Titles and Abstracts of Course Projects

CS671: Software Security, Spring 2009

• Phish-Kill: A defense against Phishing attacks
  Deepak Yalamanchi and Chirag Pandya
  Phishing is the fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. This is an especially interesting issue when it concerns social networking websites. The rise of social networking web sites has been phenomenal and the numbers of users are growing at a very rapid pace. This makes a social network a breeding ground for Phishing attacks. We have implemented an attack that is based on a popular social networking website called ORKUT. This has enabled us to study the nature of phishing attacks and has helped us in understanding the different vectors of attack. The phishing attack that we performed deals with the norm of all phishing attacks, Sensationalism. We have shown in this paper that most of the users that have been victims to the attack do not know that they have been subjected to a phishing attack. This might result in loss of sensitive information like credit card details, passwords, and account information in a bank and so on. This paper presents the attempt that we have made to prevent the attack. Using this knowledge, we have developed a Browser extension for Mozilla Firefox (Firefox being open source helped us), Phish-Kill, that warns users against potential phishing attacks. This extension is still not available for distribution. The browser extension has the property that it will pop up a warning before you actually log in through a malicious web site. This extension has been developed keeping in mind the new variety of phishing attacks where a user does not know that he is subject to an attack.

• CryptoCloud: Enhancing Security for Sharing Data Over the Internet
  Parvathy Sreekumar and Srihita Yerabaka
  Online web services are becoming popular day by day, and people use several web applications hosted by different service providers. Although these services enable sharing of user data in a much easier and faster way, there is a growing concern regarding privacy and security of the data uploaded on these applications. Their centralized control of sensitive personal data of millions of people under a single administrative domain makes them vulnerable to large-scale privacy breaches from intentional and unintentional data disclosures. The most obvious solution to assure this privacy is to move the data to a system trusted by the user, like personal computers. However, this would negate the benefits brought about by web applications; especially, the ease of data sharing and gaining additional information by aggregating and sharing data from multiple users. To bridge this gap between data privacy and benefits of data sharing through web applications, we propose a solution that implements client side encryption and decryption to avoid exposing the data to the web service providers. The basic idea is to encrypt the data as it leaves the boundaries of the user's system and decrypt it only when the data arrives at the intended destination. The data will be encrypted and decrypted using a customized key pair generated based on the RSA Public-Key encryption scheme. In this paper, we present an application called CryptoCloud which will provide a medium for secure information sharing and storage over the internet. As the data is being uploaded onto the server, a pair of keys (encryption-decryption pair) unique to that particular set of data will be generated and stored in a central database. The data will be encrypted using the encryption key and uploaded on the server. At the receiving end, the data will be decrypted using its corresponding decryption key and displayed to the receiver. To demonstrate our application, we have implemented a prototype that uses our method to store and share encrypted data in Google documents.

• CloudInt: Ensuring Data Integrity for Cloud Computations
  Krithika Saikrishnan and Sangeetha Rajagopalan
  Cloud computing, the long held dream of computing as a utility has the potential to transform a large part of the IT industry, making software even more attractive as a service and shaping the way IT hardware is designed and purchased. The main drivers of this model are economics and simplification of software delivery and operation to users over the Web. The use of the World Wide Web with most certainty implies security issues. This paper deals with one such issue which is the Integrity of data from a Computational Cloud. The technique is client-based which involves the client invoking computations on the cloud and the CloudInt system keeping tab of the number of computations. The integrity check is performed once in 'n' computations by invoking the same functions on multiple clouds and comparing the results returned by them to ensure integrity. We also attempt to perform a probabilistic analysis on the parameter 'n' which plays a key in determining the extent of correctness since the value chosen for 'n' can act as a tradeoff between cost and effective ensuring of integrity.

• Minimizing Privacy Settings on Legacy Web 2.0 Content Using Formal Concept Analysis
  Nitya Vyas and Jigesh Patadia
  In the current scenario where Web 2.0 gained popularity, has led to issues regarding the privacy of the content that is available on the Web. One of the fundamental characteristics of web 2.0 is sharing. In such environments, the data to be shared is usually owned by an individual. So, users have to take the responsibility to manage access to their shared content. Because of the amount of legacy content available for the user, it is difficult to assign fine grained access control policies to it. We use the annotations available on the content to define privacy policies by leveraging Formal Concept Analysis over the content and its annotations to generate concept lattices. We propose that the generated concept lattice can be used to minimize privacy settings required on the content. Our analysis of content from flickr.com using our ConceptGen application. provides the basis for out claim.

