# PapersCutA shortcut to recent security papers

### Arxiv

#### Mayall: A Framework for Desktop JavaScript Auditing and Post-Exploitation Analysis

Authors: Adam Rapley, Xavier Bellekens, Lynsay A. Shepherd, Colin McLean

Abstract: Writing desktop applications in JavaScript offers developers the opportunity to write cross-platform applications with cutting edge capabilities. However in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime --- an increasingly popular server-side technology. In bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. The paper also exposes fifteen highly popular Electron applications and demonstrates that two thirds of applications were found to be using known vulnerable elements with high CVSS scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.

Comment: 19 pages

Date: 14 Nov 2018

#### Regular subgroups with large intersection

Authors: Riccardo Aragona, Roberto Civino, Norberto Gavioli, Carlo Maria Scoppola

Abstract: In this paper we study the relationships between the elementary abelian regular subgroups and the Sylow $2$-subgroups of their normalisers in the symmetric group $\mathrm{Sym}(\mathbb{F}_2^n)$, in view of the interest that they have recently raised for their applications in symmetric cryptography.

Date: 14 Nov 2018

#### Blockchain-based Firmware Update Scheme Tailored for Autonomous Vehicles

Authors: Mohamed Baza, Mahmoud Nabil, Noureddine Lasla, Kemal Fidan, Mohamed Mahmoud, Mohamed Abdallah

Date: 14 Nov 2018

#### Towards a hardware-assisted information flow tracking ecosystem for ARM processors

Authors: Muhammad Abdul Wahab, Pascal Cotret, Mounir Nasr Allah, Guillaume Hiet, Vianney Lapotre, Guy Gogniat

Abstract: This work details a hardware-assisted approach for information flow tracking implemented on reconfigurable chips. Current solutions are either time-consuming or hardly portable (modifications of both sofware/hardware layers). This work takes benefits from debug components included in ARMv7 processors to retrieve details on instructions committed by the CPU. First results in terms of silicon area and time overheads are also given.

Comment: 2 pages, FPL 2016 - PhD forum

Date: 13 Nov 2018

#### A Systematic Evaluation of Transient Execution Attacks and Defenses

Authors: Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, Daniel Gruss

Abstract: Modern processor optimizations such as branch prediction and out-of-order execution are crucial for performance. Recent research on transient execution attacks including Spectre and Meltdown showed, however, that exception or branch misprediction events may leave secret-dependent traces in the CPU's microarchitectural state. This observation led to a proliferation of new Spectre and Meltdown attack variants and even more ad-hoc defenses (e.g., microcode and software patches). Unfortunately, both the industry and academia are now focusing on finding efficient defenses that mostly address only one specific variant or exploitation methodology. This is highly problematic, as the state-of-the-art provides only limited insight on residual attack surface and the completeness of the proposed defenses. In this paper, we present a sound and extensible systematization of transient execution attacks. Our systematization uncovers 7 (new) transient execution attacks that have been overlooked and not been investigated so far. This includes 2 new Meltdown variants: Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD. It also includes 5 new Spectre mistraining strategies. We evaluate all 7 attacks in proof-of-concept implementations on 3 major processor vendors (Intel, AMD, ARM). Our systematization does not only yield a complete picture of the attack surface, but also allows a systematic evaluation of defenses. Through this systematic evaluation, we discover that we can still mount transient execution attacks that are supposed to be mitigated by rolled out patches.

Date: 13 Nov 2018

#### On Finding Quantum Multi-collisions

Authors: Qipeng Liu, Mark Zhandry

Abstract: A $k$-collision for a compressing hash function $H$ is a set of $k$ distinct inputs that all map to the same output. In this work, we show that for any constant $k$, $\Theta\left(N^{\frac{1}{2}(1-\frac{1}{2^k-1})}\right)$ quantum queries are both necessary and sufficient to achieve a $k$-collision with constant probability. This improves on both the best prior upper bound (Hosoyamada et al., ASIACRYPT 2017) and provides the first non-trivial lower bound, completely resolving the problem.

