2017年2月6日星期一

Convicted By Memory: Automatically Recovering Spatial-Temporal Evidence From Memory Image

by Brendan Saltaformaggio@Purdue

memory forensics: does not require a suspect's password to unlock the device, oblivious to any persistent storage encryption

Evidence is memory is stored data structure

previous state of the art: evidence is recovered from plain-text or self-evident fields
                                             however, cannot understand the content of the data structure

Approach: reuse the functions that print/render the data
                     intuit: invalid data content breaks the function, versus valid data generate output
                     how to find rendering logic: dynamic analysis on binary
                     how to isolate entry point: test every "candidate" entry point
                     how to setup proper context: run with some dummy input until the entry point



What about mobile environment: 
Problem: too many apps to identify just a few rendering logic
use andriod gui frameworks "draw_ops" etc. data structure
what about background applications, where some of the gui tree nodes are nullfied?
1. try reconstruct the tree sturcture
2. to find the graphic content in each node: piecing together the screen by moedling is as a matching problem


How to reconstruct previous screens (not just the current one)?
Limitation of the previous approach: only recovers the latest screen
How to approach: profile to see how app's internal memory and screen-drawing memory size change over time (when I change screen)
Solution: utilize Android's redraw mechanisms to reuse app's internal memory
                generically interleave the execution of a live Android environment and the memory image

Q: how dependent your techniques are on specific version of Android?
A: we updated from Android 2.2 to 6.0, the essence does not change

Vision: cyber forensics need shift from personal experiences to more formal methods


2017年2月3日星期五

IOweYou Credit Network

by Aniket Kate @Purdue

centralized (Amazon, Uber, etc.) --> decentralized business model

crypto-currencies may or may not survive, but the concept of distributed ledger/blockchain remains


protocol: application level, middleware/service level, infrastructure/base level

thing-thing trade: problems rise from lack of communication medium
stone money: oral history, no  physical movement

Questions:
How well do we understand their consensus process?
Proof of Work vs Proof of Stake

Bitcoin network has scalability problem because of all the communication required.
Credit Networks solves this problem.

Essense of network: confidence on your friends

Problems of credit network:
Path selection (how do we find and select paths)
Liquidity of the network (restrict to certain nodes and paths, what's the probability of transition success?)
Game prevention --> loss due to misbehaving identities is bounded and (sometimes) localized ---> assumes introducing nodes is much easier than drawing trust from well-behaved nodes

Examples:
1. Bazaar (NSDI'11) --> seems to look on simulation of eBay data

2. Ripple Credit Network (realized)
    allows for currency exchange (node performs exchange, you need to find a path with such nodes)
   

Comparison from Bitcoin network:
transfer: bitcoin directly from two wallets, credit network via a path with enough credit
liquidity: good vs. restricted by path availability
scalability: imited (<100 bps="" high="" nbsp="" p="" scalability="" vs.="">
Can augment the credit network with social trust

Privacy might be a problem in Ripple: if I can link one transaction to you, I can find all your transactions.
How to define privacy?
transaction value privacy and transaction receiver transaction