I have the pleasure to visit this year’s USENIX Security Symposium in Washington, DC. Besides the nice venue close to the national mall, there are also several co-located workshops. Every night I will try and provide a summary of those presentations I regard as most interesting. However, I hope to manage to keep up with it as there are a lot of interesting events, people to meet, and still some projects to keep up with. The short summaries below are from the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats.
Attacker Economics for Internet-scale Vulnerability Risk Assessment
Luca Allodi, University of Trento
Luca Allodi gave an interesting overview of methodologies to rate vulnerabilities, related problems and how to face those. Even though the presentation basically outlined a future research approach, I really liked several aspects, especially as they support and complement some ideas we presented earlier this year. I strongly believe work like this is necessary in order to carry out efficient info sec management and operations, hence I’m particularly happy that I found his paper to be publicly available.
Bitcoin in Cybercrime
Stefan Savage, University of California, San Diego
As I did not really know very much about Bitcoins, Stefan Savage’s presentation gave a good overview as a starting point. For me, the most interesting point was that criminals are not particularly fond of the currency (as opposed to public opinion and expressed concerns) as the overall system still needs central institutions in order to exchange Bitcoins for other (‘real world’) currencies. Those institutions are then able to produce a mapping between usernames and Bitcoin keys, which may get abused by different means…
FuncTracker: Discovering Shared Code to Aid Malware Forensics
Charles LeDoux, Arun Lakhotia, Craig Miles, and Vivek Notani, University of Louisiana at Lafayette; Avi Pfeffer, Charles River Analytics
I have been interested in code reuse and the resulting impact for quite a while, so I enjoyed seeing some research in that direction. FuncTracker is a solution to analyze malware for certain types of code reuse in order to allow further conclusions: For example, the authors developed the tool as the “what” in malware analysis becomes less and less important compared to the “who and why”. Looking forward to see more research into that direction, maybe combined with approaches like this.
Testing, Testing, 1 2 3: The History and Challenges of Testing Anti-Malware Software
Mark Kennedy, Anti-Malware Testing Standards Organization and Symantec Corporation
Unfortunately I missed the biggest part of this talk due to a call, but I thought http://www.amtso.org/ could be worth sharing.
A View to a Kill: WebView Exploitation
Matthias Neugschwandtner, Martina Lindorfer, and Christian Platzer, Vienna University of Technology
The people from the iSecLabs in Vienna presented their research on the WebView approach to mobile app development. This approach basically mingles mobile app and web app development together and fails to maintain the sandbox features of mobile browsers (such as mobile browsers not being to access contacts, texts, or other phone data). This design leads to potential phone data breaches in case an attacker is in a man-in-the-middle situation or able to compromise a server.
Stepping P3wn3: Adventures in Full-Spectrum Embedded Exploitation and Defense
Ang Cui, Red Balloon Security and Columbia University
Ang Cui gave a very interesting talk on the exploitation of embedded devices. Unfortunately he had to fit the content into the 20 minute slot, which left many questions unanswered. The general idea described here is very interesting, emphasizes one more time the need for controls as laid out here and makes me look forward to further published details on his work in order to “understand the whole picture”.
Enjoy & I hope your week will be as interesting as mine,