Neha Chachra - Academia.edu (original) (raw)
Papers by Neha Chachra
97 Fairplay, a popular system for secure function evaluation, is impractical for larger circuits,... more 97 Fairplay, a popular system for secure function evaluation, is impractical for larger circuits, due to speed and memory constraints. This work demonstrates significant improvement through pipelining the circuit creation process—gates are evaluated as they are generated, dramatically improving memory and time efficiency without sacrificing security guarantees. The system is evaluated benchmarking the ham-ming distance, edit distance, and AES performance problems against previous implementations. Hamming distance experienced a speed-up of several orders of magnitude, and an AES s-box was implemented with a 30% improvement in the number of non-free gates. Huang concluded that the pipelining technique, along with circuit-level optimization, allowed for garbled circuits to scale to large problem size. This framework and Android app demos are available at MightBeEvil.com. Ian Goldberg commented that he loved this work and hopes to see a trend of people realizing that garbled circuits ca...
Proceedings of the 2015 Internet Measurement Conference, 2015
We present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions ... more We present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity. Hulk elicits malicious behavior in extensions in two ways. First, Hulk leverages HoneyPages, which are dynamic pages that adapt to an extension's expectations in web page structure and content. Second, Hulk employs a fuzzer to drive the numerous event handlers that modern extensions heavily rely upon. We analyzed 48K ex-tensions from the Chrome Web store, driving each with over 1M URLs. We identify a number of malicious extensions, including one with 5.5 million affected users, stressing the risks that extensions pose for today's web security ecosystem, and the need to further strengthen browser security to protect user data and privacy.
2011 IEEE Symposium on Security and Privacy, 2011
Spam-based advertising is a business. While it has engendered both widespread antipathy and a mul... more Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise's full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam emailincluding naming, hosting, payment and fulfillment-using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.
Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12, 2012
We investigate the emergence of the exploit-as-a-service model for driveby browser compromise. In... more We investigate the emergence of the exploit-as-a-service model for driveby browser compromise. In this regime, attackers pay for an exploit kit or service to do the "dirty work" of exploiting a victim's browser, decoupling the complexities of browser and plugin vulnerabilities from the challenges of generating traffic to a website under the attacker's control. Upon a successful exploit, these kits load and execute a binary provided by the attacker, effectively transferring control of a victim's machine to the attacker. In order to understand the impact of the exploit-as-a-service paradigm on the malware ecosystem, we perform a detailed analysis of the prevalence of exploit kits, the families of malware installed upon a successful exploit, and the volume of traffic that malicious web sites receive. To carry out this study, we analyze 77,000 malicious URLs received from Google Safe Browsing, along with a crowd-sourced feed of blacklisted URLs known to direct to exploit kits. These URLs led to over 10,000 distinct binaries, which we ran in a contained environment. Our results show that many of the most prominent families of malware now propagate through driveby downloads-32 families in all. Their activities are supported by a handful of exploit kits, with Blackhole accounting for 29% of all malicious URLs in our data, followed in popularity by Incognito. We use DNS traffic from real networks to provide a unique perspective on the popularity of malware families based on the frequency that their binaries are installed by drivebys, as well as the lifetime and popularity of domains funneling users to exploits.
97 Fairplay, a popular system for secure function evaluation, is impractical for larger circuits,... more 97 Fairplay, a popular system for secure function evaluation, is impractical for larger circuits, due to speed and memory constraints. This work demonstrates significant improvement through pipelining the circuit creation process—gates are evaluated as they are generated, dramatically improving memory and time efficiency without sacrificing security guarantees. The system is evaluated benchmarking the ham-ming distance, edit distance, and AES performance problems against previous implementations. Hamming distance experienced a speed-up of several orders of magnitude, and an AES s-box was implemented with a 30% improvement in the number of non-free gates. Huang concluded that the pipelining technique, along with circuit-level optimization, allowed for garbled circuits to scale to large problem size. This framework and Android app demos are available at MightBeEvil.com. Ian Goldberg commented that he loved this work and hopes to see a trend of people realizing that garbled circuits ca...
Proceedings of the 2015 Internet Measurement Conference, 2015
We present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions ... more We present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity. Hulk elicits malicious behavior in extensions in two ways. First, Hulk leverages HoneyPages, which are dynamic pages that adapt to an extension's expectations in web page structure and content. Second, Hulk employs a fuzzer to drive the numerous event handlers that modern extensions heavily rely upon. We analyzed 48K ex-tensions from the Chrome Web store, driving each with over 1M URLs. We identify a number of malicious extensions, including one with 5.5 million affected users, stressing the risks that extensions pose for today's web security ecosystem, and the need to further strengthen browser security to protect user data and privacy.
2011 IEEE Symposium on Security and Privacy, 2011
Spam-based advertising is a business. While it has engendered both widespread antipathy and a mul... more Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise's full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam emailincluding naming, hosting, payment and fulfillment-using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.
Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12, 2012
We investigate the emergence of the exploit-as-a-service model for driveby browser compromise. In... more We investigate the emergence of the exploit-as-a-service model for driveby browser compromise. In this regime, attackers pay for an exploit kit or service to do the "dirty work" of exploiting a victim's browser, decoupling the complexities of browser and plugin vulnerabilities from the challenges of generating traffic to a website under the attacker's control. Upon a successful exploit, these kits load and execute a binary provided by the attacker, effectively transferring control of a victim's machine to the attacker. In order to understand the impact of the exploit-as-a-service paradigm on the malware ecosystem, we perform a detailed analysis of the prevalence of exploit kits, the families of malware installed upon a successful exploit, and the volume of traffic that malicious web sites receive. To carry out this study, we analyze 77,000 malicious URLs received from Google Safe Browsing, along with a crowd-sourced feed of blacklisted URLs known to direct to exploit kits. These URLs led to over 10,000 distinct binaries, which we ran in a contained environment. Our results show that many of the most prominent families of malware now propagate through driveby downloads-32 families in all. Their activities are supported by a handful of exploit kits, with Blackhole accounting for 29% of all malicious URLs in our data, followed in popularity by Incognito. We use DNS traffic from real networks to provide a unique perspective on the popularity of malware families based on the frequency that their binaries are installed by drivebys, as well as the lifetime and popularity of domains funneling users to exploits.