Your search keyword '"Fabio Massacci"' showing total 15 results

1. A Qualitative Study of Dependency Management and Its Security Implications

Author

Duc-Ly Vu, Fabio Massacci, and Ivan Pashchenko

Subjects

Process management, interviews, Point (typography), Computer science, business.industry, qualitative study, dependency management, security, vulnerable dependencies, 020207 software engineering, 02 engineering and technology, Software dependencies, Software, Scale (social sciences), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Android (operating system), Thematic analysis, business, Qualitative research, Dependency (project management)

Abstract

Several large scale studies on the Maven, NPM, and Android ecosystems point out that many developers do not often update their vulnerable software libraries thus exposing the user of their code to security risks. The purpose of this study is to qualitatively investigate the choices and the interplay of functional and security concerns on the developers' overall decision-making strategies for selecting, managing, and updating software dependencies. We run 25 semi-structured interviews with developers of both large and small-medium enterprises located in nine countries. All interviews were transcribed, coded, and analyzed according to applied thematic analysis. They highlight the trade-offs that developers are facing and that security researchers must understand to provide effective support to mitigate vulnerabilities (for example bundling security fixes with functional changes might hinder adoption due to lack of resources to fix functional breaking changes). We further distill our observations to actionable implications on what algorithms and automated tools should achieve to effectively support (semi-)automatic dependency management.

Published

2020

2. StaDynA

Author

Maqsood Ahmad, Bruno Crispo, Olga Gadyatskaya, Fabio Massacci, and Yury Zhauniarovich

Subjects

Security analysis, Computer engineering, Computer science, Android malware, Closed world, Real-time computing, Static analysis, Android (operating system)

Abstract

Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These techniques defuse even the most recent static analyzers that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

Published

2015

3. NodeSentry

Author

Willem De Groef, Fabio Massacci, Frank Piessens, Jr, Charles N Payne, Hahn, Adam, Butler, Kevin RB, and Sherr, Micah

Subjects

Unobtrusive JavaScript, business.industry, Computer science, Principle of least privilege, Access control, Cloud computing, Enterprise information security architecture, JavaScript, computer.software_genre, Computer security, Internet security, Operating system, business, computer, computer.programming_language, Vulnerability (computing)

Abstract

Node.js is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. Its strength is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise one's entire server. In order to support the least-privilege integration of libraries, we developed NodeSentry, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web-hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the implementation of NodeSentry, and present its practical evaluation. For hundreds of concurrent clients, NodeSentry has the same capacity and throughput as plain Node.js. Only on a large scale, when Node.js itself yields to a heavy load, NodeSentry shows a limited overhead. ispartof: pages:446-455 ispartof: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC 2014) vol:2014-December issue:December pages:446-455 ispartof: Annual Computer Security Applications Conference location:New Orleans, Louisiana date:8 Dec - 12 Dec 2014 status: published

Published

2014

4. A preliminary analysis of vulnerability scores for attacks in wild

Author

Fabio Massacci and Luca Allodi

Subjects

Exploit, Computer science, CVSS, Vulnerability, Data mining, Standard measure, computer.software_genre, computer, Preliminary analysis, De facto standard

Abstract

NVD and Exploit-DB are the de facto standard databases used for research on vulnerabilities, and the CVSS score is the standard measure for risk. On open question is whether such databases and scores are actually representative of attacks found in the wild. To address this question we have constructed a database (EKITS) based on the vulnerabilities currently used in exploit kits from the black market and extracted another database of vulnerabilities from Symantec's Threat Database (SYM). Our final conclusion is that the NVD and EDB databases are not a reliable source of information for exploits in the wild, even after controlling for the CVSS and exploitability subscore. An high or medium CVSS score shows only a significant sensitivity (i.e. prediction of attacks in the wild) for vulnerabilities present in exploit kits (EKITS) in the black market. All datasets exhibit a low specificity.

Published

2012

5. No purpose, no data

Author

Viet Hung Nguyen, Ayda Saidane, and Fabio Massacci

Subjects

Engineering, Goal orientation, business.industry, Access control, Enterprise information security architecture, Computer security, computer.software_genre, Domain (software engineering), Data access, Order (business), Dependability, business, computer, Interdisciplinarity

Abstract

Ambient assisted living is a new interdisciplinary field aiming at supporting senior citizens in their home by means of embedded technologies. This domain offer an interesting challenge for providing dependability and security in a privacy-respecting way: in order to provide services in an emergency we cannot monitor on a second-by-second base a senior citizen. Beside being immoral, it would be illegal (at least in Europe). At the same time if we don't get notified of an emergency the entire system would be useless.In this paper we present an access control model, the security architecture and the running implementation for ambient assisted living in smart-home. The model is based on the notion of organizational model in order to implement the notion of "no purpose, no data" behind data access. The detail of our prototype is presented in the video.

