Recent News
Partnering for success: Computer Science students represent UNM in NASA and Supercomputing Competitions
December 11, 2024
New associate dean interested in helping students realize their potential
August 6, 2024
Hand and Machine Lab researchers showcase work at Hawaii conference
June 13, 2024
Two from School of Engineering to receive local 40 Under 40 awards
April 18, 2024
News Archives
[Colloqiuum] Application-Level Reconnaissance: Timing Channel Attacks Against Antivirus Software
March 8, 2011
Watch Colloquium:
M4V file (303 MB)
- Date: Tuessday, March 8, 2011
- Time: 11:00 am — 11:50 am
- Place: Mechanical Engineering 218
Mohammed Al-Saleh
UNM Department of Computer Science
PhD Graduate Student
Remote attackers use network reconnaissance techniques, such as port scanning, to gain information about a victim machine and then use this information to launch an attack. Current network reconnaissance techniques, that are typically below the application layer, are limited in the sense that they can only give basic information, such as what services a victim is running. Furthermore, modern remote exploits typically come from a server and attack a client that has connected to it, rather than the attacker connecting directly to the victim. In this paper, we raise this question and answer it: Can the attacker go beyond the traditional techniques of network reconnaissance and gain high-level, detailed information?
We investigate remote timing channel attacks against ClamAV antivirus and show that it is possible, with high accuracy, for the remote attacker to check how up-to-date the victim.s antivirus signature database is. Because the strings the attacker uses to do this are benign (i.e., they do not trigger the antivirus) and the attack can be accomplished through many different APIs, the attacker has a large amount of flexibility in hiding the attack.
Bio: Mohammed Al-Saleh is from Jordan. He received his Bachelor degree from Jordan University of Science and Technology (JUST) Computer Science Dept. in 2003. He then worked as a Research Assistant for 2 years. He came to the US in August 2005 to continue his studies and completed his Master degree in computer science from New Mexico State University (NMSU) in summer 2007. He started his PhD program at NMSU but decided to transfer to the University of New Mexico (UNM). His advisor is Jed Crandall.