Learning from Authoritative Security Experiment Results (LASER) Workshop
See the original Call for Participation
The LASER workshop series focuses on learning from and improving cybersecurity experiment results. The workshop strives to provide a highly interactive, collegial environment for discussing and learning from experimental methodologies, execution, and results. Ultimately, the workshop seeks to foster a dramatic change in the experimental paradigm for cybersecurity research, improving the overall quality and reporting of practiced science.
The LASER workshop invites broad participation by the community, including (1) authors of accepted papers from major cybersecurity conferences to present and discuss the experimental aspects of their work, and (2) others interested in contributing to and learning from such discussions and interaction.
Conference papers all too often must focus on research results and contain limited discussion of the experimental aspects of the work (maybe a small section with a few paragraphs at the end of the paper). LASER provides an opportunity to focus on and explore the experimental approaches and methodologies used to obtain the research results.
The LASER workshop not only provides authors of accepted papers the opportunity to present and discuss the experimental aspects of their work with other workshop participants, but also the option to write new published papers that expand on the experimental aspects of their work.
The workshop will be structured as a true “workshop” in the sense that it will focus on discussion and interaction around the topic of experimental methodologies, execution, and results with the goal of encouraging improvements in experimental science in cybersecurity research. Authors will lead the group in a discussion of the experimental aspects of their work.
Areas of interest include, but are not limited to, the following:
- Research questions and/or hypothesis
- Experimental methodologies used and/or developed
- Experiment design
- Use of simulation, emulation, virtualization, and/or physical testbeds
- Use of specialized hardware including CPS and IoT devices
- Modeling of human-behavior characteristics
- Software tools used and/or developed to perform experimentation
- Approaches to experiment validation, monitoring, and data collection
- Datasets used and/or developed to perform experimentation
- Measurements and metrics
- Analytical techniques used and/or developed to evaluate experimental results
As a group, participants will discuss these areas and answer interesting questions such as:
- Did you use experimentation artifacts borrowed from the community?
- Did you attempt to replicate or reproduce results of earlier research as part of your work?
- What can be learned from your methodology and your experience using your methodology?
- What did you try that did not succeed before getting to the results you presented?
- Did you produce any intermediate results including possible unsuccessful tests or experiments?
|TUESDAY, DECEMBER 5, 2023 (ALL TIMES CST)
|8:15 am - 8:30 am
|8:30 am - 9:00 am
|Welcome, Introductions, Workshop Goals and Agenda SLIDES
|9:00 am - 10:00 am
|Session 1: Paper Discussion
|Forking Attacks on SGX Applications Are Real
Annika Wilde (Ruhr University Bochum)
|10:00 am - 10:30 am
|10:30 am - 11:30 pm
|Session 2: Paper Discussion
|Experimentation in Binary Sight-Seeing: Accelerating Reverse Engineering with Point-of-Interest-Beacons
August See (Universität Hamburg)
|11:30 pm - 1:00 pm
|BREAK AND LUNCH
|1:00 pm - 3:00 pm
|Session 3: Keynote Talk and Paper Discussion
|KEYNOTE: A Decade Later: Reproducibility & Reliability of Research Results
Victoria Stodden (University of Southern California)
|Look at the Source: Refine Standards to Harden the OAuth Protocol Security
Tommaso Innocenti (Northeastern University)
|3:00 pm - 3:30 pm
|3:30 pm - 4:30 pm
|Session 4: Paper Discussion
|From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!
Giada Stivala and Andrea Mengascini (CISPA Helmholtz Center for Information Security)
|4:30 pm - 5:00 pm
|Wrap Up SLIDES
Participants in the LASER Workshop are invited to write new papers on their experimental work. The papers will be published in post-workshop proceedings. The new papers will be driven and guided, in part, by the discussions and interactions, and possibly even new collaborations, forged at the workshop.
Draft papers will be due approximately two months after the workshop. The program committee will review papers and provide notifications and feedback one month after submission. Final camera-ready papers will be due approximately one month later.
LASER Workshop @ ACSAC: December 5, 2023
Draft Papers Submitted: February 5, 2024
Paper Reviews and Feedback: March 5, 2024
Final Papers Submitted: April 5, 2024
Papers Published: May 5, 2024
David Balenson (USC Information Sciences Institute)
Laura S. Tinnel (SRI International)
FORKING ATTACKS ON SGX APPLICATIONS ARE REAL
PRESENTER: Annika Wilde (Ruhr University Bochum)
ABSTRACT: Trusted Execution Environments (TEEs) are gaining popularity as an effective means to provide confidentiality in the cloud. TEEs, such as Intel SGX, suffer from so called rollback and cloning attacks (often referred to as forking attacks). Rollback attacks are enabled by the lack of freshness guarantees for sealed data; cloning attacks stem from the inability to determine if other instances of an enclave are running on the same platform. While rollback attacks have been extensively studied by the community, cloning attacks have been less investigated. To address this gap, we perform an extensive study and thoroughly analyze the susceptibility of 72 SGX-based proposals selected from [1,2] to cloning attacks. Our results show that 19.4% of the analyzed proposals are insecure against cloning attacks – including those applications that rely on monotonic counters and are therefore secure against rollback attacks.
BIO: Annika Wilde is a PhD student at the Faculty of Computer Science at the Ruhr-University Bochum (RUB). Her research focuses on platform security, TEE security, and the interplay between TEE security and distributed systems. Before joining the Chair for Information Security for her PhD, she completed her Bachelor’s and Master’s degree in IT Security at RUB.
