by Brendan Saltaformaggio@Purdue
memory forensics: does not require a suspect's password to unlock the device, oblivious to any persistent storage encryption
Evidence is memory is stored data structure
previous state of the art: evidence is recovered from plain-text or self-evident fields
however, cannot understand the content of the data structure
Approach: reuse the functions that print/render the data
intuit: invalid data content breaks the function, versus valid data generate output
how to find rendering logic: dynamic analysis on binary
how to isolate entry point: test every "candidate" entry point
how to setup proper context: run with some dummy input until the entry point
What about mobile environment:
Problem: too many apps to identify just a few rendering logic
use andriod gui frameworks "draw_ops" etc. data structure
what about background applications, where some of the gui tree nodes are nullfied?
1. try reconstruct the tree sturcture
2. to find the graphic content in each node: piecing together the screen by moedling is as a matching problem
How to reconstruct previous screens (not just the current one)?
Limitation of the previous approach: only recovers the latest screen
How to approach: profile to see how app's internal memory and screen-drawing memory size change over time (when I change screen)
Solution: utilize Android's redraw mechanisms to reuse app's internal memory
generically interleave the execution of a live Android environment and the memory image
Q: how dependent your techniques are on specific version of Android?
A: we updated from Android 2.2 to 6.0, the essence does not change
Vision: cyber forensics need shift from personal experiences to more formal methods
2017年2月6日星期一
2017年2月3日星期五
IOweYou Credit Network
by Aniket Kate @Purdue
centralized (Amazon, Uber, etc.) --> decentralized business model
crypto-currencies may or may not survive, but the concept of distributed ledger/blockchain remains
protocol: application level, middleware/service level, infrastructure/base level
thing-thing trade: problems rise from lack of communication medium
stone money: oral history, no physical movement
Questions:
How well do we understand their consensus process?
Proof of Work vs Proof of Stake
Bitcoin network has scalability problem because of all the communication required.
Credit Networks solves this problem.
Essense of network: confidence on your friends
Problems of credit network:
Path selection (how do we find and select paths)
Liquidity of the network (restrict to certain nodes and paths, what's the probability of transition success?)
Game prevention --> loss due to misbehaving identities is bounded and (sometimes) localized ---> assumes introducing nodes is much easier than drawing trust from well-behaved nodes
Examples:
1. Bazaar (NSDI'11) --> seems to look on simulation of eBay data
2. Ripple Credit Network (realized)
allows for currency exchange (node performs exchange, you need to find a path with such nodes)
Comparison from Bitcoin network:
transfer: bitcoin directly from two wallets, credit network via a path with enough credit
liquidity: good vs. restricted by path availability
scalability: imited (<100 bps="" high="" nbsp="" p="" scalability="" vs.="">
Can augment the credit network with social trust
Privacy might be a problem in Ripple: if I can link one transaction to you, I can find all your transactions.
How to define privacy?
transaction value privacy and transaction receiver transaction
centralized (Amazon, Uber, etc.) --> decentralized business model
crypto-currencies may or may not survive, but the concept of distributed ledger/blockchain remains
protocol: application level, middleware/service level, infrastructure/base level
thing-thing trade: problems rise from lack of communication medium
stone money: oral history, no physical movement
Questions:
How well do we understand their consensus process?
Proof of Work vs Proof of Stake
Bitcoin network has scalability problem because of all the communication required.
Credit Networks solves this problem.
Essense of network: confidence on your friends
Problems of credit network:
Path selection (how do we find and select paths)
Liquidity of the network (restrict to certain nodes and paths, what's the probability of transition success?)
Game prevention --> loss due to misbehaving identities is bounded and (sometimes) localized ---> assumes introducing nodes is much easier than drawing trust from well-behaved nodes
Examples:
1. Bazaar (NSDI'11) --> seems to look on simulation of eBay data
2. Ripple Credit Network (realized)
allows for currency exchange (node performs exchange, you need to find a path with such nodes)
Comparison from Bitcoin network:
transfer: bitcoin directly from two wallets, credit network via a path with enough credit
liquidity: good vs. restricted by path availability
scalability: imited (<100 bps="" high="" nbsp="" p="" scalability="" vs.="">
Can augment the credit network with social trust
Privacy might be a problem in Ripple: if I can link one transaction to you, I can find all your transactions.
How to define privacy?
transaction value privacy and transaction receiver transaction
订阅:
博文 (Atom)