DNS has been suffering from cache poisoning attack for a long time. The attacker sends camouflaged DNS response to trick the domain name server, and inserts malicious resource record into the cached database. Because the original DNS protocol only depends on 16-bit transaction ID to verify the response packet, it is prone to be guessed by the attacker. Although many strategies such as transaction randomizing, source port randomizing and the 0x20 technique have been applied to improve the resistance of DNS, the attacker still has chance to poison DNS server in an acceptable time. Other more complicated strategy such as DNSSEC which provides stricter prevention mechanism is not easy to deploy and is not widely adopted yet. To address the problem, we present a novel strategy called Security Proxy. The architecture can be easily implemented and deployed on existing DNS server without modification of DNS server itself. The embedded two schemes Selective Re-Query and Security Label Communication can cooperate and effectively prevent the cache poisoning attack. We analyze our strategy from both the capability and efficiency. Then we find that our Security Proxy has obvious advantage over the original transaction ID, the source port randomizing and 0x20 techniques.
Nowadays, lots of private information are collected and spread without proper protection. privacy leak behavior has been widely discovered in many malwares and suspicious applications. We refer to such software as privacy leak software (PLS). In this paper we present an abstract model called Privacy Petri Net (PPN) for privacy leaks analysis. We build PPN modules of different privacy leak behavior sub procedure and give four indicators: possibility, severity, crypticity and manipulability for quantitative analysis. We apply our approach on real-world PLS and the case study shows that we can not only identifies the tested software as PLS, just like which is reported by AVS as malicious, but also calculate the severity, crypticity and manipulability of it. We can also evaluate the suspicious behavior in the applications which the AVSs simply treat as benign.
Privacy information is prone to be leaked by illegal software providers with various motivations. Privacy leak behavior has thus become an important research issue of cyber security. However, existing approaches can only qualitatively analyze privacy leak behavior of software applications. No quantitative approach, to the best of our knowledge, has been developed in the open literature. To fill this gap, in this paper we propose for the first time four quantitative metrics, namely, possibility, severity, crypticity, and manipulability, for privacy leak behavior analysis based on Privacy Petri Net (PPN). In order to compare the privacy leak behavior among different software, we further propose a comprehensive metric, namely, overall leak degree, based on these four metrics. Finally, we validate the effectiveness of the proposed approach using real-world software applications. The experimental results demonstrate that our approach can quantitatively analyze the privacy leak behaviors of various software types and reveal their characteristics from different aspects.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.