PacSec2012講演者名と発表内容 (一部抜粋)
Day 1
"Data Mining a Mountain of Zero Days" 「ゼロデイの山をデータマイニングする」
Chris Eng クリス・エング, Veracode, @stake出身、元NSA「Red Team」メンバー
概要訳後日
Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. We used static binary analysis on thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers, to create an anonymized vulnerability data set. By mining this data we can answer some interesting questions. What types of mistakes do developers make most often? Are we making any progress at eradicating XSS and SQL injection? How long does it really take to remediate software vulnerabilities? We will address these questions and many others, giving you a deep dive into metrics at a scale that can't be found anywhere else.
"The Future of Automated Malware Generation" 「自動化されたマルウェア生成の未来」
Stephan Chenette ステファン・シェネット, IOActive,
概要訳後日
Cyber-criminals have had back-end infrastructures equivalent to Virus Total to test if malware is effective against AV scanners for many years, showing that attackers are proactively avoiding detection when building malware.
In this day of age malicious binaries are generated on demand by server-side kits when a victim visits a malicious web page, making reliance solely on hash based solutions inadequate. In the last 15 years detection techniques have evolved in an attempt to keep up with attack trends. In the last few years security companies have looked for supplemental solutions such as the use of machine learning to detect and mitigate attacks against cyber criminals.
Machine Learning (ML), though not a new concept, is all the rage these days, touted as the next big thing in defensive technology. While ML is beginning to be used in the detection of polymorphic malware, let's not pretend attackers aren't also experimenting with ML to create advanced malware which can bypass learning algorithms and heuristics.
I will present work to show how attackers might be utilizing ML offensively, in a supervised learning mode, to expose common features to avoid or alternatively utilize in order to increase the chances of bypassing binary AV scanners that utilize heuristics and ML for detection.
"Machine Learning for Security" 「セキュリティのための機械学習」
Kenji Aiko 愛甲健二, , @07c00
Anti-Virus has needed heuristic analysis for detecting a new malwares, Network analyzer would like to filter an unknown exploiting packet. Security Research has to focus next technology which is not black lists, one of them is Machine Learning. However, is it true it's a usefulgood method, we should learn it for security? Machine learning has the potential to solve some security issues?
I'll introduce several algorithm and limit of Machine Learning on the security.
アンチウイルスにはあらたなマルウェアを検知するためのヒューリスティックエンジンが必要になり、マッチング方式を使わずにエクスプロイト攻撃を検知するパケットフィルタリング技術が研究されている。
ブラックリストとは違う新しい検知技術のひとつに機械学習が挙げられるが、機械学習は本当にセキュリティ問題を解決するのに有用だろうか?
このセッションにおいて、いくつかのアルゴリズムと機械学習が解決できる問題、解決できないセキュリティ問題について紹介、解説する。
"You keep using that Sandbox, I don't think it does what you think it does" - OSX Mountain Lion's security model 「未だにサンドボックスを使ってる? OSX Mountain Lionのセキュリティモデル」
Paul Sebastian Ziegler ポール・セバスチャン・ジーグラー, ,
概要訳後日
Due to remaining access to OS X's accessibility API it becomes possibleto write a fully functioning Key/Mouse-Logger and Screengrabber runningwith standard user privileges on OS X Mountain Lion with Sandboxingenabled. This talk will look at a practical implementation, the generalweaknesses of Mountain Lion's security model and ways to safeguard 3rdparty apps against this attack vector. Live demonstration included.
"what it takes to successfully run a vulnerability reward program" 「脆弱性発見報酬プログラムを成功させるには」
Adam Bacchus アダム・バッカス + Kevin Stadmeyer ケビン・スタッドマイヤー, Google,
Kevin and Adam will discuss what it takes to successfully run a vulnerability reward program, the number of types of issues that we have discovered as a result of this program and more importantly how much you can expect to get for your 1337 Google Maps SQL Injection. The talk will cover several interesting bugs which have been submitted to us (and subsequently patched) as well as some ad hoc examples of the types and amounts of the awards we typically award, the process will be examined as part of this talk but the main focus is on the types and amounts of awards and some funny stories from running it. I will also discuss my motivations in working with this program and what Google hopes to accomplish by paying external researchers.
