NDSS 2021 Processing Dangerous Paths – On Security and Privacy of the Portable Document Format
SESSION 1B-2 Processing Dangerous Paths – On Security and Privacy of the Portable Document Format
PDF is the de-facto standard for document exchange. It is common to open PDF files from potentially untrusted sources such as email attachments or downloaded from the Internet. In this work, we perform an in-depth analysis of the capabilities of malicious PDF documents. Instead of focusing on implementation bugs, we abuse legitimate features of the PDF standard itself by systematically identifying dangerous paths in the PDF file structure. These dangerous paths lead to attacks that we categorize into four generic classes: (1) Denial-of-Service attacks affecting the host that processes the document. (2) Information disclosure attacks leaking personal data out of the victim’s computer. (3) Data manipulation on the victim’s system. (4) Code execution on the victim’s machine. An evaluation of 28 popular PDF processing applications shows that 26 of them are vulnerable at least one attack. Finally, we propose a methodology to protect against attacks based on PDF features systematically.
PAPER
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-2_23109_paper.pdf
SLIDES
AUTHORS
Jens Müller (Ruhr University Bochum), Dominik Noss (Ruhr University Bochum), Christian Mainka (Ruhr University Bochum), Vladislav Mladenov (Ruhr University Bochum), Jörg Schwenk (Ruhr University Bochum)
Network and Distributed System Security (NDSS) Symposium 2021, 21 – 25 February 2021
https://www.ndss-symposium.org/ndss-program/ndss-2021/
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
https://www.ndss-symposium.org/
#NDSS #NDSS21 #NDSS2021 #InternetSecurity
Видео NDSS 2021 Processing Dangerous Paths – On Security and Privacy of the Portable Document Format канала NDSS Symposium
PDF is the de-facto standard for document exchange. It is common to open PDF files from potentially untrusted sources such as email attachments or downloaded from the Internet. In this work, we perform an in-depth analysis of the capabilities of malicious PDF documents. Instead of focusing on implementation bugs, we abuse legitimate features of the PDF standard itself by systematically identifying dangerous paths in the PDF file structure. These dangerous paths lead to attacks that we categorize into four generic classes: (1) Denial-of-Service attacks affecting the host that processes the document. (2) Information disclosure attacks leaking personal data out of the victim’s computer. (3) Data manipulation on the victim’s system. (4) Code execution on the victim’s machine. An evaluation of 28 popular PDF processing applications shows that 26 of them are vulnerable at least one attack. Finally, we propose a methodology to protect against attacks based on PDF features systematically.
PAPER
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-2_23109_paper.pdf
SLIDES
AUTHORS
Jens Müller (Ruhr University Bochum), Dominik Noss (Ruhr University Bochum), Christian Mainka (Ruhr University Bochum), Vladislav Mladenov (Ruhr University Bochum), Jörg Schwenk (Ruhr University Bochum)
Network and Distributed System Security (NDSS) Symposium 2021, 21 – 25 February 2021
https://www.ndss-symposium.org/ndss-program/ndss-2021/
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
https://www.ndss-symposium.org/
#NDSS #NDSS21 #NDSS2021 #InternetSecurity
Видео NDSS 2021 Processing Dangerous Paths – On Security and Privacy of the Portable Document Format канала NDSS Symposium
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
NDSS 2021 Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy
NDSS 2020 SPEECHMINER Framework Investigating and Measuring Speculative Execution Vulnerabilities
NDSS 2021 NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces
NDSS 2021 WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning
NDSS 2018 Settling Payments: Efficient Decentralized Routing for Path-Based Transactions
NDSS 2020 Genotype Extraction and False Relative Attacks: Security Risks to Genealogy Services
NDSS 2018 - A Longitudinal Study of PII Leaks Across Android App Versions
NDSS 2020 Compliance Cautions: Security Issues Associated with U.S. Digital-Security Standards
NDSS 2020 Measuring the Deployment of Network Censorship Filters at Global Scale
NDSS 2018 - ZeroTrace : Oblivious Memory Primitives from Intel SGX
NDSS 2021 SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Learning
NDSS 2021 WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics
NDSS 2019 DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous Systems
NDSS 2017 Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations...
NDSS 2021 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
NDSS 2021 As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service
NDSS 2018 Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing
NDSS 2020 Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors
NDSS 2022 AutoSec Demo #14: In-Vehicle Communication Using Named Data Networking
NDSS 2022 LASER - “Mind your own cryptocurrency!”
NDSS 2021 Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages