File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: ConcSpectre: Be Aware of Forthcoming Malware Hidden in Concurrent Programs

TitleConcSpectre: Be Aware of Forthcoming Malware Hidden in Concurrent Programs
Authors
KeywordsConcurrent logic bomb (CLB)
concurrent program spectre (ConcSpectre)
concurrent programs
controllable probabilistic activation (CPA)
software security
Issue Date2022
Citation
IEEE Transactions on Reliability, 2022, v. 71, n. 2, p. 1174-1188 How to Cite?
AbstractConcurrent programs with multiple threads executing in parallel are widely used to unleash the power of multicore computing systems. Owing to their complexity, a lot of research focuses on testing and debugging concurrent programs. Besides correctness, we find that security can also be compromised by concurrency. In this article, we present concurrent program spectre (ConcSpectre), a new security threat that hides malware in nondeterministic thread interleavings. To demonstrate such threat, we have developed a stealth malware technique called concurrent logic bomb by partitioning a piece of malicious code and injecting its components separately into a concurrent program. The malicious behavior can be triggered by certain thread interleavings that rarely happen (e.g., < 1%) under a normal execution environment. However, with a new technique called controllable probabilistic activation, we can activate such ConcSpectre malware with a very high probability (e.g., >90%) by remotely disturbing thread scheduling. In the evaluation, more than 1000 ConcSpectre samples are generated, which bypassed most of the antivirus engines in VirusTotal and four well-known online dynamic malware analysis systems. We also demonstrate how to remotely trigger a ConcSpectre sample on a web server and control its activation probability. Our work shows an urgent need for new malware analysis methods for concurrent programs.
Persistent Identifierhttp://hdl.handle.net/10722/346907
ISSN
2023 Impact Factor: 5.0
2023 SCImago Journal Rankings: 1.511

 

DC FieldValueLanguage
dc.contributor.authorLiu, Yang-
dc.contributor.authorXu, Zisen-
dc.contributor.authorFan, Ming-
dc.contributor.authorHao, Yu-
dc.contributor.authorChen, Kai-
dc.contributor.authorChen, Hao-
dc.contributor.authorCai, Yan-
dc.contributor.authorYang, Zijiang-
dc.contributor.authorLiu, Ting-
dc.date.accessioned2024-09-17T04:14:07Z-
dc.date.available2024-09-17T04:14:07Z-
dc.date.issued2022-
dc.identifier.citationIEEE Transactions on Reliability, 2022, v. 71, n. 2, p. 1174-1188-
dc.identifier.issn0018-9529-
dc.identifier.urihttp://hdl.handle.net/10722/346907-
dc.description.abstractConcurrent programs with multiple threads executing in parallel are widely used to unleash the power of multicore computing systems. Owing to their complexity, a lot of research focuses on testing and debugging concurrent programs. Besides correctness, we find that security can also be compromised by concurrency. In this article, we present concurrent program spectre (ConcSpectre), a new security threat that hides malware in nondeterministic thread interleavings. To demonstrate such threat, we have developed a stealth malware technique called concurrent logic bomb by partitioning a piece of malicious code and injecting its components separately into a concurrent program. The malicious behavior can be triggered by certain thread interleavings that rarely happen (e.g., < 1%) under a normal execution environment. However, with a new technique called controllable probabilistic activation, we can activate such ConcSpectre malware with a very high probability (e.g., >90%) by remotely disturbing thread scheduling. In the evaluation, more than 1000 ConcSpectre samples are generated, which bypassed most of the antivirus engines in VirusTotal and four well-known online dynamic malware analysis systems. We also demonstrate how to remotely trigger a ConcSpectre sample on a web server and control its activation probability. Our work shows an urgent need for new malware analysis methods for concurrent programs.-
dc.languageeng-
dc.relation.ispartofIEEE Transactions on Reliability-
dc.subjectConcurrent logic bomb (CLB)-
dc.subjectconcurrent program spectre (ConcSpectre)-
dc.subjectconcurrent programs-
dc.subjectcontrollable probabilistic activation (CPA)-
dc.subjectsoftware security-
dc.titleConcSpectre: Be Aware of Forthcoming Malware Hidden in Concurrent Programs-
dc.typeArticle-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1109/TR.2022.3162694-
dc.identifier.scopuseid_2-s2.0-85128694829-
dc.identifier.volume71-
dc.identifier.issue2-
dc.identifier.spage1174-
dc.identifier.epage1188-
dc.identifier.eissn1558-1721-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats