BASS

4th International Workshop on Behavioral Authentication for System Security
  • Date
    Aug 02, 2024
  • Location
    SR03
  • Duration
    09:00 — 15:00
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Andrea Saracino
  • → Alessandro Aldini
  • → Marco Rasori

Accepted Paper

Analysis of the Windows Control Flow Guard
Niels Pfau (Institute of IT Security Research, St. Pölten University of Applied Sciences, Austria), Patrick Kochberger (Institute of IT Security Research, St. Pölten University of Applied Sciences, Austria)
Full Paper
Cybersecurity’s constantly evolving field demands defense mechanisms’ continuous development and refinement. Memory corruption attacks, including buffer overflows and use-after-free vulnerabilities, have long been a significant threat, especially for web browsers. Microsoft introduced Control Flow Guard (CFG) as a mitigative measure against advanced exploitation techniques, like ROP and use-after-free-based exploits, to address these risks. This paper delves into the internals of CFG, its implementation, effectiveness, and possible bypasses that could undermine its security. A thorough examination of Microsoft’s CFG design principles gives the reader an in-depth understanding of how CFG enforces control flow integrity within a program’s execution. The limitations of this mitigation are highlighted by employing a direct return address overwrite to exploit the ChakraCore JavaScript engine.

Additional potential bypasses are investigated, considering other scenarios wherein CFG might get circumvented. This exploration emphasizes the importance of continued research and development in the field of exploit mitigation, and the chaining of multiple mitigations to address evolving threats and maintain the security and integrity of modern software.

In conclusion, the paper discusses the Windows CFG and its ramifications on memory corruption attacks. It manifests the effectiveness against specific exploitation methods while spotlighting limitations and potential bypasses that could jeopardize its security.
Workshop BASS
A tool for IoT Firmware Certification
Giuseppe Marco Bianco (Politecnico di Torino, Italy), Luca Ardito (Politecnico di Torino, Italy), Michele Valsesia (Politecnico di Torino, Italy)
Full Paper
The IoT landscape is plagued by security and reliability concerns due to the absence of standardization, rendering devices susceptible to breaches. Certifying IoT firmware offers a solution by enabling consumers to easily identify secure products and incentivizing developers to prioritize secure coding practices, thereby fostering transparency within the IoT ecosystem. This study proposes a methodology centered on ELF binary analysis, aimed at discerning critical functionalities by identifying system calls within firmware. It introduces the manifest-producer tool, developed in Rust, for analyzing ELF binaries in IoT firmware certification. Employing static analysis techniques, the tool detects APIs and evaluates firmware behavior, culminating in the generation of JSON manifests encapsulating essential information. These manifests enable an assessment of firmware compliance with security and reliability standards, as well as alignment with declared device behaviors. Performance analysis using benchmarking tools demonstrates the tool's versatility and resilience across diverse programming languages and file sizes. Future avenues of research include refining API discovery algorithms and conducting vulnerability analyses to bolster IoT device security. This paper underscores the pivotal role of firmware certification in cultivating a safer IoT ecosystem and presents a valuable tool for realizing this objective within academic discourse.
Workshop BASS
Image-based detection and classification of Android malware through CNN models
Alessandro Aldini (University of Urbino Carlo Bo, Italy), Tommaso Petrelli (University of Urbino Carlo Bo, Italy)
Full Paper
Convolutional Neural Networks (CNN) are artificial deep learning networks widely used in computer vision and image recognition for their highly efficient capability of extracting input image features. In the literature, such a successful tool has been leveraged for detection/classification purposes in several application domains where input data are converted into images. In this work, we consider the application of CNN models, developed by employing standard Python libraries, to detect and then classify Android-based malware applications. Different models are tested, even in combination with machine learning-based classifiers, with respect to two datasets of 5000 applications each. To emphasize the adequacy of the various CNN implementations, several performance metrics are considered, as also stressed by a comprehensive comparison with related work.
Workshop BASS
A Web Browser Plugin for Users' Security Awareness
Thomas Hoad (University of Southampton, United Kingdom), Erisa Karafili (University of Southampton, United Kingdom)
Full Paper
Browsing online continues to pose a risk to the users’ privacy and security. There is a plethora of existing tools and solutions that aim at ensuring safe and private browsing but they are not used by the majority of the users due to the lack of ease of use or because they are too restrictive. In this work, we present a plugin for Google Chrome that aims to increase the users' security awareness regarding the visited websites. We aim to provide the user with simple and understandable information about the security of the visited website. We evaluated our tool through a usability analysis and compared it with existing well-known solutions. Our study showed that our plugin ranking was high in the ease of use, and in the middle range for clarity, information provided, and overall satisfaction. Overall, our study showed that the users would like to use a tool that has ease of use but that also provides some simple security information about the visited website.
Workshop BASS
Systematic Analysis of Label-flipping Attacks against Federated Learning in Collaborative Intrusion Detection Systems
Léo Lavaur (IMT Atlantique / IRISA-SOTERN / Cyber CNI, France), Yann Busnel (IMT Nord Europe / IRISA-SOTERN, France), Fabien Autrel (IMT Atlantique / IRISA-SOTERN, France)
Full Paper
With the emergence of federated learning (FL) and its promise of privacy-preserving knowledge sharing, the field of intrusion
detection systems (IDSs) has seen a renewed interest in the development of collaborative models. However, the distributed nature of FL makes it vulnerable to malicious contributions from its participants, including data poisoning attacks. The specific case of label-flipping attacks, where the labels of a subset of the training data are flipped, has been overlooked in the context of IDSs that leverage FL primitives. This study aims to close this gap by providing a systematic and comprehensive analysis of the impact of label-flipping attacks on FL for IDSs. We show that such attacks can still have a significant impact on the performance of FL models, especially targeted ones, depending on parameters and dataset characteristics. Additionally, the provided tools and methodology can be used to extend our findings to other models and datasets, and benchmark the efficiency of existing countermeasures.
Workshop BASS
If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat Systems
Christoph Dorner (St. Pölten University of Applied Sciences, Austria), Lukas Daniel Klausner (St. Pölten University of Applied Sciences, Austria)
Full Paper
Addressing a critical aspect of cybersecurity in online gaming, this paper systematically evaluates the extent to which kernel-level anti-cheat systems mirror the properties of rootkits, highlighting the importance of distinguishing between protective and potentially invasive software. After establishing a definition for rootkits (making distinctions between rootkits and simple kernel-level applications) and defining metrics to evaluate such software, we introduce four widespread kernel-level anti-cheat solutions. We lay out the inner workings of these types of software, assess them according to our previously established definitions, and discuss ethical considerations and the possible privacy infringements introduced by such programs. Our analysis shows two of the four anti-cheat solutions exhibiting rootkit-like behaviour, threatening the privacy and the integrity of the system. This paper thus provides crucial insights for researchers and developers in the field of gaming security and software engineering, highlighting the need for informed development practices that carefully consider the intersection of effective anti-cheat mechanisms and user privacy.
Workshop BASS
Behavioural Modelling for Sustainability in Smart Homes
Luca Ardito (Politecnico di Torino, Italy)
Full Paper
The critical role of behavioral interventions, such as real-time feedback, automation, incentives, and nudges, will be discussed in fostering eco-friendly behaviors among residents. Highlighting real case studies on devices, the session will demonstrate practical benefits, including significant energy savings, enhanced comfort, and reduced greenhouse gas emissions.

