rozzle : de- cloaking internet malware

10

Rozzle: De-Cloaking Internet Malware Clemens Kolbitsch, Christian Seifert , Benjamin Livshits and Benjamin Zorn Microsoft Research Technical Report Presentation by David Ferreras

Upload: paulos

Post on 23-Feb-2016

71 views

Category:

Documents

0 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

Rozzle : De- Cloaking Internet Malware. Clemens Kolbitsch , Christian Seifert , Benjamin Livshits and Benjamin Zorn Microsoft Research Technical Report Presentation by David Ferreras. The P roblem. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Rozzle : De- Cloaking Internet Malware

Rozzle: De-Cloaking Internet Malware

Clemens Kolbitsch, Christian Seifert , Benjamin Livshits and Benjamin Zorn

Microsoft Research Technical Report

Presentation by David Ferreras

Page 2: Rozzle : De- Cloaking Internet Malware

The Problem

• The browser is exposed to malicious content that affect millions of URLs using JavaScript

• Web-based malware tends to target a particular browser, often attacking specific versions of installed plugins. – Environment matching– Fingerprinting– Client-Side cloaking

Page 3: Rozzle : De- Cloaking Internet Malware

The Problem

Page 4: Rozzle : De- Cloaking Internet Malware

The Problem

Page 5: Rozzle : De- Cloaking Internet Malware

The Solution Proposed

• Rozzle: Multi-execution JavaScript implementation– execute both possibilities whenever it encounters

control flow branching that is dependent on the environment

Page 6: Rozzle : De- Cloaking Internet Malware

The Solution Proposed

Page 7: Rozzle : De- Cloaking Internet Malware

The Solution Proposed (Details)

• Symbolic Values: All environment-specific values start out as symbolic in Rozzle

• Branching on symbolic values • Looping on symbolic values• Creates a heap of values

Page 8: Rozzle : De- Cloaking Internet Malware

Results

Page 9: Rozzle : De- Cloaking Internet Malware

Limitations

• Server-side cloaking• Breaking existing code• Identifying that Rozzle is enabled could be

used construct denial-of service attack on Rozzle-enabled browsers.

Page 10: Rozzle : De- Cloaking Internet Malware

Any questions?

Temporal magnification, compression, and cloaking of light

Cloaking Devices, CyberPersonas, and Neutral Zones

Material- and geometry-independent multishell cloaking devicedgenov/files/PRB_Mundru.pdf · Material- and geometry-independent multishell cloaking device Pattabhiraju C. Mundru, Venkatesh

A pseudo anapole based electromagnetic cloaking scheme

Cloaking Devices, Electromagnetic Wormholes and ...gunther/... · Cloaking Devices, Electromagnetic Wormholes and Transformation Optics Allan Greenleaf∗ Yaroslav Kurylev† Matti

White Hat Cloaking

Rozzle De-Cloaking Internet Malware Ben Livshits with Clemens Kolbitsch, Ben Zorn, Christian Seifert, Paul Rebriy Microsoft Research

Rozzle De-Cloaking Internet Malware

Cloaking by Change of Variableschris/icms/GeomAnal/Kohn.pdf · 2008. 6. 23. · - Harry Potter Robert V. Kohn Courant Institute, NYU Cloaking by Change of Variables. Outline (1) Cloaking

Metamaterials, Transform Optics and Cloaking€¦ · Cloaking and stealth technology Cloaking is related to older fields: optical composite materials, artificial dielectric and stealth

An Electromagnetic Cloaking Scheme Using Magnetic Dipole

Mathematical Programming Algorithms for Spatial Cloaking

Packet Cloaking

Cloak & Dagger: Dynamics of Web Search Cloaking

Metamaterials, Transform Optics and Cloaking

White Hat Cloaking – Six Practical Applications

Modeling “Invisibility” by Optical Cloaking of a Spheremath.arizona.edu/~gabitov/teaching/101/math_485_585...Modeling invisibility, or optical cloaking has become a fascinating

Cloak and Dagger. In a nutshell… Cloaking Cloaking in search engines Search engines’ response to cloaking Lifetime of cloaked search results Cloaked pages

On the cloaking effects associated with anomalous …muri.lci.kent.edu/References/NIM_Papers/Cloaking/2006...On the cloaking effects associated with anomalous localized resonance BY

META MATERIAL CLOAKING

Digital integral cloaking - University of Rochesterjhgroup/papers/choi-optica-16-05.pdf · integral imaging techniques, and “digital integral cloaking” for in-tegral cloaking

Elastodynamic Transformation Cloaking for Non

Critical review about Cloaking Device.docx

Affiliate Link Redirecting And Cloaking

Single frequency microwave cloaking and subwavelength

Alternative approaches to electromagnetic cloaking and ...sergei/cloak_presentation.pdf · Wenshan Cai, et al., Optical cloaking with metamaterials, Nature Photonics, April 2007

Broadband Cloaking in Stratiﬁed Seastaflab.berkeley.edu/.../01/2012-Cloaking_PRL_Alam1.pdf · Broadband Cloaking in Stratiﬁed Seas Mohammad-Reza Alam1 1Department of Mechanical

Cloaking via Change of Variables in Electric Impedance Tomographymiw2103/papers/cloaking-july13.pdf · 2007-07-15 · Cloaking via Change of Variables in Electric Impedance Tomography

Isotropic Transformation Optics Approximate Cloaking Allan ... · Isotropic Transformation Optics and Approximate Cloaking Allan Greenleaf joint with Yaroslav Kurylev Matti Lassas

Optical cloaking

Plasmonic and Metamaterial Cloaking: Physical Mechanisms and

Cloak and Dagger: Dynamics of Web Search Cloaking - University of California, San Diegovoelker/pubs/cloaking-ccs11.pdf · 2011-08-24 · Cloak and Dagger: Dynamics of Web Search Cloaking

Transformation Cloaking in Elastic Plates

Cloaking a sensor for three-dimensional Maxwell’s ...gunther/... · Cloaking a sensor for three-dimensional Maxwell’s equations: transformation optics approach Xudong Chen1,∗

Paraxial Ray Optics Invisibility Cloaking