Your search keyword '"COMPUTER software security"' showing total 78 results

1. The Security Jawbreaker.

Author

Vachon, Phil

Subjects

*HOME security measures, *COMPUTER software security, *SECURITY management, *BUSINESS enterprises, *COMPUTER access control, *COMPUTER network security

Abstract

The article discusses the evolution of enterprise security in parallel with household security, emphasizing the transition from perimeter defenses to comprehensive access controls amid the internet's ubiquity. It explores the challenges of maintaining security as businesses expose more applications externally and advocates for segmented access based on roles and responsibilities to prevent breaches. Finally, it underscores the importance of pervasive authority checks within systems to minimize vulnerabilities and ensure robust security.

Published

2024

2. Deep Domain Adaptation With Max-Margin Principle for Cross-Project Imbalanced Software Vulnerability Detection.

Author

Nguyen, Van, Le, Trung, Tantithamthavorn, Chakkrit, Grundy, John, and Phung, Dinh

Subjects

COMPUTER security vulnerabilities, ARTIFICIAL intelligence, COMPUTER software, COMPUTER software security, APPLICATION software, COMPUTER software testing

Abstract

Software vulnerabilities (SVs) have become a common, serious, and crucial concern due to the ubiquity of computer software. Many AI-based approaches have been proposed to solve the software vulnerability detection (SVD) problem to ensure the security and integrity of software applications (in both the development and testing phases). However, there are still two open and significant issues for SVD in terms of (i) learning automatic representations to improve the predictive performance of SVD, and (ii) tackling the scarcity of labeled vulnerability datasets that conventionally need laborious labeling effort by experts. In this paper, we propose a novel approach to tackle these two crucial issues. We first exploit the automatic representation learning with deep domain adaptation for SVD. We then propose a novel cross-domain kernel classifier leveraging the max-margin principle to significantly improve the transfer learning process of SVs from imbalanced labeled into imbalanced unlabeled projects. Our approach is the first work that leverages solid body theories of the max-margin principle, kernel methods, and bridging the gap between source and target domains for imbalanced domain adaptation (DA) applied in cross-project SVD. The experimental results on real-world software datasets show the superiority of our proposed method over state-of-the-art baselines. In short, our method obtains a higher performance on F1-measure, one of the most important measures in SVD, from 1.83% to 6.25% compared to the second highest method in the used datasets. [ABSTRACT FROM AUTHOR]

Published

2024

3. A Game-Theoretical Self-Adaptation Framework for Securing Software-Intensive Systems.

Author

Li, Nianyu, Zhang, Mingyue, Li, Jialong, Adepu, Sridhar, Kang, Eunsuk, and Jin, Zhi

Subjects

MACHINE translating, MULTIPLAYER games, WATER purification, GAME theory, MODEL theory, PHYSIOLOGICAL adaptation, COMPUTER software security

Abstract

Security attacks present unique challenges to the design of self-adaptation mechanism for software-intensive systems due to the adversarial nature of the environment. Game-theoretical approaches have been explored in security to model malicious behaviors and design reliable defense for the system in a mathematically grounded manner. However, modeling the system as a single player, as done in prior works, is insufficient for the system under partial compromise and for the design of fine-grained defensive policies where the rest of the system with autonomy can cooperate to mitigate the impact of attacks. To address such issues, we propose a new self-adaptation framework incorporating Bayesian game theory and model the defender (i.e., the system) at the granularity of components. Under security attacks, the architecture model of the system is automatically translated, by the proposed translation process with designed algorithms, into a multi-player Bayesian game. This representation allows each component to be modeled as an independent player, while security attacks are encoded as variant types for the components. By solving for pure equilibrium (i.e., adaptation response), the system's optimal defensive strategy is dynamically computed, enhancing system resilience against security attacks by maximizing system utility. We validate the effectiveness of our framework through two sets of experiments using generic benchmark tasks tailored for the security domain. Additionally, we exemplify the practical application of our approach through a real-world implementation in the Secure Water Treatment System to demonstrate the applicability and potency in mitigating security risks. [ABSTRACT FROM AUTHOR]

Published

2024

4. Vision Transformer Inspired Automated Vulnerability Repair.

Author

Fu, Michael, Nguyen, Van, Tantithamthavorn, Chakkrit, Phung, Dinh, and Le, Trung

Subjects

TRANSFORMER models, OBJECT recognition (Computer vision), COMPUTER vision, COMPUTER software security, REPAIRING

