{"663100":{"#nid":"663100","#data":{"type":"news","title":"Cybersecurity and Privacy Work by Faculty and Students on Full Display at CCS\u201922","body":[{"value":"\u003Cp\u003EThis week, researchers from around the globe gathered in Los Angeles, California for the\u0026nbsp;\u003Ca href=\u0022https:\/\/www.sigsac.org\/ccs\/CCS2022\/\u0022 tabindex=\u0022-1\u0022\u003EACM Conference on Computer and Communications Security\u003C\/a\u003E\u0026nbsp;(ACM CCS), where they will present discoveries on the cutting edge of cybersecurity and privacy.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe conference is a top tier research venue, and this year the Georgia Institute of Technology has six papers authored and co-authored by faculty and students from the\u0026nbsp;\u003Ca href=\u0022https:\/\/sites.gatech.edu\/cybersecurityandprivacy\/\u0022 tabindex=\u0022-1\u0022\u003ESchool of Cybersecurity and Privacy\u003C\/a\u003E\u0026nbsp;(SCP). Each work represents a collaborative effort from across universities and institutions over the course of several years.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EHere is a sample of the five public papers being presented at the flagship annual conference.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Ch3\u003EGuarding Against Remote Cyberattacks\u0026nbsp;\u003C\/h3\u003E\r\n\r\n\u003Cp\u003EA research team from Georgia Tech and Fudan University conducted the first systematic study of XRCE, a remote cyberattack on devices caused by injected malware, in cross-platform applications. Several high-profile platforms, such as Microsoft Teams and Slack, have been susceptible to injection issues, but XRCE has not been closely studied nor has its root cause been understood.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe team built a generic model of applications compatible with multiple operating systems to define XRCE\u0026rsquo;s attack scenarios, surfaces, and behaviors. They took what they learned and compared it to current cyber defenses of 640 real-world platforms and noted their weaknesses to this type of threat. They discovered that 75% of the platforms studied may be affected by XRCE, including Microsoft Teams.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003ETo solve this problem, the group of researchers developed XGuard, a defense technology that will automatically mitigate XRCE attacks and all possible variants identified from the study.\u0026nbsp;\u003Ca href=\u0022https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3559340\u0022 tabindex=\u0022-1\u0022\u003E\u003Cem\u003EUnderstanding and Mitigating Remote Code Execution Vulnerabilities in Cross-platform Ecosystem\u003C\/em\u003E\u003C\/a\u003E\u0026nbsp;is the first research paper studying and preventing XRCE, the team hopes their work will raise awareness on the new cross-platform application vulnerabilities they uncovered. SCP Ph.D. students\u0026nbsp;\u003Cstrong\u003EFeng Xiao\u003C\/strong\u003E,\u0026nbsp;\u003Cstrong\u003EZheng Yang\u003C\/strong\u003E, and\u0026nbsp;\u003Cstrong\u003EJoey Allen\u003C\/strong\u003E\u0026nbsp;were leading authors on the paper along with Assistant Professor\u003Cstrong\u003E\u0026nbsp;Guangliang Yang\u003C\/strong\u003E\u0026nbsp;of Fudan University, Georgia Tech Research Security Specialist\u0026nbsp;\u003Cstrong\u003EGrant Williams\u003C\/strong\u003E, and SCP Professor\u0026nbsp;\u003Cstrong\u003EWenke Lee\u003C\/strong\u003E. \u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Ch3\u003EBug Hunting in Self-driving Cars\u003C\/h3\u003E\r\n\r\n\u003Cp\u003EAutonomous driving systems (ADS) are steadily becoming a reality, and experts expect them to be safer than human drivers. Unfortunately, there continues to be cases of accidents, including fatal ones, caused by flaws in ADS. A systematic approach to find and eliminate bugs in ADS is needed but did not exist.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EGeorgia Tech Ph.D. student\u0026nbsp;\u003Cstrong\u003ESeulbae Kim\u003C\/strong\u003E\u0026nbsp;first authored a research paper that designed an automated fuzz-testing framework, DriveFuzz, that repeatedly tests an ADS under realistic driving scenarios that evolve over iterations. Fuzz testing is known to be effective in finding bugs in traditional software systems. Kim and his colleagues demonstrated that fuzz testing can be applied to a non-traditional system, such as ADS, a cyber-physical system, to reveal unknown bugs.