Your search keyword '"Jingzheng Wu"' showing total 8 results

1. LaChouTi: kernel vulnerability responding framework for the fragmented Android devices

Author

Jingzheng Wu and Mutian Yang

Subjects

Engineering, business.industry, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Vulnerability, 020207 software engineering, Cloud computing, 02 engineering and technology, Android (operating system), Computer security, computer.software_genre, business, computer

Abstract

The most criticized problem in the Android ecosystem is fragmentation, i.e., 24,093 Android devices in the wild are made by 1,294 manufacturers and installed with extremely customized operating systems. The existence of so many different active versions of Android makes security updates and vulnerability responses across the whole range of Android devices difficult. In this paper, we seek to respond to the unpatched kernel vulnerabilities for the fragmented Android devices. Specifically, we propose and implement LaChouTi, which is an automated kernel security update framework consisting of cloud service and end application update. LaChouTi first tracks and identifies the exposed vulnerabilities according to the CVE-Patch map for the target Android kernels. Then, it generates differential binary patches for the identified results. Finally, it pushes and applies the patches to the kernels. We evaluate LaChouTi using 12 Nexus Android devices that have different Android versions, different kernel versions, different series and different manufacturers, and find 1922 unpatched kernel vulnerabilities in these devices. The results show that: (1) the security risk of unpatched vulnerabilities caused by fragmentation is serious; and (2) the proposed LaChouTi is effective in responding to such security risk. Finally, we implement LaChouTi on new commercial devices by collaborating with four internationally renowned manufacturers. The results demonstrate that LaChouTi is effective for the manufacturers'security updates.

Published

2017

2. CIVSched: A Communication-Aware Inter-VM Scheduling Technique for Decreased Network Latency between Co-Located VMs

Author

Samee U. Khan, Jingzheng Wu, Bei Guan, and Yongji Wang

Subjects

Computer Networks and Communications, Computer science, Hardware virtualization, Network packet, Full virtualization, business.industry, Temporal isolation among virtual machines, Processor scheduling, Hypervisor, Cloud computing, Energy consumption, Virtualization, computer.software_genre, Fair-share scheduling, Computer Science Applications, Scheduling (computing), Hardware and Architecture, Virtual machine, Server, Operating system, Resource management, business, computer, Software, Information Systems

Abstract

Server consolidation in cloud computing environments makes it possible for multiple servers or desktops to run on a single physical server for high resource utilization, low cost, and reduced energy consumption. However, the scheduler in the virtual machine monitor (VMM), such as Xen credit scheduler, is agnostic about the communication behavior between the guest operating systems (OS). The aforementioned behavior leads to increased network communication latency in consolidated environments. In particular, the CPU resources management has a critical impact on the network latency between co-located virtual machines (VMs) when there are CPU- and I/O-intensive workloads running simultaneously. This paper presents the design and implementation of a communication-aware inter-VM scheduling (CIVSched) technique that takes into account the communication behavior betweeninter-VMs running on the same virtualization platform. The CIVSched technique inspects the network packets transmitted between local co-resident domains to identify the target VM and process that will receive the packets. Thereafter, the target VM and process are preferentially scheduled by the VMM and the guest OS. The cooperation of these two schedulers makes the network packets to be timely received by the target application. Experimental results on the Xen virtualization platform depict that the CIVSched technique can reduce the average response time of network traffic by approximately 19 percent for the highly consolidated environment, while keeping the inherent fairness of the VMM scheduler.

Published

2014

3. C2 Detector: a covert channel detection framework in cloud computing

Author

Yanjun Wu, Nasro Min-Allah, Liping Ding, Jingzheng Wu, Samee U. Khan, and Yongji Wang

Subjects

Computer Networks and Communications, business.industry, Computer science, Covert channel, Hypervisor, Cloud computing, Computer security, computer.software_genre, Virtualization, Shared memory, Virtual machine, Threat model, Isolation (database systems), business, computer, Information Systems, Computer network

Abstract

Cloud computing is becoming increasingly popular because of the dynamic deployment of computing service. Another advantage of cloud is that data confidentiality is protected by the cloud provider with the virtualization technology. However, a covert channel can break the isolation of the virtualization platform and leak confidential information without letting it known by virtual machines. In this paper, the threat model of covert channels is analyzed. The channels are classified into three categories, and only the category that is new to cloud computing is concerned, for example, CPU load-based, cache-based, and shared memory-based covert channels. The covert channel scenario is modeled into an error-corrected four-state automaton, and two error-corrected algorithms are designed. A new detection framework termed C2Detector is presented. C2Detector includes a captor located in the hypervisor and a two-phase synthesis algorithm implemented as Markov and Bayesian detectors. A prototype of C2Detector is implemented on Xen hypervisor, and its performance of detecting the covert channels is demonstrated. The experiment results show that C2Detector can detect the three types of the covert channels with an acceptable false positive rate by using a pessimistic threshold. Moreover, C2Detector is a plug-in framework and can be easily extended. It is believed that new covert channels can be detected by C2Detector in the future. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

4. C2Hunter: Detection and Mitigation of Covert Channels in Data Centers

Author

Samee U. Khan, Yanjun Wu, Yuqi Lin, Jingzheng Wu, Nasro Min-Allah, Bei Guan, and Yongji Wang