Abstract

Recently, automated vulnerability repair approaches have been widely adopted to combat increasing software security issues. In particular, transformer-based encoder-decoder models achieve competitive results. Whereas vulnerable programs may only consist of a few vulnerable code areas that need repair, existing AVR approaches lack a mechanism guiding their model to pay more attention to vulnerable code areas during repair generation. In this article, we propose a novel vulnerability repair framework inspired by the Vision Transformer based approaches for object detection in the computer vision domain. Similar to the object queries used to locate objects in object detection in computer vision, we introduce and leverage vulnerability queries (VQs) to locate vulnerable code areas and then suggest their repairs. In particular, we leverage the cross-attention mechanism to achieve the cross-match between VQs and their corresponding vulnerable code areas. To strengthen our cross-match and generate more accurate vulnerability repairs, we propose to learn a novel vulnerability mask (VM) and integrate it into decoders' cross-attention, which makes our VQs pay more attention to vulnerable code areas during repair generation. In addition, we incorporate our VM into encoders' self-attention to learn embeddings that emphasize the vulnerable areas of a program. Through an extensive evaluation using the real-world 5,417 vulnerabilities, our approach outperforms all of the automated vulnerability repair baseline methods by 2.68% to 32.33%. Additionally, our analysis of the cross-attention map of our approach confirms the design rationale of our VM and its effectiveness. Finally, our survey study with 71 software practitioners highlights the significance and usefulness of AI-generated vulnerability repairs in the realm of software security. The training code and pre-trained models are available at https://github.com/awsm-research/VQM. [ABSTRACT FROM AUTHOR]

Published

2024

5. Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel Attacks.

Author

Gao, Pengfei, Song, Fu, and Chen, Taolue

Subjects

COMPUTER software security, DATA security failures, RANDOM variables, IMPLEMENTS, utensils, etc.

Abstract

Power side-channel attacks allow an adversary to efficiently and effectively steal secret information (e.g., keys) by exploiting the correlation between secret data and runtime power consumption, hence posing a serious threat to software security, particularly cryptographic implementations. Masking is a commonly used countermeasure against such attacks, which breaks the statistical dependence between secret data and side-channel leaks via randomization. In a nutshell, a variable is represented by a vector of shares armed with random variables, called masking encoding, on which cryptographic computations are performed. While compositional verification for the security of masked cryptographic implementations has received much attention because of its high efficiency, existing compositional approaches either use implicitly fixed pre-conditions that may not be fulfilled by state-of-the-art efficient implementations, or require user-provided hard-coded pre-conditions that are time consuming and highly non-trivial, even for an expert. In this article, we tackle the compositional verification problem of first-order masking countermeasures, where first-order means that the adversary is allowed to access only one intermediate computation result. Following the literature, we consider countermeasures given as gadgets, which are special procedures whose inputs are masking encodings of variables. We introduce a new security notion parameterized by an explicit pre-condition for each gadget, as well as composition rules for reasoning about masking countermeasures against power side-channel attacks. We propose accompanying efficient algorithms to automatically infer proper pre-conditions, based on which our new compositional approach can efficiently and automatically prove security for masked implementations. We implement our approaches as a tool MaskCV and conduct experiments on publicly available masked cryptographic implementations including 10 different full AES implementations. The experimental results confirm the effectiveness and efficiency of our approach. [ABSTRACT FROM AUTHOR]

Published

2024

6. Learning to Detect Memory-related Vulnerabilities.

Author

Cao, Sicong, Sun, Xiaobing, Bo, Lili, Wu, Rongxin, Li, Bin, Wu, Xiaoxue, Tao, Chuanqi, Zhang, Tao, and Liu, Wei