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESpecifically, DriveFuzz mutates the system\u0026rsquo;s map, mission (initial position and goal position), actors (other vehicles and pedestrians), puddles, and weather of the scenario to stress the ADS. It looks for safety-critical vehicular misbehaviors, such as collisions and various traffic infractions. By testing two industry-grade open-source ADS, the team found 30 new bugs that lead to misbehaviors.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560558\u0022 tabindex=\u0022-1\u0022\u003E\u003Cem\u003EDriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing Detection\u003C\/em\u003E\u003C\/a\u003E\u0026nbsp;was written by SCP Ph.D. student Seulbae Kim,\u0026nbsp;\u003Cstrong\u003EMajor Liu\u003C\/strong\u003E\u0026nbsp;(University of Texas at Dallas),\u0026nbsp;\u003Cstrong\u003EJunghwan \u0026quot;John\u0026quot; Rhee\u003C\/strong\u003E\u0026nbsp;(University of Central Oklahoma),\u0026nbsp;\u003Cstrong\u003EYuseok Jeon\u003C\/strong\u003E\u0026nbsp;(UNIST),\u0026nbsp;\u003Cstrong\u003EYonghwi Kwon\u003C\/strong\u003E\u0026nbsp;(University of Virginia), and\u0026nbsp;\u003Cstrong\u003EChung Hwan Kim\u003C\/strong\u003E\u0026nbsp;(University of Texas at Dallas).\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Ch3\u003ESeparating the Good Onions from the Bad\u003C\/h3\u003E\r\n\r\n\u003Cp\u003EThe Onion Router (Tor) network provides anonymity to users by routing traffic through many computers across the globe. Users can also host websites anonymously on the Tor network without revealing their personal identifiable information. The Tor network has helped many journalists, activists, and whistleblowers in their dangerous line of work. However, the Tor network has also been used by malicious attackers to operate large cybercriminal enterprises.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDifferentiating between legitimate Tor users and malicious Tor users is extremely challenging since the Tor network encrypts and anonymizes all traffic between end hosts and servers, which makes traditional security detection systems ineffective. Researchers at Georgia Tech have found a way to identify when malicious software (malware) like ransomware uses the Tor network. The technique uses statistical network packet features and machine learning algorithms to differentiate between malware and legitimate users. The novel approach can be incorporated into traditional security systems to supercharge their capabilities and help identify malicious use of the Tor network.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560604\u0022 tabindex=\u0022-1\u0022\u003E\u003Cem\u003EExposing the Rat in the Tunnel: Using Traffic Analysis for Tor-based Malware Detection\u003C\/em\u003E\u003C\/a\u003E\u0026nbsp;was written by\u0026nbsp;\u003Cstrong\u003EPriyanka Dodia\u003C\/strong\u003E\u0026nbsp;and\u0026nbsp;\u003Cstrong\u003EMashael AlSabah\u003C\/strong\u003E\u0026nbsp;of Qatar Computing Research Institute; SCP Ph.D. student\u0026nbsp;\u003Cstrong\u003EOmar Alrawi\u003C\/strong\u003E,\u0026nbsp;and\u0026nbsp;\u003Cstrong\u003ETao Wang\u003C\/strong\u003E\u0026nbsp;of Simon Fraser University.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Ch3\u003EBrining the Hammer Down\u003C\/h3\u003E\r\n\r\n\u003Cp\u003EA rowhammer attack causes a binary digit, or bit, to flip in memory cells without directly accessing them. This side channel attack was used by SCP Associate Professor\u0026nbsp;\u003Cstrong\u003EDaniel Genkin\u003C\/strong\u003E\u0026nbsp;and a team of researchers from across the country to access the private session key from FrodoKEM. This security software was developed to keep encryption keys safe from quantum computers, however the process was corrupted by the team\u0026rsquo;s attacks.