1.
Harun Oz, Ahmet Aris, Abbas Acar, Güliz Seray Tuncay, Leonardo Babun, Selcuk Uluagac
RøB: Ransomware over Modern Web Browsers Conference Paper
In the Proceedings of the 32nd USENIX Security Symposium, 2023.
Abstract | Links | BibTeX | Tags: Malware, Ransomware, Web Security
@conference{OZRans2023,
title = {RøB: Ransomware over Modern Web Browsers},
author = {Harun Oz and Ahmet Aris and Abbas Acar and Güliz Seray Tuncay and Leonardo Babun and Selcuk Uluagac},
url = {https://www.usenix.org/conference/usenixsecurity23/presentation/oz
https://www.youtube.com/watch?v=MUVNz6p3_jk
https://research.google/pubs/r%C3%B8b-ransomware-over-modern-web-browsers/},
year = {2023},
date = {2023-08-01},
urldate = {2023-08-01},
booktitle = {In the Proceedings of the 32nd USENIX Security Symposium},
abstract = {File System Access (FSA) API enables web applications to interact with files on the users' local devices. Even though it can be used to develop rich web applications, it greatly extends the attack surface, which can be abused by adversaries to cause significant harm. In this paper, for the first time in the literature, we extensively study this new attack vector that can be used to develop a powerful new ransomware strain over a browser. Using the FSA API and WebAssembly technology, we demonstrate this novel browser-based ransomware called RøB as a malicious web application that encrypts the user's files from the browser. We use RøB to perform impact analysis with different OSs, local directories, and antivirus solutions as well as to develop mitigation techniques against it. Our evaluations show that RøB can encrypt the victim's local files including cloud-integrated directories, external storage devices, and network-shared folders regardless of the access limitations imposed by the API. Moreover, we evaluate and show how the existing defense solutions fall short against RøB in terms of their feasibility. We propose three potential defense solutions to mitigate this new attack vector. These solutions operate at different levels (i.e., browser-level, file-system-level, and user-level) and are orthogonal to each other. Our work strives to raise awareness of the dangers of RøB-like browser-based ransomware strains and shows that the emerging API documentation (i.e., the popular FSA) can be equivocal in terms of reflecting the extent of the threat.},
keywords = {Malware, Ransomware, Web Security},
pubstate = {published},
tppubtype = {conference}
}
File System Access (FSA) API enables web applications to interact with files on the users' local devices. Even though it can be used to develop rich web applications, it greatly extends the attack surface, which can be abused by adversaries to cause significant harm. In this paper, for the first time in the literature, we extensively study this new attack vector that can be used to develop a powerful new ransomware strain over a browser. Using the FSA API and WebAssembly technology, we demonstrate this novel browser-based ransomware called RøB as a malicious web application that encrypts the user's files from the browser. We use RøB to perform impact analysis with different OSs, local directories, and antivirus solutions as well as to develop mitigation techniques against it. Our evaluations show that RøB can encrypt the victim's local files including cloud-integrated directories, external storage devices, and network-shared folders regardless of the access limitations imposed by the API. Moreover, we evaluate and show how the existing defense solutions fall short against RøB in terms of their feasibility. We propose three potential defense solutions to mitigate this new attack vector. These solutions operate at different levels (i.e., browser-level, file-system-level, and user-level) and are orthogonal to each other. Our work strives to raise awareness of the dangers of RøB-like browser-based ransomware strains and shows that the emerging API documentation (i.e., the popular FSA) can be equivocal in terms of reflecting the extent of the threat.
2.
Ehsan Nowroozi, Yassine Mekdad, Mauro Conti, Simone Milani, Selcuk Uluagac, Berrin Yanikoglu
Real or Virtual: A Video Conferencing Background Manipulation-Detection System Conference Paper
Arxiv, 2022.