Addressing privacy concerns is important in the adoption of these technologies. Strategies for robust data protection, transparency, and user education will be outlined to build trust and ensure ethical data use. Furthermore, the session will cover the importance of regulatory frameworks like GDPR and CCPA in safeguarding user privacy and promoting secure smart home ecosystems.

The future of smart homes lies in the intersection of technological advancements, policy development, market growth, and environmental impact. The session will explore how advancements in artificial intelligence, machine learning, and data analytics enhance smart home capabilities and how strategic partnerships and continuous innovation drive market growth. Emphasizing the critical contribution of smart homes to global sustainability efforts, the talk will showcase how these technologies mitigate climate change and conserve natural resources.

A key highlight of this session will be the integration of gamification to increase user engagement and motivation. By applying game-design elements like points, leaderboards, and challenges, sustainable practices can become more engaging and enjoyable, leading to greater user involvement and long-term behavior change.

This speech will provide a comprehensive overview of the current and future directions in smart home sustainability, highlighting the interplay between technology, policy, and user engagement to shape research directions and foster a sustainable and efficient future.
Workshop BASS

Accepted Paper

Analysis of the Windows Control Flow Guard
Niels Pfau (Institute of IT Security Research, St. Pölten University of Applied Sciences, Austria), Patrick Kochberger (Institute of IT Security Research, St. Pölten University of Applied Sciences, Austria)
Full Paper
Cybersecurity’s constantly evolving field demands defense mechanisms’ continuous development and refinement. Memory corruption attacks, including buffer overflows and use-after-free vulnerabilities, have long been a significant threat, especially for web browsers. Microsoft introduced Control Flow Guard (CFG) as a mitigative measure against advanced exploitation techniques, like ROP and use-after-free-based exploits, to address these risks. This paper delves into the internals of CFG, its implementation, effectiveness, and possible bypasses that could undermine its security. A thorough examination of Microsoft’s CFG design principles gives the reader an in-depth understanding of how CFG enforces control flow integrity within a program’s execution. The limitations of this mitigation are highlighted by employing a direct return address overwrite to exploit the ChakraCore JavaScript engine.