Day 2
"Future of trust in the Internet" 「インターネットにおけるトラストの未来」
Marat Vyshegorodtsev マラット・ヴィシェゴロデツェフ, University of Tokyo 東京大学, "More Smoked Leet Chicken" CTF team, @touzoku
The trust models in different spheres are totally different. There are strict models like in iPhone or trusted mode unix and loose models like in Android or Linux apt. However, the web went its own way and we verify not the content, but channel authenticity. In this talk I will take an approach to analyse these differences and describe how the Internet should be changed in order to achieve better security.
"Android malware detection in the cloud" 「クラウド利用のAndroidマルウェア検出」
Elson Lai エルソン・ライ, Websense,
概要訳後日
In this presentation I will show 2 parts of a project I'm working on now:
*Static Analysis
A classification service in the cloud will be introduced which can auto parse features from android app files and train machine learning engine to get correct category of each file.
*Dynamic Analysis
Like Amazon's 'Test Drive' but different experience. Our dynamic analysis engine support nearly any Android application directly from your browser using some very interesting technology. Just upload the android apk file and click a button on a webpage, we will launch an emulated instance of Android on cloud, which you'll be able to control directly from your browser and get a report of what the app has done and a result of whether the app is a malicious app.
"New "open source" step in Android Application Analysis" 「Androidのアプリ分析における新しいオープンソースのステップ」
Anthony Desnos アンソニー・デスノス + Geoffroy Gueguen ジェフロイ・グーゲン, Androguard,
概要訳後日
In this framework, you have the possibility to access to each element of an Android app (define by the Dalvik Executable Format), and to analyze it. You are able to create (save/load) a new session, and to annotate methods/instructions, or to modify and save the app. Of course, you can disassemble all instructions and to see the control flow graph, but one major feature is to decompile each method "on the fly" with a native Android decompiler (DAD) (no java steps, dead code elimination procedure followed by a register propagation procedure) which is the first public decompiler with this technique. Moreover, we would like to present our improvements on our similarities tools (comparison/diff of Android apps) where we have explained the general concept in our Phrack (http://phrack.org/issues.html?issue=68&id=15#article) article. Finally, we will present tip and tricks to block the analysis of a wild sample by using various techniques to break Android Reverse Engineering tools, and to try to escape to automated analysis.
"Windows Kernel Font Fuzzing and Exploitation" 「ウィンドウズ・カーネルのフォント・ファジングとエクスプロイット」
Ling Chuan Lee リン・チャン・リー (lclee_vx), CyberSecurity Malaysia, + Lee Yee Chan リー・イー・チャン, F13 Laboratory,
概要訳後日
This presentation is focused on the use of TrueType Font and Microsoft Bitmap Font as Windows kernel attack vector, based on a special crafted font size that lead to a memory overwrites occurred inside Windows kernel.The talk features a live demo of both local and remote Windows kernel font exploitation. Detail regards important function of installing vulnerable font, triggering and attacking the vulnerability will be explain and shown. We will also show how to create an office exploitable document, which embedded a special crafted font that potentially used as a remote attack weapon to gain the remote control privilege.
This talk also come with our automated font generator exploitation utilities which allows for very effective fuzzing testing of all vulnerable TrueType/Microsoft Bitmap font based on different sizes, automatically compile and insert kernel shellcode into font file. The utilities will then convert the crafted font into odttf font format and embedded into office document.
"Using Theory to Hack the Geopolitical Dynamics of Cyber Security" 「サイバーセキュリティの地政学的な力学を政治社会学理論で解読する」
Eli Jellenc イーライ・ジェレン, VeriSign,
概要訳後日
Many cyber security practitioners remain puzzled by the geopolitics of cyber security while national strategists and political scientists struggle to understand what cyber security is even about; I show in this presentation that existing theories from political science and sociology can be modified to explain the dynamics of cyber security competition among nations and to improve understanding of strategic cyber conflict behavior.
"NFC using Software Defined Radio" 「ソフトウェア定義無線を使用するNFC」
Jonathan Andersson ジョナサン・アンダーソン, ,
急な事情により来日中止
(講演者と発表内容は諸事情により予告なく変更になることがあります)