Published

2009

6. GoCoMM

Author

Stephan Neuhaus, Fabio Massacci, Alexander Pretschner, and Gabriela Gheorghe

Subjects

Capability Maturity Model, COBIT, Process management, Corporate governance, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Operations management, Audit, Business, Service Integration Maturity Model, Enforcement, Maturity (finance), Security controls

Abstract

Advanced methodologies for compliance such as CobiT identify a number of maturity levels that must be reached: first the existence of an infrastructure for the enforcement of security controls; second, the ability to continuously monitor and audit quantifiable indicators for the controls put in place; and third, the ability to react when a policy violation is detected. In this paper, we go further and define a governance and compliance maturity model (GoCoMM) that is process-oriented. As an instance of the highest level of governance and compliance, we suggest a method of goal correlation that provides measurable indicators of security and compliance by systematically refining business processes and regulatory goals. We also introduce a run-time architecture to support this model.

Published

2009

7. How to capture and use legal patterns in IT

Author

Alzbeta Krausova, Fabio Massacci, and Ayda Saidane

Subjects

System requirements, Parsing, Theoretical computer science, Computer science, Mainstream, Dependability, Graphical model, Computer-aided software engineering, computer.software_genre, Data science, computer, Natural language, Intuition

Abstract

In our own previous work [1], we looked at the problem of designing IT solutions (Security Patterns) accounting for legal and organizational issues. The proposed pattern design and validation process require legal experts to describe patterns in natural language. Such a description is parsed by a natural language processor on the basis of a semantic template [2]. The annotated description is then used to automatically generate graphical models of SI* patterns, which are revised by security engineers using a CASE Tool. The intriguing question that we address in this paper is the opposite of the mainstream one:Challenge 1. You have a technical solution (e.g. a security and dependability pattern). Can some of your system requirements be implemented by legal means?This challenge might seem at odd with intuition but only because we don't bring the usage of patterns to their logical end: if an answer to a legal, organizational or technical security requirement can be an organizational or technical solution, why cannot it also be a ... legal solution?

Published

2009

8. Logging key assurance indicators in business processes

Author

Artsiom Yautsiukhin, Gene Tsudik, and Fabio Massacci

Subjects

Scheme (programming language), Order (exchange), Computer science, Business process, Corporate structure, Logging, Key (cryptography), Audit, Computer security, computer.software_genre, computer, Field (computer science), computer.programming_language

Abstract

Management of a modern enterprise is based on the assumption that executive reports of lower-layer management are faithful to what is actually happening in the field. As some well-publicised major recent disasters (such as Barings, AllFirst-Allied Irish Bank, ENRON, Societe Generale) have shown, this assumption is not well-founded. Intermediate managers can misrepresent the actual state of their systems in order to hide negative events or to "doctor" reports which have been already produced. Existing security approaches which guarantee integrity of logs and related reports do not protect the system against these threats, if they are directly applied to a multi-layered corporate structure. In this paper, we extend existing approaches by constructing a logging scheme which ensures that, at each level, logs are both correct and consistent.

Published

2009

9. Simulating midlet's security claims with automata modulo theory

Author

Fabio Massacci and Ida Siahaan

Subjects

Theoretical computer science, Programming language, Computer science, Modulo, Code (cryptography), Automata theory, Büchi automaton, Security policy, computer.software_genre, computer, Mobile automaton, Decidability, Automaton

Abstract

Model-carrying code and security-by-contract have proposed to augment mobile code with a claim on its security behavior that could be matched against a mobile platform policy before downloading the code. In order to capture realistic scenarios with potentially infinite transitions (e.g. "only connections to urls starting with https") we have proposed to represent those policies with the notion of Automata Modulo Theory (AMT), an extension of Buchi Automata (BA), with edges labeled by expressions in a decidable theory.Our objective is the run-time matching of the mobile's platform policy against the midlet's security claims expressed as AMT. To this extent the use of on-the-fly product and emptiness test from automata theory may not be effective. In this paper we present an algorithm extending fair simulation between Buchi automata that can be more efficiently implemented.

