SPARTA Results

A collection of demonstrators and publications

You can find the different demonstrators from SPARTA as well as a list of the submitted publications in SPARTA and their abstract.

SPARTA Publications

CFI: Control Flow Integrity or Control Flow Interruption?

Nicoló Maunero, Paolo Prinetto, Gianluca Roascio

Runtime memory vulnerabilities, especially present in widely used languages as C and C++, are exploited by attackers to corrupt code pointers and hijack the execution flow of a program running on a target system to force it to behave abnormally. This is the principle of modern Code Reuse Attacks (CRAs)...More>>

Domains: control, flow

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors

Matteo Busi, Job Noorman, Jo Van Bulck, Letterio Galletta, Pierpaolo Degano, Jan Tobias Mühlberg, Frank Piessens

Abstract

Computer systems often provide hardware support for isolation mechanisms like privilege levels, virtual memory,or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural...More>>

Domains: Microprocessors

Natural Projection as Partial Model Checking

Costa, G.; Galletta, L.; Degano, P.; Basin, D.; Bodei, C.

Abstract:

Verifying the correctness of a system as a whole requires establishing that it satisfies a global specification. When it does not, it would be helpful to determine which modules are incorrect. As a consequence, specification decomposition is a relevant problem from both a theoretical and practical point of view....More>>

Domains: Model, Checking

Methodology and Feedback about Systematic Cybersecurity Experts Auditing in Belgium

Christophe Ponsard, Jeremy Grandclaudon and Nicolas Point

Abstract

Increasing the maturity of SMEs with respect to cybersecurity threats is crucial as they are less prepared and less resilient. They are also increasingly exposed and targeted by malicious actors. Providing support means ensuring an effective ecosystem is available to help companies all along the process. Resources have to...More>>

Domains: audit, smes

MadDroid: Characterising and Detecting Devious Ad Content for Android Apps

Tianming Liu, Haoyu Wang, Li Li, Xiapu Luo, Feng Dong, Yao Guo, Liu Wang, Tegawendé F. Bissyandé and Jacques Klein

Abstract

Advertisement drives the economy of the mobile app ecosystem. As a key component in the mobile ad business model, mobile ad content has been overlooked by the research community, which poses a number of threats, e.g., propagating malware and undesirable contents. To understand the practice of these devious ad...More>>

Domains: Cryptography, Security, Software, Engineering

A Survey on Multi-Factor Authentication for Online Banking in the Wild

Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Nicola Zannone

Abstract

In recent years, the usage of online banking services has considerably increased. To protect the sensitive resources managed by these services against attackers, banks have started adopting Multi-Factor Authentication (MFA). To date, a variety of MFA solutions have been implemented by banks, leveraging different designs and features and providing...More>>

Domains: Multi-Factor, Authentication, Online, Banking, Mobile, Remote, Payments, Legal, Compliance, Threat, Models, Field, Study

WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs

Luca Demetrio, Gabriele Costa, Andrea Valenza and Giovanni Lagorio

Web Application Firewalls (WAFs) are plug-and-play security gateways that promise to enhance the security of a (potentially vulnerable) system with minimal cost and configuration. In recent years, machine learning-based WAFs are catching up with traditional, signature-based ones. They are competitive because they do not require predefined rules; instead, they infer...More>>

Domains:

Big Data Analytics for Intrusion Detection: An Overview

Luis Dias, Miguel Correia

Intrusion detection has become a problem of big data, with a semantic gap between vast security data sources and real knowledge about threats. The use of machine learning (ML) algorithms on big data has already been successfully applied in other domains. Hence, this approach is promising for dealing with cyber...More>>

Domains:

xMP: Selective Memory Protection for Kernel and User Space

Sergej Proskurin, Marius Momeu, Seyedhamed Ghavamnia, Vasileios P. Kemerlis, and Michalis Polychronakis

Attackers leverage memory corruption vulnerabil-ities to establish primitives forreadingfrom orwritingto theaddress space of a vulnerable process. These primitives formthe foundation for code-reuse and data-oriented attacks. Whilevarious defenses against the former class of attacks have proveneffective, mitigation of the latter remains an open problem.In this paper, we identify various shortcomings of...More>>

Domains: