File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/TR.2022.3162694
- Scopus: eid_2-s2.0-85128694829
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Article: ConcSpectre: Be Aware of Forthcoming Malware Hidden in Concurrent Programs
| Title | ConcSpectre: Be Aware of Forthcoming Malware Hidden in Concurrent Programs |
|---|---|
| Authors | |
| Keywords | Concurrent logic bomb (CLB) concurrent program spectre (ConcSpectre) concurrent programs controllable probabilistic activation (CPA) software security |
| Issue Date | 2022 |
| Citation | IEEE Transactions on Reliability, 2022, v. 71, n. 2, p. 1174-1188 How to Cite? |
| Abstract | Concurrent programs with multiple threads executing in parallel are widely used to unleash the power of multicore computing systems. Owing to their complexity, a lot of research focuses on testing and debugging concurrent programs. Besides correctness, we find that security can also be compromised by concurrency. In this article, we present concurrent program spectre (ConcSpectre), a new security threat that hides malware in nondeterministic thread interleavings. To demonstrate such threat, we have developed a stealth malware technique called concurrent logic bomb by partitioning a piece of malicious code and injecting its components separately into a concurrent program. The malicious behavior can be triggered by certain thread interleavings that rarely happen (e.g., < 1%) under a normal execution environment. However, with a new technique called controllable probabilistic activation, we can activate such ConcSpectre malware with a very high probability (e.g., >90%) by remotely disturbing thread scheduling. In the evaluation, more than 1000 ConcSpectre samples are generated, which bypassed most of the antivirus engines in VirusTotal and four well-known online dynamic malware analysis systems. We also demonstrate how to remotely trigger a ConcSpectre sample on a web server and control its activation probability. Our work shows an urgent need for new malware analysis methods for concurrent programs. |
| Persistent Identifier | http://hdl.handle.net/10722/346907 |
| ISSN | 2023 Impact Factor: 5.0 2023 SCImago Journal Rankings: 1.511 |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Liu, Yang | - |
| dc.contributor.author | Xu, Zisen | - |
| dc.contributor.author | Fan, Ming | - |
| dc.contributor.author | Hao, Yu | - |
| dc.contributor.author | Chen, Kai | - |
| dc.contributor.author | Chen, Hao | - |
| dc.contributor.author | Cai, Yan | - |
| dc.contributor.author | Yang, Zijiang | - |
| dc.contributor.author | Liu, Ting | - |
| dc.date.accessioned | 2024-09-17T04:14:07Z | - |
| dc.date.available | 2024-09-17T04:14:07Z | - |
| dc.date.issued | 2022 | - |
| dc.identifier.citation | IEEE Transactions on Reliability, 2022, v. 71, n. 2, p. 1174-1188 | - |
| dc.identifier.issn | 0018-9529 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/346907 | - |
| dc.description.abstract | Concurrent programs with multiple threads executing in parallel are widely used to unleash the power of multicore computing systems. Owing to their complexity, a lot of research focuses on testing and debugging concurrent programs. Besides correctness, we find that security can also be compromised by concurrency. In this article, we present concurrent program spectre (ConcSpectre), a new security threat that hides malware in nondeterministic thread interleavings. To demonstrate such threat, we have developed a stealth malware technique called concurrent logic bomb by partitioning a piece of malicious code and injecting its components separately into a concurrent program. The malicious behavior can be triggered by certain thread interleavings that rarely happen (e.g., < 1%) under a normal execution environment. However, with a new technique called controllable probabilistic activation, we can activate such ConcSpectre malware with a very high probability (e.g., >90%) by remotely disturbing thread scheduling. In the evaluation, more than 1000 ConcSpectre samples are generated, which bypassed most of the antivirus engines in VirusTotal and four well-known online dynamic malware analysis systems. We also demonstrate how to remotely trigger a ConcSpectre sample on a web server and control its activation probability. Our work shows an urgent need for new malware analysis methods for concurrent programs. | - |
| dc.language | eng | - |
| dc.relation.ispartof | IEEE Transactions on Reliability | - |
| dc.subject | Concurrent logic bomb (CLB) | - |
| dc.subject | concurrent program spectre (ConcSpectre) | - |
| dc.subject | concurrent programs | - |
| dc.subject | controllable probabilistic activation (CPA) | - |
| dc.subject | software security | - |
| dc.title | ConcSpectre: Be Aware of Forthcoming Malware Hidden in Concurrent Programs | - |
| dc.type | Article | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1109/TR.2022.3162694 | - |
| dc.identifier.scopus | eid_2-s2.0-85128694829 | - |
| dc.identifier.volume | 71 | - |
| dc.identifier.issue | 2 | - |
| dc.identifier.spage | 1174 | - |
| dc.identifier.epage | 1188 | - |
| dc.identifier.eissn | 1558-1721 | - |