Abstract | Links | BibTeX | Tags: Network Security, Web Security
@conference{EhsanRealOrVirtual,
title = {Real or Virtual: A Video Conferencing Background Manipulation-Detection System},
author = {Ehsan Nowroozi and Yassine Mekdad and Mauro Conti and Simone Milani and Selcuk Uluagac and Berrin Yanikoglu},
url = {https://arxiv.org/abs/2204.11853},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
booktitle = {Arxiv},
journal = {arXiv },
abstract = {Recently, the popularity and wide use of the last-generation video conferencing technologies created an exponential growth in its market size. Such technology allows participants in different geographic regions to have a virtual face-to-face meeting. Additionally, it enables users to employ a virtual background to conceal their own environment due to privacy concerns or to reduce distractions, particularly in professional settings. Nevertheless, in scenarios where the users should not hide their actual locations, they may mislead other participants by claiming their virtual background as a real one. Therefore, it is crucial to develop tools and strategies to detect the authenticity of the considered virtual background. In this paper, we present a detection strategy to distinguish between real and virtual video conferencing user backgrounds. We demonstrate that our detector is robust against two attack scenarios. The first scenario considers the case where the detector is unaware about the attacks and inn the second scenario, we make the detector aware of the adversarial attacks, which we refer to Adversarial Multimedia Forensics (i.e, the forensically-edited frames are included in the training set). Given the lack of publicly available dataset of virtual and real backgrounds for video conferencing, we created our own dataset and made them publicly available [1]. Then, we demonstrate the robustness of our detector against different adversarial attacks that the adversary considers. Ultimately, our detector's performance is significant against the CRSPAM1372 [2] features, and post-processing operations such as geometric transformations with different quality.},
keywords = {Network Security, Web Security},
pubstate = {published},
tppubtype = {conference}
}
Recently, the popularity and wide use of the last-generation video conferencing technologies created an exponential growth in its market size. Such technology allows participants in different geographic regions to have a virtual face-to-face meeting. Additionally, it enables users to employ a virtual background to conceal their own environment due to privacy concerns or to reduce distractions, particularly in professional settings. Nevertheless, in scenarios where the users should not hide their actual locations, they may mislead other participants by claiming their virtual background as a real one. Therefore, it is crucial to develop tools and strategies to detect the authenticity of the considered virtual background. In this paper, we present a detection strategy to distinguish between real and virtual video conferencing user backgrounds. We demonstrate that our detector is robust against two attack scenarios. The first scenario considers the case where the detector is unaware about the attacks and inn the second scenario, we make the detector aware of the adversarial attacks, which we refer to Adversarial Multimedia Forensics (i.e, the forensically-edited frames are included in the training set). Given the lack of publicly available dataset of virtual and real backgrounds for video conferencing, we created our own dataset and made them publicly available [1]. Then, we demonstrate the robustness of our detector against different adversarial attacks that the adversary considers. Ultimately, our detector's performance is significant against the CRSPAM1372 [2] features, and post-processing operations such as geometric transformations with different quality.
3.
Gong Chen, Jacob H. Cox, A. Selcuk Uluagac, John A. Copeland
In-Depth Survey of Digital Advertising Technologies Journal Article
IEEE Communications Surveys & Tutorials, 2016.
Abstract | Links | BibTeX | Tags: Web Security
@article{ChenSurveyIEEE,
title = {In-Depth Survey of Digital Advertising Technologies},
author = {Gong Chen and Jacob H. Cox and A. Selcuk Uluagac and John A. Copeland},
url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7390161},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {IEEE Communications Surveys & Tutorials},
abstract = {Some of the world’s most well-known IT companies are in fact advertising companies deriving their primary revenues through digital advertising. For this reason, these IT giants are able to continually drive the evolutions of information technology in ways that serve to enhance our everyday lives. The benefits of this relationship include free web browsers with powerful search engines and mobile applications. Still, it turns out that “free” comes at a cost that is paid through our interactions within a digital advertising ecosystem. Digital advertising is not without its challenges. Issues originate from the complex platforms utilized to support advertising over web and mobile application interfaces. This is especially true for advertising links. Additionally, as new methods for advertising develop so too does the potential for impacting its underlying ecosystem for good or ill. Accordingly, researchers are interested in understanding this ecosystem, the factors that impact it, and the strategies for improving it. The major contribution of this survey is that it is the first review of the digital advertising ecosystem as it applies to online websites and mobile applications. In doing so, we explain the digital advertising relationships within this ecosystem along with their technical, social, political, and physical implications. Furthermore, advertising principles along with a variation of other advertising
approaches, both legitimate and malicious, are explored in order to compare and contrast competing digital advertising methods.},
keywords = {Web Security},
pubstate = {published},
tppubtype = {article}
}
Some of the world’s most well-known IT companies are in fact advertising companies deriving their primary revenues through digital advertising. For this reason, these IT giants are able to continually drive the evolutions of information technology in ways that serve to enhance our everyday lives. The benefits of this relationship include free web browsers with powerful search engines and mobile applications. Still, it turns out that “free” comes at a cost that is paid through our interactions within a digital advertising ecosystem. Digital advertising is not without its challenges. Issues originate from the complex platforms utilized to support advertising over web and mobile application interfaces. This is especially true for advertising links. Additionally, as new methods for advertising develop so too does the potential for impacting its underlying ecosystem for good or ill. Accordingly, researchers are interested in understanding this ecosystem, the factors that impact it, and the strategies for improving it. The major contribution of this survey is that it is the first review of the digital advertising ecosystem as it applies to online websites and mobile applications. In doing so, we explain the digital advertising relationships within this ecosystem along with their technical, social, political, and physical implications. Furthermore, advertising principles along with a variation of other advertising
approaches, both legitimate and malicious, are explored in order to compare and contrast competing digital advertising methods.
approaches, both legitimate and malicious, are explored in order to compare and contrast competing digital advertising methods.
Citations: 8413
h-index: 44
i10-index: 107