Subjects

DEEP learning, LEARNING strategies, COMPUTER software security, DETECTORS

Abstract

Memory-related vulnerabilities can result in performance degradation or even program crashes, constituting severe threats to the security of modern software. Despite the promising results of deep learning (DL)-based vulnerability detectors, there exist three main limitations: (1) rich contextual program semantics related to vulnerabilities have not yet been fully modeled; (2) multi-granularity vulnerability features in hierarchical code structure are still hard to be captured; and (3) heterogeneous flow information is not well utilized. To address these limitations, in this article, we propose a novel DL-based approach, called MVD+, to detect memory-related vulnerabilities at the statement-level. Specifically, it conducts both intraprocedural and interprocedural analysis to model vulnerability features, and adopts a hierarchical representation learning strategy, which performs syntax-aware neural embedding within statements and captures structured context information across statements based on a novel Flow-Sensitive Graph Neural Networks, to learn both syntactic and semantic features of vulnerable code. To demonstrate the performance, we conducted extensive experiments against eight state-of-the-art DL-based approaches as well as five well-known static analyzers on our constructed dataset with 6,879 vulnerabilities in 12 popular C/C++ applications. The experimental results confirmed that MVD+ can significantly outperform current state-of-the-art baselines and make a great trade-off between effectiveness and efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

7. Developer Ecosystems for Software Safety: Continuous assurance at scale.

Author

Kern, Christoph

Subjects

COMPUTER software developers, COMPUTER software security, INFORMATION storage & retrieval systems, INFORMATION design, BEST practices

Abstract

How to design and implement information systems so that they are safe and secure is a complex topic. Both high-level design principles and implementation guidance for software safety and security are well established and broadly accepted. For example, Jerome Saltzer and Michael Schroeder's seminal overview of principles of secure design was published almost 50 years ago, and various community and governmental bodies have published comprehensive best practices about how to avoid common software weaknesses. This article argues, based on experience at Google, that focusing on developer ecosystems is both practical and effective, and can achieve a drastic reduction in the rate of common classes of defects across hundreds of applications being developed by thousands of developers. [ABSTRACT FROM AUTHOR]

Published

2024

8. A Narrative Review of Factors Affecting the Implementation of Privacy and Security Practices in Software Development.

Author

NURGALIEVA, LEYSAN, FRIK, ALISA, and DOHERTY, GAVIN

Subjects

*COMPUTER software development, *COMPUTER software security, *LITERATURE reviews, *PRIVACY, *ORGANIZATIONAL behavior

Abstract

Privacy and security are complex topics, raising a variety of considerations and requirements that can be challenging to implement in software development. Determining the security and privacy related factors that have an influence on software systems development and deployment project outcomes has been the focus of extensive and ongoing research over the past two decades. To understand and categorize the factors that have an impact on developers' adoption and implementation of privacy and security considerations and practices in software development, we carried out a narrative review of the literature. The resulting mapping of factors provides a foundation for future interventions targeting organizational and individual behavior change, to increase the adoption of privacy and security practices in software development. [ABSTRACT FROM AUTHOR]

Published

2023

9. Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis.

Author

SHOUGUO YANG, ZHENGZI XU, YANG XIAO, ZHE LANG, WEI TANG, YANG LIU, ZHIQIANG SHI, HONG LI, and LIMIN SUN

Subjects

BINARY codes, COMPUTER software security, COMPILERS (Computer programs), SET functions, SOFT power (Social sciences)

Abstract

Vulnerability is a major threat to software security. It has been proven that binary code similarity detection approaches are efficient to search for recurring vulnerabilities introduced by code sharing in binary software. However, these approaches suffer from high false-positive rates (FPRs) since they usually take the patched functions as vulnerable, and they usually do not work well when binaries are compiled with different compilation settings. To this end, we propose an approach, named Robin, to confirm recurring vulnerabilities by filtering out patched functions. Robin is powered by a lightweight symbolic execution to solve the set of function inputs that can lead to the vulnerability-related code. It then executes the target functions with the same inputs to capture the vulnerable or patched behaviors for patched function filtration. Experimental results show that Robin achieves high accuracy for patch detection across different compilers and compiler optimization levels respectively on 287 real-world vulnerabilities of 10 different software. Based on accurate patch detection, Robin significantly reduces the false-positive rate of state-of-the-art vulnerability detection tools(by 94.3% on average), making them more practical. Robin additionally detects 12 new potentially vulnerable functions. [ABSTRACT FROM AUTHOR]

Published

2023

10. CSRB's Opus One: Comments on the Cyber Safety Review Board Log4j Event Report.

Author

KAMP, POUL-HENNING

Subjects

*COMPUTER security vulnerabilities, *GOVERNMENT agencies, *OPEN source software, *INFORMATION technology safety measures, *COMPUTER software security, *SOFTWARE architecture

Abstract

The article discusses various aspects of the U.S. Cyber Safety Review Board's "Review of the December 2021 Log4j Event" report, and it mentions how a vulnerability in Apache Software Foundation computer software systems can impact the information technology (IT) safety of companies, governments, and organizations across the world. A recommendation about investing in free and open source software security is assessed, as well as computer software design decisions.

