Browsing by Author "Mohandas, R."
Now showing 1 - 20 of 24
- Results Per Page
- Sort Options
Item A novel technique for defeating virtual keyboards - Exploiting insecure features of modern browsers(2011) Nadkarni, T.S.; Mohandas, R.; Pais, A.R.Advancement in technology is a necessity of time, but as new techniques are introduced, new security vulnerabilities are discovered and exploited in practice. In this paper we are presenting a new approach to defeat virtual keyboards using a new method for capturing parts of a browser screen. The page rendered in the browser is captured by using the canvas element provided by HTML5. We have specified the technical details of how this functionality is exploited and created a malicious extension for Mozilla Firefox browser. This extension captures screenshots of web pages rendered in the browser and sends them to a remote server. In addition, we have suggested mitigation strategies to prevent misuse of such browser functionalities. © 2011 Springer-Verlag.Item An in-depth analysis of the epitome of online stealth: Keyloggers; and their countermeasures(2011) Vishnani, K.; Pais, A.R.; Mohandas, R.Malware came into existence ever since the inception of the computers itself and its spread has been gaining momentum as a result of persistent success and evolution of the Internet. Cyber world has been noticing a shift in the goals of malware writers, which would only become more insidious with time. Currently the matter of great concern for Internet users is that of online stealth. In this paper we discuss in detail about the epitome of online stealth, the keyloggers; present an analysis of few well known anti-keyloggers; list a set of counter-measures for the users based on our analysis; and also present our approach for client side authentication to reduce the attack surface available to the hackers. © 2011 Springer-Verlag.Item Attacks on web services and mitigation schemes(2010) Patel, V.; Mohandas, R.; Pais, A.R.Web Services have become dependable platform for e-commerce and many B2B models. Extensive adaptation of Web Services has resulted in a bunch of standards such as WS-Security, WS-Trast etc. to support business and security requirements for the same. Majority of the web services are offered over Http with Simple Object Access Protocol (SOAP) as an underlying exchange infrastructure. This paper describes attacks targeted at Web Services such as XML injection, XSS injection, HTTP header manipulation, sending stale message and other protocol specific attacks. We have used XML Re-Writing mechanism to perform "timestamp modification attack" and WS-Trast, WS-SecureConversation protocols attack. Schemas stated in WSDL file may not be accurate enough to validate messages effectively; Schemas should reflect structure of all possible genuine requests. Hence, we have proposed a new self-adaptive schema hardening algorithm to obtain fine-tuned schema that can be used to validate SOAP messages more effectively. We have also proposed mitigation techniques to counter attacks using MIME/DIME attachments.Item Attacks on web services and mitigation schemes(2010) Patel, V.; Mohandas, R.; Pais, A.R.Web Services have become dependable platform for e-commerce and many B2B models. Extensive adaptation of Web Services has resulted in a bunch of standards such as WS-Security, WS-Trast etc. to support business and security requirements for the same. Majority of the web services are offered over Http with Simple Object Access Protocol (SOAP) as an underlying exchange infrastructure. This paper describes attacks targeted at Web Services such as XML injection, XSS injection, HTTP header manipulation, sending stale message and other protocol specific attacks. We have used XML Re-Writing mechanism to perform "timestamp modification attack" and WS-Trast, WS-SecureConversation protocols attack. Schemas stated in WSDL file may not be accurate enough to validate messages effectively; Schemas should reflect structure of all possible genuine requests. Hence, we have proposed a new self-adaptive schema hardening algorithm to obtain fine-tuned schema that can be used to validate SOAP messages more effectively. We have also proposed mitigation techniques to counter attacks using MIME/DIME attachments.Item Detecting & defeating split personality malware(2011) Vishnani, K.; Pais, A.R.; Mohandas, R.Security analysts extensively use virtual machines to analyse sample programs and study them to determine if they contain any malware. In the process, if the malware destabilizes the guest OS, they simply discard it and load in a fresh image. This approach increases their productivity. Since naive users do not run virtual machines, malware authors have observed that it is a pretty good probability that their malware is being analysed if it is being run in a Virtual Machine (VM). When these analysis aware malware detect the presence of VMs, they behave in a benign manner thus escaping detection. A determined analyst will have to end up running the sample on a native machine that adds to his chase time. In this paper, we briefly discuss the techniques deployed to detect VM by the Analysis Aware Malware also known as the Split Personality Malware. We then introduce our tool that not only detects this category of malware but also fools it into believing that it is running on a native machine even when it is running on a virtualized one, forcing it to exhibit its malicious form. Most security analysts should find this tool really useful.Item Detecting & defeating split personality malware(2011) Vishnani, K.; Pais, A.R.; Mohandas, R.Security analysts extensively use virtual machines to analyse sample programs and study them to determine if they contain any malware. In the process, if the malware destabilizes the guest OS, they simply discard it and load in a fresh image. This approach increases their productivity. Since naive users do not run virtual machines, malware authors have observed that it is a pretty good probability that their malware is being analysed if it is being run in a Virtual Machine (VM). When these analysis aware malware detect the presence of VMs, they behave in a benign manner thus escaping detection. A determined analyst will have to end up running the sample on a native machine that adds to his chase time. In this paper, we briefly discuss the