• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >Investigating security failures and their causes: An analytic approach to computer security.
【24h】

Investigating security failures and their causes: An analytic approach to computer security.

机译:研究安全性故障及其原因:计算机安全性的一种分析方法。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

This dissertation examines security failures in three classes of systems: compact disc (CD) audio recordings containing digital rights management (DRM), touch-screen electronic voting machines, and on-the-fly disk encryption software. In each case, we study a variety of implementations developed by different parties; we analyze their security and discover a range of security flaws, including several entirely new categories of attacks; and we propose new mitigations and defenses for protecting related systems. Each of these studies has already had significant real-world impact, and we extend them with a new methodology for studying the underlying causes of security failures and drawing broader lessons for users, developers, researchers, and policymakers.;We begin with CD-DRM systems---security mechanisms for audio CDs that are designed to limit copying and other uses of the music. In the course of tracing the evolution of these technologies over three generations, we discover a range of new attacks, including numerous ways that attackers could bypass the anticopying measures and ways that disc producers could free-ride on other vendors' copy-protection systems to receive the benefits without paying. We demonstrate a new class of threats, collateral damage to the security of CD-owners' PCs, and argue that they are an inherent risk of DRM. We discuss additional factors that led to these failures, including differences between the incentives of CD-DRM vendors and their record-label customers.;Next, we turn our attention to electronic voting systems, specifically touch-screen direct recording electronic (DRE) voting machines. We perform a detailed security evaluation of two similar implementations, the Diebold AccuVote-TS and AccuVote-TSX, applying both reverse engineering and source code review to reveal security flaws. We show how attackers could exploit these flaws to tamper with election results or disrupt the voting process, and we demonstrate a dangerous new attack vector, voting machine viruses. We compare security problems uncovered in other DRE voting machines to suggest common causes and threats, including failures in voting machine certification procedures and incentives that rewarded features and time-to-market over robustness and security.;Finally, we demonstrate new threats to the security of on-the-fly disk encryption software, which is designed to protect confidential data against an attacker who gains physical access to the computer. We conduct a series of experiments to investigate memory remanence in dynamic RAMs, a phenomenon largely unknown to security research that causes data in RAM to remain intact for a short time after the memory chips lose power. Attackers can exploit this effect to bypass operating system security and recover sensitive memory contents, such as encryption keys. We demonstrate how this would allow an attacker to defeat most popular disk-encryption products. We discuss how the widespread ignorance of this basic hardware behavior relates to abstraction, a fundamental computer engineering principle, and suggest other abstractions that might similarly conceal security threats.;In all three studies we apply new methodology that combines causal analysis with security engineering. We adopt the concept of informative causes of failure to organize and direct our investigations. In the pursuit of causes, we compare security flaws across different implementations to find supporting evidence in suggestive patterns of failures. Like the search for flaws, the search for causes seems resistant to thorough systematization, but it has been a useful tool for guiding us to the broader lessons of these security failures.
机译:本文研究了三类系统的安全性失败:包含数字版权管理(DRM)的光盘(CD)录音,触摸屏电子投票机和动态磁盘加密软件。在每种情况下,我们都会研究不同方面开发的各种实现;我们分析了它们的安全性并发现了一系列安全缺陷,包括几种全新的攻击类别;并且我们提出了新的缓解措施和防御措施来保护相关系统。这些研究中的每一项都已经在现实世界中产生了重大影响,我们使用一种新的方法对它们进行扩展,以研究安全性故障的根本原因,并为用户,开发人员,研究人员和政策制定者提供更广泛的教训。系统-音频CD的安全机制,旨在限制音乐的复制和其他使用。在追踪这些技术在三代人的发展过程中,我们发现了一系列新的攻击,包括攻击者可以绕过反复制措施的多种方式以及光盘生产商可以在其他供应商的版权保护系统上搭便车的方式。无需支付即可获得福利。我们展示了一种新型威胁,即对CD所有者PC的安全造成的附带损害,并认为它们是DRM的固有风险。我们讨论了导致这些失败的其他因素,包括CD-DRM供应商与其唱片公司客户的动机之间的差异。接下来,我们将注意力转向电子投票系统,特别是触摸屏直接记录电子(DRE)投票。机器。我们对Diebold AccuVote-TS和AccuVote-TSX这两个类似的实现进行了详细的安全评估,同时应用了反向工程和源代码审查来揭示安全漏洞。我们展示了攻击者如何利用这些缺陷来篡改选举结果或破坏投票过程,并且展示了一种危险的新攻击媒介,即投票机病毒。我们将比较其他DRE投票机中发现的安全问题,以提出常见原因和威胁,包括投票机认证程序的失败以及奖励功能和上市时间超过鲁棒性和安全性的激励措施;最后,我们展示了对安全性的新威胁动态磁盘加密软件,旨在保护机密数据免遭攻击者获得对计算机的物理访问权。我们进行了一系列实验来研究动态RAM中的内存剩余性,这种现象在安全研究中基本上是未知的,这会导致在内存芯片断电后短时间内RAM中的数据保持完整。攻击者可以利用此效应绕过操作系统安全性并恢复敏感的内存内容,例如加密密钥。我们演示了这将如何使攻击者击败大多数流行的磁盘加密产品。我们讨论了这种基本硬件行为的普遍无知如何与抽象(一种基本的计算机工程原理)相关联,并提出了可能同样掩盖安全威胁的其他抽象。在所有这三项研究中,我们应用了将因果分析与安全工程相结合的新方法。我们采用信息不足的原因来组织和指导调查。在寻找原因时,我们比较了不同实现之间的安全漏洞,以发现暗示性的故障模式中的支持证据。就像寻找缺陷一样,寻找原因似乎无法进行全面的系统化,但是它一直是指导我们学习这些安全失败的广泛教训的有用工具。

著录项

  • 作者

    Halderman, John Alexander.;

  • 作者单位

    Princeton University.;

  • 授予单位 Princeton University.;
  • 学科 Computer Science.
  • 学位 Ph.D.
  • 年度 2009
  • 页码 209 p.
  • 总页数 209
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类 自动化技术、计算机技术;
  • 关键词

  • 入库时间 2022-08-17 11:38:25

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号