Published

2022

11. Android Source Code Vulnerability Detection: A Systematic Literature Review.

Author

SENANAYAKE, JANAKA, KALUTARAGE, HARSHA, AL-KADRI, MHD OMAR, PETROVSKI, ANDREI, and PIRAS, LUCA

Subjects

*LITERATURE reviews, *MOBILE apps, *MACHINE learning, *COMPUTER software security

Abstract

The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques, and potential improvements of those studies. Both Machine Learning (ML)-based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods, since many recent studies conducted experiments with ML. Therefore, this article aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions. [ABSTRACT FROM AUTHOR]

Published

2023

12. TAG: Tagged Architecture Guide.

Author

JERO, SAMUEL, BUROW, NATHAN, WARD, BRYAN, SKOWYRA, RICHARD, KHAZAN, ROGER, SHROBE, HOWARD, and OKHRAVI, HAMED

Subjects

*COMPUTER software security, *RUN time systems (Computer science)

Abstract

Software security defenses are routinely broken by the persistence of both security researchers and attackers. Hardware solutions based on tagging are emerging as a promising technique that provides strong security guarantees (e.g., memory safety) while incurring minimal runtime overheads and maintaining compatibility with existing codebases. Such schemes extend every word in memory with a tag and enforce security policies across them. This paper provides a survey of existing work on tagged architectures and describe the types of attacks such architectures aim to prevent as well as the guarantees they provide. It highlights the main distinguishing factors among tagged architectures and presents the diversity of designs and implementations that have been proposed. The survey reveals several real-world challenges have been neglected relating to both security and practical deployment. The challenges relate to the provisioning and enforcement phases of tagged architectures, and various overheads they incur. Thiswork identifies these challenges as open research problems and provides suggestions for improving their security and practicality. [ABSTRACT FROM AUTHOR]

Published

2023

13. The Ethics of Zero-Day Exploits--The NSA Meets the Trolley Car.

Author

WICKER, STEPHEN B.

Subjects

*CIVIL service, *COMPUTER software security, *ETHICS, *WEB bugs (Website tracking devices), *RANSOMWARE

Abstract

The article discusses the ethics of U.S. government employees concerning the collection of computer software bugs and ransomware vulnerabilities. It discusses the U.S. National Security Agency (NSA), public policy education concerning stockpiling, and balanced policies about what are referred to as zero-day actions versus threats to the public.

Published

2021

14. Fuzzing: Hack, Art, and Science.

Author

GODEFROID, PATRICE

Subjects

*COMPUTER software security, *COMPUTER security, *COMPUTER software development

Abstract

The article discusses the software security concept of fuzz testing, also known as fuzzing, and its significance in discovering computer security vulnerabilities. It also examines static program analyzers and manual code inspection.

Published

2020

15. Survey of Approaches and Techniques for Security Verification of Computer Systems.

Author

ERATA, FERHAT, SHUWEN DENG, ZAGHLOUL, FAISAL, WENJIE XIONG, DEMIR, ONUR, and SZEFER, JAKUB

Subjects

COMPUTER security, VERIFICATION of computer systems, COMPUTER software security, COMPUTER systems, LANDSCAPE assessment

Abstract

This article surveys the landscape of security verification approaches and techniques for computer systems at various levels: from a software-application level all the way to the physical hardware level. Different existing projects are compared, based on the tools used and security aspects being examined. Since many systems require both hardware and software components to work together to provide the system's promised security protections, it is not sufficient to verify just the software levels or just the hardware levels in a mutually exclusive fashion. This survey especially highlights system levels that are verified by the different existing projects and presents to the readers the state of the art in hardware and software system security verification. Few approaches come close to providing full-system verification, and there is still much room for improvement. [ABSTRACT FROM AUTHOR]