• ASAP: Approach for Social Anti-Spam
  Huijun Xiong and Qiang Ma
  Misusing social relationship into trust relationship enables attackers easily launch massive scale attack on today?s social network. In this paper, we focused on spam links posted in social network, conduct an in-depth research about the current situation of spam issue in the famous social network?MySpace. Interesting finding, that spam always comes from less ?intimate? friends, inspires us to develop an open social application that helps social network users build up close-to real world friendship and hence block spam.

• Improving the Efficiency of NIDS Pattern Matching using BDDs
  Rezwana Karim, Swathi Bheemanathini, William Katsak
  For the purpose of signature matching in Network Intrusion Detection Systems (NIDS), various automata-based representations and related algorithms have been applied so far. Existing implementations of different automata proved to be insufficient to achieve efficiency in terms of either space or time. Studies showed that Deterministic Finite State automata (DFAs) are time-efficient but space-inefficient, and Non-Deterministic Finite State automata (NFAs) are space efficient but time-inefficient. To overcome this problem, several efforts have already been made that include extended finite-state automata (EFSA) which augments finite state automata (FSA) with finite scratch memory and instructions to manipulate this memory. However, the representation of XFA is quite complex compared to NFA and DFA. In this paper we explore a data structure called Binary Decision diagrams (BDDs) with a goal to improve the pattern matching efficiency for a large class of NIDS signature. Our approach is to encode an NFA using a BDD, where the BDD is used to represent the acceptance frontier of the NFA. Each input symbol will then be used to operate the BDD so as to update the entire acceptance frontier all at once. Using this representation of the acceptance frontier, we hope we might be able to reduce the cost of processing an input symbol, thereby reducing the real-time cost of processing NFAs.

• Enforcing Security Policies using Hardware Transactional Memory
  Mudassir Shabbir
  Task of protecting a system using security enforcement mechanism is one of the toughest task in IT world today. Such a mechanism must enforce security policies that provide robust protection against current and novel attack while at the same time being flexible enough to accommodate the connectivity needs of growing user base and device types [1]. Current sys- tems striving for this goal suffer from violation of complete mediation rules, high overhead, lack of generality, and other host of issues. We propose a plat- form to "Enforce Integrity Constraints on Data Structures of a software" using Hardware Transactional Memory(HTM). In this pro ject, we discuss some de- sign issues that hinder way to implement such a plateform and present a new data structure, Binary Coutning Bloom(BCB) Filters, to efficiently use legacy HTM design for enforcing custom security policies.

• The Monitoring Infrastructure for Real-time Rootkit Detection
  Qingyuan Deng and Zhiyuan Zhang
  The rootkit are evolving stealthier and more difficult to be detected. Other than modifying the control data of OS kernel, the novel kind of rootkit tends to compromise the non-control data as well. To comprehensively detect those kinds of rootkit, previous approach fully copies and rebuilds the kernel memory snapshot of the target machine to another secured machine in off-line manner, which has some problems including the high timing cost and possibilities of failures to detect transient rootkit behaviors. Therefore, a real-time rootkit detection technique is necessary to complement those drawbacks of previous approaches. The infrastructure we build discussed in this paper is the first-step effort towards the real-time rootkit detection. Instead of copying kernel memory contents, we only map the kernel pages into the secured machine by the help of virtual machine technique; instead of retrieving the whole kernel snapshot, our system only maps those potentially “infected” pages in the run time, which reduces a lot of overhead and makes the goal of real-time rootkit detection promising.

• Energy Efficient Integrity Measurement Architecture in Mobile Devices
  Crystal Maung
  As the processing power and communication technology of mobile devices become improved, they become essential part of day to day life of most of the people. These devices are used for more than sim- ple telephone communication. Application such as distributed computing can be done on mobile devices. Therefore, security and integrity of these devices become very important. It seems that we may be able to apply similar technology we used for our computers to safeguard these devices. But as they are running on small battery power, power consumption is ma jor concern in applying these technologies. We set up Integrity Mea- surement Architecture(IMA) system on openmoko device and measure energy consumption of each part of the system. We will find out how we can improve IMA system to become energy efficient. We envision that this approach can provide an outline for how to build energy efficient high integrity mobile devices.