Additional potential bypasses are investigated, considering other scenarios wherein CFG might get circumvented. This exploration emphasizes the importance of continued research and development in the field of exploit mitigation, and the chaining of multiple mitigations to address evolving threats and maintain the security and integrity of modern software.

In conclusion, the paper discusses the Windows CFG and its ramifications on memory corruption attacks. It manifests the effectiveness against specific exploitation methods while spotlighting limitations and potential bypasses that could jeopardize its security.
Workshop BASS
If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat Systems
Christoph Dorner (St. Pölten University of Applied Sciences, Austria), Lukas Daniel Klausner (St. Pölten University of Applied Sciences, Austria)
Full Paper
Addressing a critical aspect of cybersecurity in online gaming, this paper systematically evaluates the extent to which kernel-level anti-cheat systems mirror the properties of rootkits, highlighting the importance of distinguishing between protective and potentially invasive software. After establishing a definition for rootkits (making distinctions between rootkits and simple kernel-level applications) and defining metrics to evaluate such software, we introduce four widespread kernel-level anti-cheat solutions. We lay out the inner workings of these types of software, assess them according to our previously established definitions, and discuss ethical considerations and the possible privacy infringements introduced by such programs. Our analysis shows two of the four anti-cheat solutions exhibiting rootkit-like behaviour, threatening the privacy and the integrity of the system. This paper thus provides crucial insights for researchers and developers in the field of gaming security and software engineering, highlighting the need for informed development practices that carefully consider the intersection of effective anti-cheat mechanisms and user privacy.
Workshop BASS
Systematic Analysis of Label-flipping Attacks against Federated Learning in Collaborative Intrusion Detection Systems
Léo Lavaur (IMT Atlantique / IRISA-SOTERN / Cyber CNI, France), Yann Busnel (IMT Nord Europe / IRISA-SOTERN, France), Fabien Autrel (IMT Atlantique / IRISA-SOTERN, France)
Full Paper
With the emergence of federated learning (FL) and its promise of privacy-preserving knowledge sharing, the field of intrusion
detection systems (IDSs) has seen a renewed interest in the development of collaborative models. However, the distributed nature of FL makes it vulnerable to malicious contributions from its participants, including data poisoning attacks. The specific case of label-flipping attacks, where the labels of a subset of the training data are flipped, has been overlooked in the context of IDSs that leverage FL primitives. This study aims to close this gap by providing a systematic and comprehensive analysis of the impact of label-flipping attacks on FL for IDSs. We show that such attacks can still have a significant impact on the performance of FL models, especially targeted ones, depending on parameters and dataset characteristics. Additionally, the provided tools and methodology can be used to extend our findings to other models and datasets, and benchmark the efficiency of existing countermeasures.
Workshop BASS
Behavioural Modelling for Sustainability in Smart Homes
Luca Ardito (Politecnico di Torino, Italy)
Full Paper
The critical role of behavioral interventions, such as real-time feedback, automation, incentives, and nudges, will be discussed in fostering eco-friendly behaviors among residents. Highlighting real case studies on devices, the session will demonstrate practical benefits, including significant energy savings, enhanced comfort, and reduced greenhouse gas emissions.

Addressing privacy concerns is important in the adoption of these technologies. Strategies for robust data protection, transparency, and user education will be outlined to build trust and ensure ethical data use. Furthermore, the session will cover the importance of regulatory frameworks like GDPR and CCPA in safeguarding user privacy and promoting secure smart home ecosystems.

The future of smart homes lies in the intersection of technological advancements, policy development, market growth, and environmental impact. The session will explore how advancements in artificial intelligence, machine learning, and data analytics enhance smart home capabilities and how strategic partnerships and continuous innovation drive market growth. Emphasizing the critical contribution of smart homes to global sustainability efforts, the talk will showcase how these technologies mitigate climate change and conserve natural resources.

A key highlight of this session will be the integration of gamification to increase user engagement and motivation. By applying game-design elements like points, leaderboards, and challenges, sustainable practices can become more engaging and enjoyable, leading to greater user involvement and long-term behavior change.