Published

2023

16. Firmware Over-the-air Programming Techniques for IoT Networks - A Survey.

Author

ARAKADAKIS, KONSTANTINOS, CHARALAMPIDIS, PAVLOS, MAKROGIANNAKIS, ANTONIS, and FRAGKIADAKIS, ALEXANDROS

Subjects

*INTERNET of things, *COMPUTER software security, *COMPUTER firmware

Abstract

The devices forming Internet of Things (IoT) networks need to be re-programmed over the air, so that new features are added, software bugs or security vulnerabilities are resolved, and their applications can be re-purposed. The limitations of IoT devices, such as installation in locations with limited physical access, resource-constrained nature, large scale, and high heterogeneity, should be taken into consideration for designing an eicient and reliable pipeline for over-the-air programming (OTAP). In this work, we present a survey of OTAP techniques, which can be applied to IoT networks. We highlight the main challenges and limitations of OTAP for IoT devices and analyze the essential steps of the irmware update process, along with diferent approaches and techniques that implement them. In addition, we discuss schemes that focus on securing the OTAP process. Finally,we present a collection of state-of-the-art open-source and commercial platforms that integrate secure and reliable OTAP. [ABSTRACT FROM AUTHOR]

Published

2022

17. The Top 10 Things Executives Should Know About Software.

Author

LIMONCELLI, THOMAS A.

Subjects

*EXECUTIVES, *BUSINESS software, *COMPUTER software development, *COMPUTER software security, *COMPUTER software developers, INFORMATION technology personnel

Abstract

The author discusses what business executives need to know about software. He mentions the importance of software to any company, topics such as how software development is incremental, the need to maintain computer security including software, and the need for software developers and operators to work together.

Published

2019

18. How to live in a post-meltdown and -spectre world.

Author

Bennett, Rich, Callahan, Craig, Jones, Stacy, Levine, Matt, Miller, Merrill, and Ozment, Andy

Subjects

*COMPUTER security, *COMPUTER software security, *RISK assessment, *RISK managers, *RISK management in business, *COMPUTING platforms

Abstract

Learn from the past to prepare for the next battle. [ABSTRACT FROM AUTHOR]

Published

2018

19. Formally Verified Software in the Real World.

Author

KLEIN, GERWIN, ANDRONICK, JUNE, FERNANDEZ, MATTHEW, KUZ, IHOR, MURRAY, TOBY, and HEISER, GERNOT

Subjects

*AUTONOMOUS vehicles, *COMPUTER software security, *COMPUTER architecture, *COMPUTER security

Abstract

The article discusses the use of formally verified software to protect an autonomous helicopter against cyber attacks. Topics include the testing of vehicles by the U.S. Defense Advanced Research Projects Agency (DARPA) through its High-Assurance Cyber Military Systems (HACMS) program, the role of a trusted computing base (TCB) in computer architecture for security, and the componentization of systems.

Published

2018

20. Low-overhead Hardware Supervision for Securing an IoT Bluetooth-enabled Device: Monitoring Radio Frequency and Supply Voltage.

Author

ELKANISHY, ABDELRAHMAN, FURTH, PAUL M., RIVERA, DERRICK T., and BADAWY, ABDEL-HAMEED A.

Subjects

INTERNET of things, COMPUTER software security, POWER resources, WIRELESS communications, VOLTAGE, RADIO frequency

Abstract

Over the past decade, the number of Internet of Things (IoT) devices increased tremendously. In particular, the Internet of Medical Things (IoMT) and the Industrial Internet of Things (IIoT) expanded dramatically. Resource restrictions on IoT devices and the insufficiency of software security solutions raise the need for smart Hardware-Assisted Security (HAS) solutions. These solutions target one or more of the three C’s of IoT devices: Communication, Control, and Computation. Communication is an essential technology in the development of IoT. Bluetooth is a widely-used wireless communication protocol in small portable devices due to its low energy consumption and high transfer rates. In this work, we propose a supervisory framework to monitor and verify the operation of a Bluetooth system-on-chip (SoC) in real-time. To verify the operation of the Bluetooth SoC, we classify its transmission state in real-time to ensure a secure connection. Our overall classification accuracy is measured as 98.7%. We study both power supply current (IVDD) and RF domains to maximize the classification performance and minimize the overhead of our proposed supervisory system. [ABSTRACT FROM AUTHOR]

Published

2022

21. Editorial: Toward the Future with Eight Issues Per Year.

Author

Pezzè, Mauro

Subjects

SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER software security

Abstract

The article focuses on significant developments in Association for Computing Machinery Transactions on Software Engineering and Methodology (TOSEM), including the transition to publishing eight issues per year. It discusses the introduction of a continuous special section on human-centric software engineering, and the announcement of a special issue addressing the 2030 Roadmap for software engineering.

