GMU-CS-TR-2016-5
Additional Files: techreports/GMU-CS-TR-2016-5.bib
Return-Oriented Programming (ROP) has emerged as one of the most widely used techniques to exploit software vulnerabilities. Unfortunately, existing ROP protections suffer from a number of shortcomings: they require access to source code and compiler support, focus on specific types of gadgets, depend on accurate disassembly and construction of Control Flow Graphs, or use hardware-dependent (microarchitectural) characteristics. In this paper, we propose EigenROP, a novel system to detect ROP payloads based on unsupervised statistical learning of program characteristics. We study, for the first time, the feasibility and effectiveness of using microarchitecture-independent program characteristics — namely, memory locality, register traffic, and memory reuse distance — for detecting ROP. We propose a novel directional-statistics based algorithm to identify deviations from the expected program characteristics during execution. EigenROP works transparently to the protected program, without requiring debug information, source code or disassembly. We implemented a dynamic instrumentation prototype of EigenROP using Intel Pin and measured it against in-the-wild ROP exploits and on payloads generated by the ROP compiler ROPC. Overall, EigenROP achieved significantly higher accuracy than prior anomaly-based solutions. It detected the execution of the ROP gadget chains with 81% accuracy, 80% true positive rate, only 0.8% false positive rate, and incurred comparable overhead to similar Pin-based solutions.
GMU-CS-TR-2016-4
Enterprises across all industries increasingly depend on decision guidance systems (DGSs) to facilitate decisionmaking across all lines of business.
Despite significant technological advances, current DGS development paradigms lead to a tight-integration of the analytics models, methods and underlying tools that comprise these systems, often inhibiting extensibility, reusability and interoperability. To address these limitations, this paper focuses on the development of the first NoSQL decision guidance management system (NoSQL-DGMS), called Unity, which enables decision-makers to build DGSs from a repository of analytics models that can be automatically reused for different analytics methods, such as simulation, optimization and machine learning. In this paper, we provide the Unity NoSQL-DGMS reference architecture, and develop the first implementation, which is centered around a modular analytics engine that symbolically executes and automatically reduces analytics models, expressed in JSONiq, into lower-level, tool-specific representations. We conduct a preliminary experimental study on the overhead of OPL optimization models automatically generated from JSONiq using Unity, compared with manually-crafted OPL models. Preliminary results indicate that the execution time of OPL models that are automatically reduced from JSONiq is within a small constant factor of corresponding, manuallycrafted OPL models.
GMU-CS-TR-2016-3
Denial of Service (DoS) attacks serve to diminish the ability of the network to perform its intended function over time. As DoS attacks may permeate the veil of the Internet of Things (IoT) devices from the broader internet, it is vital that these devices are able to mitigate these attacks. If such a network of IoT devices were to fail during time of need, lives of patients, war fighters, or the sustainability of manufacturing processes may be placed at risk. This work implements and provide initial assessment on a strategy to mitigate a resource exhaustion DoS attack using a network multicast service, wherein such an attack may target the critical energy reserves of low power devices. The Simple Agile RPL Multicast (SARCAST) concept implemented herein uses an agile addressing scheme to reduce the efficacy of multicast-based DoS attacks on IoT devices.
GMU-CS-TR-2016-2
Software architecture recovery plays an increasingly important role in the evolution, maintenance, and run-time self-adaptation of modern software systems whose architecture may have become outdated or may not have previously existed. However, current approaches to architecture recovery take a centralized approach, in which the process is carried out from a single location. This proves inadequate in the case of large distributed systems which, due to size, consist of nodes that are disparately located and are highly dynamic in nature. This report presents DeSARM, a completely decentralized and automated approach for software architecture recovery of distributed systems based on gossiping and message tracing. Through message tracing, the technique is able to identify important architectural characteristics such as components and connectors, in addition to synchronous and asynchronous communication patterns. Furthermore, through its use of gossiping, it exhibits the properties of scalability, global consistency among participating nodes, self-organization, and resiliency to failures. The report discusses DeSARM's architecture and detailed design and demonstrates its properties through an analysis of small and large-scale experiments.
GMU-CS-TR-2016-1
Decision guidance systems are a class of decision support systems that are geared toward producing actionable recommendations, typically based on formal analytical models and techniques. This paper proposes the Decision Guidance Analytics Language (DGAL) for easy iterative development of decision guidance systems. DGAL allows the creation of modular, reusable and composable models that are stored in the analytical knowledge base independently of the tasks and tools that use them. Based on these unified models, DGAL supports declarative queries of (1) data manipulation and computation, (2) what-if prediction analysis, (3) deterministic and stochastic decision optimization, and (4) machine learning, all through formal reduction to specialized models and tools, and in the presence of uncertainty.