techniques deployed to detect VM by the Analysis Aware Malware also known as the Split Personality Malware. We then introduce our tool that not only detects this category of malware but also fools it into believing that it is running on a native machine even when it is running on a virtualized one, forcing it to exhibit its malicious form. Most security analysts should find this tool really useful.Item Detection and prevention of SQL injection attacks using semantic equivalence(2011) Narayanan, S.N.; Pais, A.R.; Mohandas, R.SQL injection vulnerability is a kind of injection vulnerability in which the database server is forced to execute some illicit operations by crafting specific inputs to the web server. Even though this vulnerability has had it's presence for several years now, most of its popular mitigation techniques are based on safe coding practices, which are neither applicable to the existing applications, nor are application independent. Here we propose a new application logic independent solution to prevent SQL injection attacks which can be applicable to any dynamic web technology. The new solution detects SQL injection by considering the semantic variance between the queries generated by the query function with safe inputs and injection inputs. We have implemented the complete solution in ASP.NET with C# web applications using a custom written tool, SIAP, which patches the SQL Injection vulnerabilities in an existing web application by instrumenting the binaries. � Springer-Verlag 2011.Item Detection and prevention of SQL injection attacks using semantic equivalence(2011) Narayanan, S.N.; Pais, A.R.; Mohandas, R.SQL injection vulnerability is a kind of injection vulnerability in which the database server is forced to execute some illicit operations by crafting specific inputs to the web server. Even though this vulnerability has had it's presence for several years now, most of its popular mitigation techniques are based on safe coding practices, which are neither applicable to the existing applications, nor are application independent. Here we propose a new application logic independent solution to prevent SQL injection attacks which can be applicable to any dynamic web technology. The new solution detects SQL injection by considering the semantic variance between the queries generated by the query function with safe inputs and injection inputs. We have implemented the complete solution in ASP.NET with C# web applications using a custom written tool, SIAP, which patches the SQL Injection vulnerabilities in an existing web application by instrumenting the binaries. © Springer-Verlag 2011.Item IFrandbox - Client side protection from malicious injected iframes(2011) Nadkarni, T.S.; Mohandas, R.; Pais, A.R.Drive-by downloads are currently one of the most popular methods of malware distribution. Widely visited legitimate websites are infused with invisible or barely visible Iframes pointing to malicious URLs, causing silent download malware on users system. In this paper, we present a client side solution for protection from such malevolent hidden Iframes. We have implemented our solution as an extension to Mozilla Firefox browser. The extension will check every Iframe loaded in the browser for properties emblematic of malicious Iframes such as hidden visibility styles and 0-pixel dimensions. These Iframes are then blocked by using browser content policy mechanism, hence alleviating the possibility of the malicious download taking place. � 2011 Springer-Verlag.Item IFrandbox - Client side protection from malicious injected iframes(2011) Nadkarni, T.S.; Mohandas, R.; Pais, A.R.Drive-by downloads are currently one of the most popular methods of malware distribution. Widely visited legitimate websites are infused with invisible or barely visible Iframes pointing to malicious URLs, causing silent download malware on users system. In this paper, we present a client side solution for protection from such malevolent hidden Iframes. We have implemented our solution as an extension to Mozilla Firefox browser. The extension will check every Iframe loaded in the browser for properties emblematic of malicious Iframes such as hidden visibility styles and 0-pixel dimensions. These Iframes are then blocked by using browser content policy mechanism, hence alleviating the possibility of the malicious download taking place. © 2011 Springer-Verlag.Item An in-depth analysis of the epitome of online stealth: Keyloggers(and their countermeasures) Vishnani, K.; Pais, A.R.; Mohandas, R.10.1007/978-3-642-22720-2_2Item Model based hybrid approach to prevent SQL injection attacks in PHP(2011) Sadalkar, K.; Mohandas, R.; Pais, A.R.SQL Injection vulnerability is ranked 1st in the OWASP top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities. � 2011 Springer-Verlag.Item Model based hybrid approach to prevent SQL injection attacks in PHP(2011) Sadalkar, K.; Mohandas, R.; Pais, A.R.SQL Injection vulnerability is ranked 1st in the OWASP top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities. © 2011 Springer-Verlag.Item A novel technique for defeating virtual keyboards - Exploiting insecure features of modern browsers(2011) Nadkarni, T.S.; Mohandas, R.; Pais, A.R.Advancement in technology is a necessity of time, but as new techniques are introduced, new security vulnerabilities are discovered and exploited in practice. In this paper we are presenting a new approach to defeat virtual keyboards using a new method for capturing parts of a browser screen. The page rendered in the browser is captured by using the canvas element provided by HTML5. We have specified the technical details of how this functionality is exploited and created a malicious extension for Mozilla Firefox browser. This extension captures screenshots of web pages rendered in the browser and sends them to a remote server. In addition, we have suggested mitigation strategies to prevent misuse of such browser functionalities. � 2011 Springer-Verlag.Item Safeguarding web services using self-adaptive schema hardening algorithm(2011) Patel, V.; Mohandas, R.; Pais, A.Web Services in production often evolve over time due to changes in business and security requirements. Often various Web Service standards such as WS-Security, WS-Trust, WS-Routing etc. are introduced or revoked. Such changes alter the structure