Fall 2012 - CATT Graduate Research Seminar IX


CATT Graduate Research Seminar IX
Wednesday, Dec. 5th, 2012, 12:00 pm – 1:00 pm
CATT Conference Room, Dibner Building LC-218

Speaker 1: Yuan Ding                                                              [Advisor: Prof. Keith Ross]

“The High School Profiling Attack”

Lawmakers, children’s advocacy groups and modern society at large recognize the importance of protecting the Internet privacy of minors (under 18 years of age). Online Social Networks, in particular, take precautions to prevent third parties from using their services to discover and profile minors.

These precautions include banning young children from joining, not listing minors when searching for users by high school or city, and displaying only minimal information in registered minors’ public profiles, no matter how they configure their privacy settings.

In this paper we show how an attacker, with modest crawling and computational resources, and employing simple data mining heuristics, can circumvent these precautions and create extensive profiles of tens of thousands of minors in a targeted geographical area. In particular, using Facebook and for a given target high school, we construct an attack that finds most of the students in the school, and for each discovered student infers a profile that includes significantly more information than is available in a registered minor’s public profile. An attacker could use such profiles for many nefarious purposes, including selling the profiles to data brokers, large-scale automated spearphishing attacks on minors, as well as physical safety attacks such as stalking, kidnapping and arranging meetings for sexual abuse.

Speaker 2: Xueyang Wang                                                       [Advisor: Prof. Ramesh Karri]

“ExeChecker: Using Hardware Performance Counters to Detect Kernel Control-Flow Modifying Rootkits”

This work presents ExeChecker, a Virtual Machine Monitor (VMM) based framework to detect control-flow modifying kernel rootkits in a guest Virtual Machine (VM). ExeChecker validates the execution paths of guest system calls by checking the number of certain hardware events that occur during the execution. To automatically count these events, ExeChecker leverages the Hardware Performance Counters (HPCs), which exist in most modern processors. By using HPCs, the checking cost is significantly reduced and the tamper-resistance is enhanced. We implement a prototype of ExeChecker on Linux with Kernel-based Virtual Machine (KVM) and our evaluation demonstrates its practicality and effectiveness.