We are pleaased to announce that our paper has been accepted for publication at the 21st Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2024). Congratulations to Matsuo-kun and the team!
Kazuki Matsuo, Satoshi Tanda, Yuhei Kawakoya, Kuniyasu Suzaki, and Tatsuya Mori, “SmmPack: Obfuscation for SMM Modules,” Proceedings of DIMVA 2024 (accepted for publication)
In this paper, we address the urgent need to improve computer security for System Management Mode (SMM), the most privileged operating mode in x86 and x86-64 processors. Recognizing that SMM is frequently exploited by attackers to bypass critical security measures, we developed SmmPack. The key idea is to encrypt the SMM modules, making it much harder for hackers to access and analyze. Our extensive testing has shown that SmmPack not only effectively strengthens security, but also preserves computer performance. In addition, we have demonstrated the practicality of deploying and managing SmmPack, including during BIOS updates. This breakthrough represents a significant advancement in protecting the highly privileged SMM and securing computers against advanced cyber threats.
We are pleased to announce that the following two work-in-progress (WIP) papers and two poster submissions have been accepted for publication at the upcoming Symposium on Vehicle Security and Privacy (VehicleSec 2024). Congratulations to everyone involved!
R. Kobayashi, K. Nomoto, Y. Tanaka, G. Tsuruoka, T. Mori, “WIP: Shadow Hack: Adversarial Shadow Attack Against LiDAR Object Detection,” VehicleSec 2024 (to appear)
G. Tsuruoka, T. Sato, A. Chen, K. Nomoto, R. Kobayashi, Y. Tanaka, T. Mori, “WIP: Adversarial Retroreflective Patches: A Novel Stealthy Attack on Traffic Sign Recognition at Night,” VehicleSec 2024 (to appear)
Z. He, T. Mori, “Poster: Robustness of DRL-Based Autonomous Driving to Adversarial Inputs,” VehicleSec 2024 (to appear)
Y. Zhao, T. Mori, “Poster: Bypassing Physical Invariants-Based Defenses in Autonomous Vehicles,” VehicleSec 2024 (to appear)
We are pleased to announce that our paper, “Longitudinal Measurement Study of the Domain Names Associated with Olympic Games,” has been accepted for publication in IEEE ACCESS. Congratulations to Kawaoka-kun and the co-authors!
Our study focuses on domain names related to the Olympic Games, specifically analyzing the Tokyo, Beijing, and Paris Olympics. We observed significant increases in domain registrations linked to these events, notably during the Tokyo 2020 postponement and the Beijing 2022 diplomatic boycott. The study also reveals a rise in the misuse of these domains, particularly for malicious websites, as the games approached.
As we head towards the Paris Olympics this year, our findings highlight the critical importance of monitoring and securing the digital landscape surrounding such global events, emphasizing the need for heightened awareness and proactive security measures in the face of evolving online threats.
R. Kawaoka, D. Chiba, T. Watanabe, M. Akiyama, and T. Mori, “Longitudinal Measurement Study of the Domain Names Associated with Olympic Games,” IEEE ACCESS, Vol. XX, No. XX. pp. XXXX-XXXX, 2024 [Early access version] (the title will be changed)
We’re excited to announce that our paper, “VPN Awareness and Misconceptions: A Comparative Study in Canadian and Japanese Contexts” has been accepted for presentation at the Symposium on Usable Security and Privacy (USEC 2024). Congraturations Lachran!
Our study provides an in-depth look into the usage patterns, perceptions, and common misconceptions about Virtual Private Networks (VPNs) among users in Canada and Japan. Through a survey of 234 VPN users from these two countries, we’ve uncovered significant insights:
Cultural Variations in VPN Usage: The study reveals that Japanese users primarily use VPNs for security purposes. In contrast, Canadian users have a broader scope of VPN applications, including privacy concerns and accessing geographically restricted content.
Understanding of VPN Functionality: We found that Canadian users, despite having limited technical knowledge, have a broader understanding of VPNs. Conversely, Japanese participants displayed a deeper technical insight, particularly regarding the encryption of data in transit.
Awareness and Misconceptions: A critical observation was the limited awareness of data logging practices among VPN providers in both user groups, pointing to widespread misconceptions in this area.
This research marks a significant contribution to the understanding of VPN usage, highlighting the cultural nuances that influence the adoption and perceptions of VPNs in different regions. It offers invaluable insights into the diverse motivations and behaviors of VPN users in Canada and Japan.
Lachlan Moore and Tatsuya Mori, “VPN Awareness and Misconceptions: A Comparative Study in Canadian and Japanese Contexts“, Proceedings of the Symposium on Usable Security and Privacy (USEC 2024) (to appear)