Technology Teknik och teknologier

Search results