Biblio

Filters: Author is Liang, Zhenkai  [Clear All Filters]
2022-12-01
Jia, Yaoqi, Tople, Shruti, Moataz, Tarik, Gong, Deli, Saxena, Prateek, Liang, Zhenkai.  2020.  Robust P2P Primitives Using SGX Enclaves. 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). :1185–1186.
Peer-to-peer (P2P) systems such as BitTorrent and Bitcoin are susceptible to serious attacks from byzantine nodes that join as peers. Due to well-known impossibility results for designing P2P primitives in unrestricted byzantine settings, research has explored many adversarial models with additional assumptions, ranging from mild (such as pre-established PKI) to strong (such as the existence of common random coins). One such widely-studied model is the general-omission model, which yields simple protocols with good efficiency, but has been considered impractical or unrealizable since it artificially limits the adversary only to omitting messages.In this work, we study the setting of a synchronous network wherein peer nodes have CPUs equipped with a recent trusted computing mechanism called Intel SGX. In this model, we observe that the byzantine adversary reduces to the adversary in the general-omission model. As a first result, we show that by leveraging SGX features, we eliminate any source of advantage for a byzantine adversary beyond that gained by omitting messages, making the general-omission model realizable. Our evaluation of 1000 nodes running on 40 DeterLab machines confirms theoretical efficiency claim.
2017-09-11
Jia, Yaoqi, Chua, Zheng Leong, Hu, Hong, Chen, Shuo, Saxena, Prateek, Liang, Zhenkai.  2016.  "The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :791–804.

Process-based isolation, suggested by several research prototypes, is a cornerstone of modern browser security architectures. Google Chrome is the first commercial browser that adopts this architecture. Unlike several research prototypes, Chrome's process-based design does not isolate different web origins, but primarily promises to protect "the local system" from "the web". However, as billions of users now use web-based cloud services (e.g., Dropbox and Google Drive), which are integrated into the local system, the premise that browsers can effectively isolate the web from the local system has become questionable. In this paper, we argue that, if the process-based isolation disregards the same-origin policy as one of its goals, then its promise of maintaining the "web/local system (local)" separation is doubtful. Specifically, we show that existing memory vulnerabilities in Chrome's renderer can be used as a stepping-stone to drop executables/scripts in the local file system, install unwanted applications and misuse system sensors. These attacks are purely data-oriented and do not alter any control flow or import foreign code. Thus, such attacks bypass binary-level protection mechanisms, including ASLR and in-memory partitioning. Finally, we discuss various full defenses and present a possible way to mitigate the attacks presented.