Published

2024

22. Hiding Secrets in Software: A Cryptographic Approach to Program Obfuscation.

Author

Garg, Sanjam, Gentry, Craig, Halevi, Shai, Raykova, Mariana, Sahai, Amit, and Waters, Brent

Subjects

*COMPUTER software security, *COMPUTER security software, *CRYPTOGRAPHY, *DATA encryption, *COMPUTER security

Abstract

Can we hide secrets in software? Can we obfuscate programs-- that is, make programs unintelligible while preserving their functionality? What exactly do we mean by "unintelligible"? Why would we even want to do this? In this article, we describe some rigorous cryptographic answers to these quasi-philosophical questions. We also discuss our recent "candidate indistinguishability obfuscation" scheme and its implications. [ABSTRACT FROM AUTHOR]

Published

2016

23. Friendly Fire: Cross-app Interactions in IoT Platforms.

Author

BALLIU, MUSARD, MERRO, MASSIMO, PASQUA, MICHELE, and SHCHERBAKOV, MIKHAIL

Subjects

CLOUD storage, APPLICATION software, CLOUD computing, INTERNET of things, COMPUTER software security

Abstract

IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computations on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored. This article proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies targeting the security and safety of IoT apps. To demonstrate the usefulness of our framework, we define and implement static analyses for enforcing cross-app security and safety, and prove them sound with respect to our semantic conditions. We also leverage real-world apps to validate the practical benefits of our tools based on the proposed enforcement mechanisms. [ABSTRACT FROM AUTHOR]

Published

2021

24. Privacy and Security Putting Trust in Security Engineering: Proposing a stronger foundation for an engineering discipline to support the design of secure systems.

Author

Schneider, Fred B.

Subjects

*SYSTEMS engineering, *COMPUTER security, *COMPUTER software security, *COMPUTER engineering, *TRUST

Abstract

The article discusses the role of engineering and assurance in designing secure computer systems. Topics include the notion of trust in relation to assumptions as system vulnerabilities, the role of proof checking based on axiomatic trust in system security, the role of program rewriters in synthetic trust for system security.

Published

2018

25. Analyzing Dynamic Code: A Sound Abstract Interpreter for Evil Eval.

Author

ARCERI, VINCENZO and MASTROENI, ISABELLA

Subjects

JAVASCRIPT programming language, DATA structures, DYLAN (Computer program language), COMPUTER software security, INTERNET servers

Abstract

Dynamic languages, such as JavaScript, employ string-to-code primitives to turn dynamically generated text into executable code at run-time. These features make standard static analysis extremely hard if not impossible, because its essential data structures, i.e., the control-flow graph and the system of recursive equations associated with the program to analyze, are themselves dynamically mutating objects. Nevertheless, assembling code at run-time by manipulating strings, such as by eval in JavaScript, has been always strongly discouraged, since it is often recognized that "eval is evil," leading static analyzers to not consider such statements or ignoring their effects. Unfortunately, the lack of formal approaches to analyze string-to-code statements pose a perfect habitat for malicious code, that is surely evil and do not respect good practice rules, allowing them to hide malicious intents as strings to be converted to code and making static analyses blind to the real malicious aim of the code. Hence, the need to handle string-to-code statements approximating what they can execute, and therefore allowing the analysis to continue (even in the presence of dynamically generated program statements) with an acceptable degree of precision, should be clear. To reach this goal, we propose a static analysis allowing us to collect string values and to soundly over-approximate and analyze the code potentially executed by a string-to-code statement. [ABSTRACT FROM AUTHOR]

Published

2021

26. Exploiting Mixed Binaries.

Author

PAPAEVRIPIDES, MICHALIS and ATHANASOPOULOS, ELIAS

Subjects

PROGRAMMING languages, DATA integrity, C++, COMPUTER software security, COMPILERS (Computer programs)