EXPERIMENTATION IN BINARY SIGHT-SEEING: ACCELERATING REVERSE ENGINEERING WITH POINT-OF-INTEREST BEACONS
PRESENTER: August See (Universität Hamburg)
ABSTRACT: Our work presents an automated method for identifying "Points-of-Interests(POIs)" in binary files. These POIs are useful for guiding reverse engineers in pinpointing critical aspects of the binary, such as encryption routines or interactions with specified data. We developed and experimentally evaluated two prototypes to demonstrate the practicality of our approach. The first prototype is designed for popular reverse-engineering tools like IDA and Ghidra, showing its effectiveness in analyzing ransomware (Locky and Wannacry). While our method successfully identifies data-processing instructions, it acknowledges the need for some human interaction in ransomware analysis, with potential for improvement. The second prototype autonomously monitors P2P botnets by instrumenting botnet malware, exclusively using IP addresses and ports as input. It successfully analyzes various P2P botnets, including ZeroAccess, Sality, Nugache, and Kelihos, simplifying the monitoring of P2P botnets.
BIO: August See is a doctoral candidate at Universität Hamburg in Germany. His research area focuses on application automation and addressing the issues posed by harmful automation, particularly through the use of bots. It predominantly revolves around automating binary analysis and exploring (web)bot mitigation techniques.
KEYNOTE: A DECADE LATER: REPRODUCIBILITY & RELIABILITY OF RESEARCH RESULTS
PRESENTER: Victoria Stodden (University of Southern California)
ABSTRACT: It has been nearly a decade since my last keynote at the 2014 LASER Workshop. Since then several key advances in reproducibility and replicability have accelerated the field, as well as surfacing more nuanced issues. In particular I will discuss the 2019 National Academies of Science and Engineering report on Reproducibility and Replicability in Science, which laid out now widely accepted definitions and priority areas, as well as key cyberinfrastructure developments. In addition, changes in the culture of scientific research have resulted in increased sharing of research code and data across many domains and an increased need for empirical cybersecurity risk assessment.
BIO: Dr. Victoria Stodden is an Associate Professor in the Department of Industrial and Systems Engineering at the University of Southern California. She received a Ph.D. in Statistics from Stanford University and a Law Degree from Stanford Law School. She graduated magna cum laude with her bachelor’s in economics from the University of Ottawa and holds a master’s degree in economics from the University of British Columbia. She held the Kauffman Innovation fellowship at Yale Law School and was a Berkman Klein fellow at Harvard Law School. She was a postdoctoral researcher at MIT and has held faculty positions at the University of California Berkeley, Columbia University, and a tenured position at the University of Illinois at Urbana Champaign.
Stodden is an internationally recognized leader in improving the reliability of scientific results in the face of increasingly sophisticated computational approaches to research: understanding when and how inferences from data are valid and reproducible, what it means to have replicated a result, the effect of big data and computation on scientific inference, the design and implementation of scientific validation systems, standards of openness and transparency for data and code sharing, and resolving legal and policy barriers to disseminating reproducible research.
Stodden’s research takes a systems approach to understanding how and when inferences from data are valid and reproducible. My group focuses on understanding the effect of big data and computation on scientific inference, for example studying adequacy and robustness in replicated results, designing, and implementing validation systems, developing standards of openness for data and code sharing, and resolving legal and policy barriers to disseminating reproducible research.
LOOK AT THE SOURCE: REFINE STANDARDS TO HARDEN THE OAUTH PROTOCOL SECURITY
PRESENTER: Tommaso Innocenti (Northeastern University)
ABSTRACT: In recent years, OAuth has been largely studied by the research community, although we still see newer attacks rising every year. We analyzed recent attack trends in conjunction with the research trends to identify the source of the problem and generate our hypothesis. With our methodology, we moved from theoretical to practical examples to support our hypotheses. Our approach has allowed us to positively impact the security of OAuth, providing a service to the community, which should be the primary goal of the research community.
ACSAC PAPER ABSTRACT, ACSAC PAPER, SLIDES
BIO: Tommaso Innocenti is a fourth year Ph.D. student advised by Engin Kirda, working as a Secure Systems Lab (SecLab) member at Northeastern University. His interests revolve around Privacy and Security, with particular attention to increasing final users' security. His works reflect his passion and tenacity in exploring complex security topics. His most recent work focuses on the security of the OAuth protocol.
FROM ATTACHMENTS TO SEO: CLICK HERE TO LEARN MORE ABOUT CLICKBAIT PDFS!
PRESENTER: Giada Stivala and Andrea Mengascini (CISPA Helmholtz Center for Information Security)
ABSTRACT: Clickbait PDFs are PDF documents that do not embed malware but contain links leading to diverse attack web pages. In the first page, a visual bait overlaying the link tricks victim users into clicking. In this talk, we discuss how we leveraged visual content to obtain meaningful clusters of visually-similar documents, allowing human inspection of our clickbait PDF dataset (176,208 PDFs). Our solution involves the joint use of a ML learning module (using the DeepCluster architecture) and the DBSCAN algorithm. We discuss the steps of our manually-aided clustering and present insights of this experimental technique. Furthermore, we explore the distribution dynamics behind clickbait PDFs. We first conduct a pilot study and then deploy an analysis pipeline, demonstrating that clickbait PDFs are delivered to users by poisoning Search Engines results. Our findings expose the exploitation of search engine algorithms and reveal a network of freshly uploaded documents, hinting at larger, coordinated attack campaigns. This exploration underscores the urgent need for robust countermeasures in search engines.
BIOS: Giada Stivala is a Ph.D. candidate at CISPA with a focus on cybercrime and Web attacks such as phishing and scams. Her research involves large-scale studies of malicious campaigns and the underlying infrastructure that facilitates these activities.
Andrea Mengascini is a Ph.D. researcher at CISPA, Germany, with a deep focus on web security within 3D web platforms. His work intersects the dynamic realms of the metaverse and cybersecurity, aiming to pioneer safe user experiences.