You are here
Fall 2012 - CATT Graduate Research Seminar IX
CATT Graduate Research Seminar IX
Wednesday, Dec. 5th, 2012, 12:00 pm – 1:00 pm
CATT Conference Room, Dibner Building LC-218
Speaker 1: Yuan Ding [Advisor: Prof. Keith Ross]
“The High School Profiling Attack”
Lawmakers, children’s advocacy groups and modern society at large recognize the importance of protecting the Internet privacy of minors (under 18 years of age). Online Social Networks, in particular, take precautions to prevent third parties from using their services to discover and proﬁle minors.
These precautions include banning young children from joining, not listing minors when searching for users by high school or city, and displaying only minimal information in registered minors’ public proﬁles, no matter how they conﬁgure their privacy settings.
In this paper we show how an attacker, with modest crawling and computational resources, and employing simple data mining heuristics, can circumvent these precautions and create extensive proﬁles of tens of thousands of minors in a targeted geographical area. In particular, using Facebook and for a given target high school, we construct an attack that ﬁnds most of the students in the school, and for each discovered student infers a proﬁle that includes signiﬁcantly more information than is available in a registered minor’s public proﬁle. An attacker could use such proﬁles for many nefarious purposes, including selling the proﬁles to data brokers, large-scale automated spearphishing attacks on minors, as well as physical safety attacks such as stalking, kidnapping and arranging meetings for sexual abuse.
Speaker 2: Xueyang Wang [Advisor: Prof. Ramesh Karri]
“ExeChecker: Using Hardware Performance Counters to Detect Kernel Control-Flow Modifying Rootkits”
This work presents ExeChecker, a Virtual Machine Monitor (VMM) based framework to detect control-flow modifying kernel rootkits in a guest Virtual Machine (VM). ExeChecker validates the execution paths of guest system calls by checking the number of certain hardware events that occur during the execution. To automatically count these events, ExeChecker leverages the Hardware Performance Counters (HPCs), which exist in most modern processors. By using HPCs, the checking cost is significantly reduced and the tamper-resistance is enhanced. We implement a prototype of ExeChecker on Linux with Kernel-based Virtual Machine (KVM) and our evaluation demonstrates its practicality and effectiveness.