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560673\u0022 tabindex=\u0022-1\u0022\u003E\u003Cem\u003EWhen Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer\u003C\/em\u003E\u003C\/a\u003E\u0026nbsp;was written by\u0026nbsp;\u003Cstrong\u003EMichael Fahr\u003C\/strong\u003E\u0026nbsp;(University of Arkansas),\u0026nbsp;\u003Cstrong\u003EHunter Kippen\u003C\/strong\u003E\u0026nbsp;(University of Maryland),\u0026nbsp;\u003Cstrong\u003EAndrew Kwong\u003C\/strong\u003E\u0026nbsp;(University of Michigan),\u0026nbsp;\u003Cstrong\u003EThinh Dang\u003C\/strong\u003E\u0026nbsp;(George Washington University),\u0026nbsp;\u003Cstrong\u003EJacob Lichtinger\u003C\/strong\u003E\u0026nbsp;(NIST),\u0026nbsp;\u003Cstrong\u003EDana Dachman-Soled\u003C\/strong\u003E\u0026nbsp;(University of Maryland), Daniel Genkin (Georgia Tech),\u0026nbsp;\u003Cstrong\u003EAlexander H. Nelson\u003C\/strong\u003E\u0026nbsp;(University of Arkansas),\u003Cstrong\u003ERay Perlner\u003C\/strong\u003E\u0026nbsp;(NIST),\u0026nbsp;\u003Cstrong\u003EArkady Yerukhimovich\u003C\/strong\u003E\u0026nbsp;(George Washington University), and\u0026nbsp;\u003Cstrong\u003EDaniel Apon\u003C\/strong\u003E\u0026nbsp;(The MITRE Corporation).\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAnother paper being presented this week on rowhammer attacks is HammerScope, written in collaboration with researchers from SCP, Israel, and Australia. The research explores the correlation of rowhammer attacks with the instantaneous power consumption of the memory which the attack needs to succeed. This correlation is used to mount various software-based power analysis attacks on memory.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe team showed how this can be used to compromise secret information in certain scenarios. HammerScope demonstrates yet another adversarial consequence of rowhammer which signifies the need for more robust and secure memory units in the future.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560688\u0022 tabindex=\u0022-1\u0022\u003E\u003Cem\u003EHammerScope: Observing DRAM Power Consumption Using Rowhammer\u003C\/em\u003E\u003C\/a\u003E\u0026nbsp;was written by\u0026nbsp;\u003Cstrong\u003EYaakov Cohen\u003C\/strong\u003E\u0026nbsp;(Ben-Gurion University of the Negev \u0026amp; Intel Corporation), SCP Ph.D. student\u0026nbsp;\u003Cstrong\u003EKevin Sam Tharayil\u003C\/strong\u003E,\u0026nbsp;\u003Cstrong\u003EArie Haenel\u003C\/strong\u003E\u0026nbsp;(Jerusalem College of Technology \u0026amp; Intel Corporation), Genkin, Professor\u0026nbsp;\u003Cstrong\u003EAngelos D. Keromytis\u003C\/strong\u003E\u0026nbsp;with the School of Electrical \u0026amp; Computer Engineering at Georgia Tech,\u0026nbsp;\u003Cstrong\u003EYossi Oren\u003C\/strong\u003E\u0026nbsp;(Ben-Gurion University of the Negev \u0026amp; Intel Corporation), and\u0026nbsp;\u003Cstrong\u003EYuval Yarom\u003C\/strong\u003E\u0026nbsp;(University of Adelaide).\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Here is a summary of five research papers presented at ACM CCS\u002722"}],"uid":"36253","created_gmt":"2022-11-11 14:56:47","changed_gmt":"2023-01-05 18:55:53","author":"jpopham3","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2022-11-11T00:00:00-05:00","iso_date":"2022-11-11T00:00:00-05:00","tz":"America\/New_York"},"extras":[],"hg_media":{"663099":{"id":"663099","type":"image","title":"Cybersecurity and Privacy Work by Faculty and Students on Full Display at CCS\u201922","body":null,"created":"1668178381","gmt_created":"2022-11-11 14:53:01","changed":"1668178381","gmt_changed":"2022-11-11 14:53:01","alt":"room full of people ","file":{"fid":"251051","name":"Conference_Stock.jpeg","image_path":"\/sites\/default\/files\/images\/Conference_Stock.jpeg","image_full_path":"http:\/\/tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/Conference_Stock.jpeg","mime":"image\/jpeg","size":559221,"path_740":"http:\/\/tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/Conference_Stock.jpeg?itok=0EbFHHpZ"}}},"media_ids":["663099"],"groups":[{"id":"47223","name":"College of Computing"}],"categories":[{"id":"135","name":"Research"}],"keywords":[{"id":"365","name":"Research"},{"id":"191638","name":"automated driving"},{"id":"186203","name":"bugs"},{"id":"1404","name":"Cybersecurity"},{"id":"114791","name":"Data Privacy"},{"id":"1506","name":"faculty"},{"id":"5260","name":"professors"},{"id":"10885","name":"Ph.D. students"}],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EJohn Popham\u003C\/p\u003E\r\n\r\n\u003Cp\u003ECommunications Officer for the School of Cybersecurity and Privacy\u003C\/p\u003E\r\n","format":"limited_html"}],"email":["jpopham3@gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}