Date: 13 Nov 2018

#### Benchmarking datasets for Anomaly-based Network Intrusion Detection: KDD CUP 99 alternatives

Authors: Abhishek Divekar, Meet Parekh, Vaibhav Savla, Rudra Mishra, Mahesh Shirole

Abstract: Machine Learning has been steadily gaining traction for its use in Anomaly-based Network Intrusion Detection Systems (A-NIDS). Research into this domain is frequently performed using the KDD~CUP~99 dataset as a benchmark. Several studies question its usability while constructing a contemporary NIDS, due to the skewed response distribution, non-stationarity, and failure to incorporate modern attacks. In this paper, we compare the performance for KDD-99 alternatives when trained using classification models commonly found in literature: Neural Network, Support Vector Machine, Decision Tree, Random Forest, Naive Bayes and K-Means. Applying the SMOTE oversampling technique and random undersampling, we create a balanced version of NSL-KDD and prove that skewed target classes in KDD-99 and NSL-KDD hamper the efficacy of classifiers on minority classes (U2R and R2L), leading to possible security risks. We explore UNSW-NB15, a modern substitute to KDD-99 with greater uniformity of pattern distribution. We benchmark this dataset before and after SMOTE oversampling to observe the effect on minority performance. Our results indicate that classifiers trained on UNSW-NB15 match or better the Weighted F1-Score of those trained on NSL-KDD and KDD-99 in the binary case, thus advocating UNSW-NB15 as a modern substitute to these datasets.

Comment: Paper accepted into Proceedings of IEEE International Conference on Computing, Communication and Security 2018 (ICCCS-2018) Statistics: 8 pages, 7 tables, 3 figures, 34 references

Date: 13 Nov 2018

#### SAFE: Self-Attentive Function Embeddings for Binary Similarity

Authors: Luca Massarelli, Giuseppe Antonio Di Luna, Fabio Petroni, Leonardo Querzoni, Roberto Baldoni

Abstract: The binary similarity problem consists in determining if two functions are similar by only considering their compiled form. Advanced techniques for binary similarity recently gained momentum as they can be applied in several fields, such as copyright disputes, malware analysis, vulnerability detection, etc., and thus have an immediate practical impact. Current solutions compare functions by first transforming their binary code in multi-dimensional vector representations (embeddings), and then comparing vectors through simple and efficient geometric operations. However, embeddings are usually derived from binary code using manual feature extraction, that may fail in considering important function characteristics, or may consider features that are not important for the binary similarity problem. In this paper we propose SAFE, a novel architecture for the embedding of functions based on a self-attentive neural network. SAFE works directly on disassembled binary functions, does not require manual feature extraction, is computationally more efficient than existing solutions (i.e., it does not incur in the computational overhead of building or manipulating control flow graphs), and is more general as it works on stripped binaries and on multiple architectures. We report the results from a quantitative and qualitative analysis that show how SAFE provides a noticeable performance improvement with respect to previous solutions. Furthermore, we show how clusters of our embedding vectors are closely related to the semantic of the implemented algorithms, paving the way for further interesting applications (e.g. semantic-based binary function search).

Date: 13 Nov 2018

#### Right to Sign: Safeguarding data immutability in blockchain systems with cryptographic signatures over a broad range of available consensus finding scenarios

Authors: Ernst-Georg Schmid

Abstract: The choice of the consensus method ultimately determines throughput, scalability, tamper resistance, and consistency of a blockchain system. However, across all the types of blockchain (private, semi-private, consortium, or public), there is no consensus method that uniformly addresses all these traits. Verifiable lottery algorithms (Proof of ...) increase tamper resistance but show weakness in throughput and scalability, while established methods like PAXOS and RAFT provide no additional protection against tampering. In this paper, we introduce Right to Sign which aims to provide additional tamper resistance by cryptographic signatures over a broad range of available consensus finding methods.

Comment: 5 pages, 8 figures, 1 table

Date: 13 Nov 2018

#### Classical Access Structures of Ramp Secret Sharing Based on Quantum Stabilizer Codes

Authors: Ryutaroh Matsumoto

Abstract: In this paper we consider to use the quantum stabilizer codes as secret sharing schemes for classical secrets. We give necessary and sufficient conditions for qualified and forbidden sets in terms of quantum stabilizers. Then we give a Gilbert-Varshamove-type sufficient condition for existence of secret sharing schemes with given parameters, and by using that sufficient condition, we show that roughly 19% of participants can be made forbidden independently of the size of classical secret, in particular when an $n$-bit classical secret is shared among $n$ participants having 1-qubit share each. We also consider how much information is obtained by an intermediate set and express that amount of information in terms of quantum stabilizers. All the results are stated in terms of linear spaces over finite fields associated with the quantum stabilizers.

Comment: LaTeX2e, article.cls, 18 pages, no figure

Date: 14 Nov 2018