of an input message accepted by web services. Message validation mechanism becomes in-effective if schemas in use are not updated in line with aforementioned changes. Also, Web Services become prone to different attack vectors if the schemas are loosely defined. Here, we present algorithms that help fine tune schemas by the process of iterative deduction. Also, our work helps to identify patterns of attack vectors that demarcate themselves from genuine messages. Our adaptive schema refining algorithm classifies logged requests into set of schema classes based on a measure of similarity. This classification of messages in to schema classes enables us to tighten the schemas to prevent bad requests or expand the schemas to accommodate newer requests. � 2011 Springer-Verlag.Item Safeguarding web services using self-adaptive schema hardening algorithm(2011) Patel, V.; Mohandas, R.; Pais, A.R.Web Services in production often evolve over time due to changes in business and security requirements. Often various Web Service standards such as WS-Security, WS-Trust, WS-Routing etc. are introduced or revoked. Such changes alter the structure of an input message accepted by web services. Message validation mechanism becomes in-effective if schemas in use are not updated in line with aforementioned changes. Also, Web Services become prone to different attack vectors if the schemas are loosely defined. Here, we present algorithms that help fine tune schemas by the process of iterative deduction. Also, our work helps to identify patterns of attack vectors that demarcate themselves from genuine messages. Our adaptive schema refining algorithm classifies logged requests into set of schema classes based on a measure of similarity. This classification of messages in to schema classes enables us to tighten the schemas to prevent bad requests or expand the schemas to accommodate newer requests. © 2011 Springer-Verlag.Item Spam control by source throttling using integer factorization(2011) Gupta, R.; Vinay, Kumar, K.; Mohandas, R.Existing solutions for spam control that are limited to spam filtering at the receiver side underestimate the fact that the network bandwidth and processing time of the recipient email servers are wasted. To cut down these costs spam should be controlled before it reaches the receiving email server. In this paper, we propose a solution to control spam at the senders email server by throttling the client's CPU using integer factorization problem. Integer factorization is used to generate stamps as a proof of CPU cycles expended by the senders system for each email recipient. Cost of generating stamps is negligible when the client is sending emails to only a few recipients. However, as the number of recipients increases, the cost of generating stamps also increases which adversely affects the processing speed of the client. The server requires minimal processing time to verify stamps generated by the client. � Springer-Verlag 2011.Item Spam control by source throttling using integer factorization(2011) Gupta, R.; Vinay Kumar, K.; Mohandas, R.Existing solutions for spam control that are limited to spam filtering at the receiver side underestimate the fact that the network bandwidth and processing time of the recipient email servers are wasted. To cut down these costs spam should be controlled before it reaches the receiving email server. In this paper, we propose a solution to control spam at the senders email server by throttling the client's CPU using integer factorization problem. Integer factorization is used to generate stamps as a proof of CPU cycles expended by the senders system for each email recipient. Cost of generating stamps is negligible when the client is sending emails to only a few recipients. However, as the number of recipients increases, the cost of generating stamps also increases which adversely affects the processing speed of the client. The server requires minimal processing time to verify stamps generated by the client. © Springer-Verlag 2011.Item Throttling DDoS attacks(2009) Gujjunoori, S.; Syed, T.A.; Madhu, B.J.; Avinash, D.; Mohandas, R.; Pais, A.R.Distributed Denial of Service poses a significant threat to the Internet today. In these attacks, an attacker runs a malicious process in compromised systems under his control and generates enormous number of requests, which in turn can easily exhaust the computing resources of a victim web server within a short period of time. Many mechanisms have been proposed till date to combat this attack. In this paper we propose a new solution to reduce the impact of a distributed denial of service attack on a web server by throttling the client's CPU. The concept of source throttling is used to make the client pay a resource stamp fee, which is negligible when the client is making a limited number of requests but becomes a limiting restriction when he is making a large number of requests. The proposed solution makes use of the integer factorization problem to generate the CPU stamps. We have packaged our solution as an API so that existing web applications can easily deploy our solution in a layer that is transparent to the underlying application.Item Throttling DDoS attacks(2009) Gujjunoori, S.; Syed, T.A.; Babu, J, M.; Avinash, D.; Mohandas, R.; Pais, A.R.Distributed Denial of Service poses a significant threat to the Internet today. In these attacks, an attacker runs a malicious process in compromised systems under his control and generates enormous number of requests, which in turn can easily exhaust the computing resources of a victim web server within a short period of time. Many mechanisms have been proposed till date to combat this attack. In this paper we propose a new solution to reduce the impact of a distributed denial of service attack on a web server by throttling the client's CPU. The concept of source throttling is used to make the client pay a resource stamp fee, which is negligible when the client is making a limited number of requests but becomes a limiting restriction when he is making a large number of requests. The proposed solution makes use of the integer factorization problem to generate the CPU stamps. We have packaged our solution as an API so that existing web applications can easily deploy our solution in a layer that is transparent to the underlying application.