This speech will provide a comprehensive overview of the current and future directions in smart home sustainability, highlighting the interplay between technology, policy, and user engagement to shape research directions and foster a sustainable and efficient future.
Workshop BASS
A tool for IoT Firmware Certification
Giuseppe Marco Bianco (Politecnico di Torino, Italy), Luca Ardito (Politecnico di Torino, Italy), Michele Valsesia (Politecnico di Torino, Italy)
Full Paper
The IoT landscape is plagued by security and reliability concerns due to the absence of standardization, rendering devices susceptible to breaches. Certifying IoT firmware offers a solution by enabling consumers to easily identify secure products and incentivizing developers to prioritize secure coding practices, thereby fostering transparency within the IoT ecosystem. This study proposes a methodology centered on ELF binary analysis, aimed at discerning critical functionalities by identifying system calls within firmware. It introduces the manifest-producer tool, developed in Rust, for analyzing ELF binaries in IoT firmware certification. Employing static analysis techniques, the tool detects APIs and evaluates firmware behavior, culminating in the generation of JSON manifests encapsulating essential information. These manifests enable an assessment of firmware compliance with security and reliability standards, as well as alignment with declared device behaviors. Performance analysis using benchmarking tools demonstrates the tool's versatility and resilience across diverse programming languages and file sizes. Future avenues of research include refining API discovery algorithms and conducting vulnerability analyses to bolster IoT device security. This paper underscores the pivotal role of firmware certification in cultivating a safer IoT ecosystem and presents a valuable tool for realizing this objective within academic discourse.
Workshop BASS
Image-based detection and classification of Android malware through CNN models
Alessandro Aldini (University of Urbino Carlo Bo, Italy), Tommaso Petrelli (University of Urbino Carlo Bo, Italy)
Full Paper
Convolutional Neural Networks (CNN) are artificial deep learning networks widely used in computer vision and image recognition for their highly efficient capability of extracting input image features. In the literature, such a successful tool has been leveraged for detection/classification purposes in several application domains where input data are converted into images. In this work, we consider the application of CNN models, developed by employing standard Python libraries, to detect and then classify Android-based malware applications. Different models are tested, even in combination with machine learning-based classifiers, with respect to two datasets of 5000 applications each. To emphasize the adequacy of the various CNN implementations, several performance metrics are considered, as also stressed by a comprehensive comparison with related work.
Workshop BASS
A Web Browser Plugin for Users' Security Awareness
Thomas Hoad (University of Southampton, United Kingdom), Erisa Karafili (University of Southampton, United Kingdom)
Full Paper
Browsing online continues to pose a risk to the users’ privacy and security. There is a plethora of existing tools and solutions that aim at ensuring safe and private browsing but they are not used by the majority of the users due to the lack of ease of use or because they are too restrictive. In this work, we present a plugin for Google Chrome that aims to increase the users' security awareness regarding the visited websites. We aim to provide the user with simple and understandable information about the security of the visited website. We evaluated our tool through a usability analysis and compared it with existing well-known solutions. Our study showed that our plugin ranking was high in the ease of use, and in the middle range for clarity, information provided, and overall satisfaction. Overall, our study showed that the users would like to use a tool that has ease of use but that also provides some simple security information about the visited website.
Workshop BASS

Detail BASS 03/06

Topics of interest include, but are not limited to 04/06

  • Software Behavior Analysis
  • User behavior modeling and classification
  • Ontologies for behavior representation
  • Human behavior profiling
  • Behavior-based authentication
  • Behavioral features and approaches for intrusion detection
  • Privacy-preserving behavioral analysis
  • Explainability of behavioral analysis
  • Secure recording and management of behavioral features
  • Hazardous behavior prediction and risk mitigation
  • Behavioral models for distributed IT systems
  • Hardware and virtual network traffic behavior
  • Behavioral analysis and classification for forensic applications
  • Cyber-Risk models exploiting behavioral features
  • Behavioral practices for cyber-disaster management and recovery
  • Models and practices for collaborative behavioral analysis
  • Biometric-behavioral models for user authentication
  • Ability authentication
  • Behavioral Analysis for Access and Usage Control

Workshop Chairs 05/06

Workshop Chairs

Workshop Chairs Logo
Andrea Saracino
Scuola Superiore Universitaria Sant’Anna, Italy
Workshop Chairs Logo
Alessandro Aldini
Università di Urbino, Italy
Workshop Chairs Logo
Marco Rasori
Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Italy

Program Committe

Vasileios Gkioulos | Norwegian University of Science and Technology, Norway
Paolo Mori | IIT-CNR, Italy
Mohammad Hamad | Technical University of Munich, Germany
Luca Ardito | Politecnico di Torino, Italy
Nicola Zannone | Eindhoven University of Technology, Netherlands
Marco Tiloca | RISE Research Institutes of Sweden, Sweden
Erisa Karafili | University of Southampton, UK
Pericle Perazzo | University of Pisa, Italy
Shucheng Yu | Stevens Institute of Technology, US
Weizhi Meng | Technical University of Denmark, Denmark
Maryam Mehrnezhad | Royal Holloway University of London, UK
Wojtek Jamroga | Polish Academy of Sciences, Poland

Submission 06/06

Important Dates

Extended Submission Deadline May 15, 2024
Author Notification May 29, 2024
Proceedings Version Jun 18, 2024
Conference Jul 30 — Aug 02, 2024
Join ARES 2025!

Join us at ARES 2025 in Ghent, Belgium