Subjects

Password, business.industry, Computer science, Covert channel, Cloud computing, Hypervisor, computer.software_genre, Virtualization, Virtual machine, Web application, The Internet, business, computer, Computer network

Abstract

Data centers provides both the applications, systems software and the hardware as services over the Internet, which is named cloud computing [1–3]. It is core infrastructure of cloud computing, supporting dynamic deployment and elastic resource management. With the powerful computing and storing capabilities, cloud computing has become increasingly popular [4, 5]. The fundamental mechanism of cloud is virtualization which allows virtual machines (VM) instantiate stand-alone operating systems on demand based on a software layer called virtual machine monitor (VMM) or hypervisor [6]. Although the virtualization technology provides strong isolation for the cloud, security and privacy are always the open problems [7]. Some of the problems are essentially traditional web application and data-hosting ones, e.g., phishing, downtime, data loss, and password weakness. One of the new problems introduced by the shared environment to cloud computing is the covert channel attack [8]. By this way, information is leaked from the data centers and meanwhile the security provided by isolation is breaken down [9, 10].

Published

2015

5. Vulnerability Detection of Android System in Fuzzing Cloud

Author

Yongji Wang, Wu Zhifei, Jingzheng Wu, Yang Mutian, and Yanjun Wu

Subjects

Computer science, business.industry, Vulnerability, Vulnerability detection, Cloud computing, Fuzz testing, Permission, Computer security model, Computer security, computer.software_genre, Security testing, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, Android (operating system), business, computer, Private information retrieval

Abstract

The rapid growth of Android system has encountered enormous security challenges. The vulnerabilities caused by the limited security models, coarse permission system and code flaws lead to private information leakage, deny of service, potential costs, etc. To detect these vulnerabilities, some analysis and security testing methods have been presented. However, most of these methods focus on certain aspects, for example, applications, permission, or capability leakage. In this paper, we propose a new detection paradigm named Fuzzing Cloud to detect vulnerabilities in Android system. Firstly, the architecture of fuzzing cloud is introduced, and the fuzzing nodes are investigated. Then, each layer of the Android system is decomposed into separated modules, and the fuzzing test cases are created with the endless capacity of processing power and storage in fuzzing cloud. Finally, the prototype of fuzzing cloud has been implemented, and some separated modules have been tested. The experiment results show that some vulnerabilities can be detected by the fuzzing cloud. It is also believed that after small extension, fuzzing cloud can detect vulnerabilities in other systems.

Published

2013

6. Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing

Author

Yanjun Wu, Yongji Wang, Jingzheng Wu, Wu Zhifei, and Yang Mutian

Subjects

Source code, Exploit, Computer science, business.industry, Distributed computing, media_common.quotation_subject, Cloud computing, Fuzz testing, Vulnerability management, Static analysis, Cloud testing, Scalability, business, media_common

Abstract

Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing.

Published

2013

7. XenPump: A New Method to Mitigate Timing Channel in Cloud Computing

Author

Yuqi Lin, Nasro Min-Allah, Jingzheng Wu, Liping Ding, and Yongji Wang

Subjects

Information privacy, Cloud computing security, Computer science, business.industry, Hypervisor, Cloud computing, Information security, Security policy, Computer security, computer.software_genre, Virtualization, business, computer, Communication channel

Abstract

Cloud computing security has become the focus in information security, where much attention has been drawn to the user privacy leakage. Although isolation and some other security policies have been provided to protect the security of cloud computing, confidential information can be still stolen by timing channels without being detected. In this paper, a new method named XenPump is presented aiming to mitigate the threat of the timing channels by adding latency. XenPump is designed as a module located in hypervisor, monitoring the hypercalls used by the timing channels and adding latencies to lower the threat into an acceptable level. The prototype of XenPump has been implemented in Xen virtualization platform, and the performance is evaluated by the shared memory based timing channel. The experiment results show that XenPump can mitigate the threat of the timing channel by interrupting both the capacity and transmission accuracy. It is believed that after small extension, XenPump can mitigate the incoming timing channels.

Published

2012

8. Identification and Evaluation of Sharing Memory Covert Timing Channel in Xen Virtual Machines

Author

Wei Han, Liping Ding, Jingzheng Wu, and Yongji Wang

Subjects

Source code, business.industry, Computer science, media_common.quotation_subject, Covert channel, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, computer.software_genre, Virtualization, Software, Virtual machine, Covert, Operating system, business, computer, Computer network, media_common, Communication channel

Abstract

Virtualization technology is the basis of cloud computing, and the most important property of virtualization is isolation. Isolation guarantees security between virtual machines. However, covert channel breaks the isolation and leaks sensitive message covertly. In this paper, we formally model the isolation into noninterference, and define that all the transmission channels violating noninterference are covert channels. With this definition, we present an identification method based on information flow. This method first compiles the source code into a more structured equivalent code with LLVM. And then a search algorithm is proposed to obtain the shared resources and the operational processes in the equivalent code. A new covert channel termed sharing memory covert timing channel (SMCTC) is identified from Xen source code. We construct channel scenario for SMCTC, and evaluate its threat with the metrics of channel capacity and transmission accuracy. The results show that SMCTC is much more threatened than CPU load based and cache based covert channels etc.

Published

2011