Published

2008

10. Security-by-contract for web services

Author

Fabio Massacci and Nicola Dragoni

Subjects

Service (business), Computer science, Service delivery framework, business.industry, Internet privacy, Service level objective, Access control, Service provider, computer.software_genre, Computer security, Server, Web service, WS-Policy, business, computer

Abstract

The classical approach to access control of Web Services is to present a number of credentials for the access to a service and possibly negotiate their disclosure using a suitable negotiation protocol and a policy to protect them.In practice the "Web Service" is not really a single service but rather a set of services that can be accessed only through a suitable conversation. Further, in real-life we are often willing to trade the disclosure of personal attributes (frequent flyer number, car plate or AAA membership etc.) in change of additional services and only in a particular order.In this paper we propose a novel negotiation framework where services, needed credentials, and behavioral constraints on the disclosure of privileges are bundled together and that clients and servers have a hierarchy of preferences among the different bundles.While the protocol supports arbitrary negotiation strategies we sketch two concrete strategies (one for the clientand one for the service provider) that make it possible to successfully complete a negotiation when dealing with a co-operative partner and to resist attacks by malicious agentto "vacuum-clean" the preference policy of the honest participant.

Published

2007

11. An algorithm for the appraisal of assurance indicators for complex business processes

Author

Artsiom Yautsiukhin and Fabio Massacci

Subjects

Measure (data warehouse), Monotone polygon, Business process, Order (exchange), Computer science, Process (engineering), Software security assurance, Certification, Time complexity, Algorithm

Abstract

In order to provide certified security services we must provide indicators that can measure the level of assurance that a complex business process can offer. Unfortunately the formulation of security indicators is not amenable to efficient algorithms able to evaluate the level of assurance of complex process from its components.In this paper we show an algorithm based on FD-Graphs (a variant of directed hypergraphs) that can be used to compute in polynomial time (i) the overall assurance indicator of a complex business process from its components for arbitrary monotone composition functions, (ii) the subpart of the business process that is responsible for such assurance indicator (i.e. the best security alternative).

Published

2007

12. Session details: Network security

Author

Fabio Massacci

Subjects

Computer science, Network security, business.industry, Session (computer science), business, Computer security, computer.software_genre, computer

Published

2007

13. Generalized XML security views

Author

Nataliya Rassadko, Fabio Massacci, and Gabriel M. Kuper

Subjects

Document Structure Description, XML Encryption, Theoretical computer science, Computer Networks and Communications, Computer science, computer.internet_protocol, Access control, Security policy, computer.software_genre, Logical security, Simple API for XML, RELAX NG, Safety, Risk, Reliability and Quality, QA076 Data Base Management, XPath, Information retrieval, Database, business.industry, InformationSystems_DATABASEMANAGEMENT, XML validation, Computer security model, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, business, computer, Software, XML, Information Systems

Abstract

We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas [22] and later refined by Fan et al. [12]. The model consists of access control policies specified over DTDs with XPath expression for data-dependent access control policies. We provide the notion of security views for characterizing information accessible to authorized users. This is a transformed (sanitized) DTD schema that can be used by users for query formulation and optimization. Then we show an algorithm to materialize "authorized" version of the document from the view and an algorithm to construct the view from an access control specification. We show that our view construction combined with materialization produces the same result as the direct application of the DTD access specification on the document. To avoid the overhead of view materialization in query answering, user queries should undergo rewriting so that they are valid over the original DTD schema, and thus the query answer is computed from the original XML data. We provide an algorithm for query rewriting and show its performance compared with the naive approach, i.e. the approach when query is evaluated over materialized view. We also propose a number of generalizations of possible security policies.

Published

2005

14. The verification of an industrial payment protocol

Author

Fabio Massacci, Giampaolo Bella, and Lawrence C. Paulson

Subjects

Set (abstract data type), Credit card, Payment protocol, Computer science, Secure Electronic Transaction, Payment gateway, Cryptographic protocol, Computer security, computer.software_genre, Protocol (object-oriented programming), computer, Database transaction

Abstract

The Secure Electronic Transaction (SET) protocol has been proposed by a consortium of credit card companies and software corporations to secure e-commerce transactions. When the customer makes a purchase, the SET dual signature guarantees authenticity while keeping the customer's account details secret from the merchant and his choice of goods secret from the bank.This paper reports the first verification results for the complete purchase phase of SET. Using Isabelle and the inductive method, we showed that the credit card details do remain confidential and customer, merchant and bank can confirm most details of a transaction even when some of those details are kept from them. The complex protocol construction makes proofs more difficult but still feasible.Though enough goals can be proved to give confidence in SET, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the customer meant to sent his credit card details to the payment gateway that receives them.

Published

2002

15. Proceedings of the 2nd ACM Workshop on Quality of Protection, QoP 2006, Alexandria, VA, USA, October 30, 2006

Author

Günter Karjoth and Fabio Massacci

Published

2006