Browsing by Author "Hamza, Nermin"

Filter results by typing the first few letters
Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Limitations of current security measures to address information leakage attacks
    (International Journal of Computer Science and Information Security, 2014) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
    Information leakage attacks represent a serious threat for their widespread and devastating effects. Their significance stems from the fact that they are committed by an organization’s authorized computer users, and/or processes executing on their behalf. The diverse avenues that could be exploited to carry out such attacks add another barrier towards addressing them. Based on literature review, this paper explores strengths of security measures intended to confront information leakage attacks, and focuses on pinpointing their respective limitations. It demonstrates that only few of them are capable of mitigating such attacks, whereas the rest suffer from conceptual and/or implementation-related limitations that render them vulnerable to circumvention. They are basically prone to high false positive and/or false negative rates, complex to apply, inflexible during execution, suffer from degraded performance, or require hardware modification. Most importantly, neither of them provides a remedy for new undete
  • Thumbnail Image
    Item
    A Novel Approach to Address Information Leakage Attacks Based on Machine Virtualization
    (LJS Publishing, 2014) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
    In a traditional non-virtualized computer system the whole software stack is highly vulnerable to security breaches. This is mainly caused by the coexistence of deployed security systems in the same space as the potentially compromised operating system and applications that often run with administrative privileges. In such a structure, compromising, bypassing, disabling, or even subverting deployed security systems become trivial. Machine virtualization provides a powerful abstraction for addressing information security issues. Its isolation, encapsulation, and partitioning properties can be leveraged to reduce computer systems’ susceptibility to security breaches. This paper demonstrates that machine virtualization when employed and synthesized with cryptography would preserve information confidentiality even in an untrusted machine. It presents a novel information security approach called Virtualized Anti-Information Leakage (VAIL). Its objective is to thwart malicious software and insiders’ information leakage attacks on sensitive files after decryption in potentially compromised computer systems. VAIL’s defenses are evaluated against a variety of information leakage attacks including: (1) direct attacks launched on sensitive files from an untrusted virtual machine, and a compromised virtual machine monitor; and (2) indirect attacks exploiting covert storage and timing channels. Based on the security evaluation, it is concluded that VAIL effectively complied with the security requirements, and met its objective.
  • Thumbnail Image
    Item
    A proposed approach to detect and thwart previously unknown code injection attacks
    (IEEE, 2015) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
    This paper presents a proposed approach called VAIL System Call Monitor (YSCM) to detect and thwart previously unknown code injection attacks. The idea is based on the fact that any process needs to correctly invoke CreateProcessO system calls, otherwise child-process creation will fail. YSCM intercepts and verifies CreateProcessO system call invocations from a monitored process. In case an unknown executable is detected in the first parameter of a call, this indicates its maliciousness. In response, YSCM encrypts that parameter value to render the call invalid, thereby thwarting adversaries' attacks by preventing the operating system from loading and executing the new malicious child process. YSCM runs in a microkernel-based virtual machine in order to achieve two-fold advantages: (1) isolate security-critical information from probable adversaries' attacks; and (2) exploit security-related and performance-related advantages associated with thin virtual machine monitors. The expected effectiveness of YSCM is high since it is circumvention-proof, and precise in extracting the normal behavior of applications chosen to be monitored.
  • Thumbnail Image
    Item
    A proposed covert channel based on memory reclamation
    (IEEE, 2015) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
    This paper proposes a covert channel that is specific to virtual machine monitors (VMMs); it is called VMM memory reclamation-based covert storage channel. The paper describes a prospective information leakage attack that can be launched on security-critical processes running in a targeted virtual machine (VM) using the discovered covert channel. This attack exploits a widely adopted VM dynamic memory allocation mechanism called ballooning to breach inter-VM isolation. It involves two cooperating malicious processes: the sender process and the receiver process executing in two VMs: the target VM and the attacking VM respectively. Both VMs run concurrently on top of the same bare-metal VMM. Both malicious processes have access to the dynamically-allocated shared physical memory that is managed by the VMM, and multiplexed between both VMs. The malicious processes exploit the shared memory as a communication medium to leak confidential data. Through VMM memory reclamation-based covert storage channel, the sender process and the receiver process cooperate to force the VMM to reclaim memory pages from the target VM and allocate them to the attacking VM as extra memory space, thereby leaking information from the sender process to the receiver process.