Abstract

Unsafe programming systems are still very popular, despite the shortcomings due to several published memory-corruption vulnerabilities. Toward defending memory corruption, compilers have started to employ advanced software hardening such as Control-flow Integrity (CFI) and SafeStack. However, there is a broad interest for realizing compilers that impose memory safety with no heavy runtime support (e.g., garbage collection). Representative examples of this category are Rust and Go, which enforce memory safety primarily statically at compile time. Software hardening and Rust/Go are promising directions for defending memory corruption, albeit combining the two is questionable. In this article, we consider hardened mixed binaries, i.e., machine code that has been produced from different compilers and, in particular, from hardened C/C++ and Rust/Go (e.g., Mozilla Firefox, Dropbox, npm, and Docker). Our analysis is focused on Mozilla Firefox, which outsources significant code to Rust and is open source with known public vulnerabilities (with assigned CVE). Furthermore, we extend our analysis in mixed binaries that leverage Go, and we derive similar results. The attacks explored in this article do not exploit Rust or Go binaries that depend on some legacy (vulnerable) C/C++ code. In contrast, we explore how Rust/Go compiled code can stand as a vehicle for bypassing hardening in C/C++ code. In particular, we discuss CFI and SafeStack, which are available in the latest Clang. Our assessment concludes that CFI can be completely nullified through Rust or Go code by constructing much simpler attacks than state-of-the-art CFI bypasses. [ABSTRACT FROM AUTHOR]

Published

2021

27. The Tip of the Iceberg: On the Merits of Finding Security Bugs.

Author

ALEXOPOULOS, NIKOLAOS, HABIB, SHEIKH MAHBUB, SCHULZ, STEFFEN, and MÜHLHÄUSER, MAX

Subjects

LINUX operating systems, OPEN source software, COMPUTER hackers, DEBIAN (Operating system), COMPUTER software security

Abstract

In this article, we investigate a fundamental question regarding software security: Is the security of SWreleases increasing over time? We approach this question with a detailed analysis of the large body of open-source software packaged in the popular Debian GNU/Linux distribution. Contrary to common intuition, we find no clear evidence that the vulnerability rate of widely used software decreases over time: Even in popular and "stable" releases, the fixing of bugs does not seem to reduce the rate of newly identified vulnerabilities. The intuitive conclusion is worrisome: Commonly employed development and validation procedures do not seem to scale with the increase of features and complexity--they are only chopping pieces off the top of an iceberg of vulnerabilities. To the best of our knowledge, this is the first investigation into the problem that studies a complete distribution of software, spanning multiple versions. Although we can not give a definitive answer, we show that several popular beliefs also cannot be confirmed given our dataset. We publish our Debian Vulnerability Analysis Framework (DVAF), an automated dataset creation and analysis process, to enable reproduction and further analysis of our results. Overall, we hope our contributions provide important insights into the vulnerability discovery process and help in identifying effective techniques for vulnerability analysis and prevention. [ABSTRACT FROM AUTHOR]

Published

2021

28. Designing User Incentives for Cybersecurity.

Author

August, Terrence, August, Robert, and Hyoduk Shin

Subjects

*COMPUTER security, *INTERNET security, *COMPUTER software security, *DATA security, *COMPUTER systems

Abstract

The article discusses improving user security practices and behavior for cybersecurity. Topics discussed include the flaws in the traditional approach to managing software vulnerabilities and cybersecurity risk, proposal for an adaptation of software producer offerings involving patching rights of users and for users to be charged for the right to control patching of their individual copies of software.

Published

2014

29. Assisted discovery of software vulnerabilities.

Author

Munaiah, Nuthan

Subjects

COMPUTER software development, COMPUTER software developers, SOURCE code, COMPUTER software security, SOFTWARE engineers, SOFTWARE engineering

Abstract

As more aspects of our daily lives rely on technology, the software that enables the technology must be secure. Developers rely on practices such as threat modeling, static and dynamic analyses, code review, and fuzz and penetration testing to engineer secure software. These practices, while effective at identifying vulnerabilities in software, are limited in their ability to describe the potential reasons for the existence of vulnerabilities. In order to overcome this limitation, researchers have proposed empirically validated metrics to identify factors that may have led to the introduction of vulnerabilities in the past. Developers must be made aware of these factors so that they can proactively consider the security implications of each line of code that they contribute. The goal of our research is to assist developers in engineering secure software by providing a technique that generates scientific, interpretable, and actionable feedback on security as the software evolves. In this paper, we provide an overview of our proposed approach to accomplish this research goal through a series of three research studies in which we (1) systematize the knowledge on vulnerability discovery metrics, (2) leverage the metrics to generate feedback on security, and (3) implement a framework for providing automatically generated feedback on security using code reviews as a medium. [ABSTRACT FROM AUTHOR]

Published

2018

30. ReGuard.

Author

Liu, Chao, Liu, Han, Cao, Zhao, Chen, Zhong, Chen, Bangdao, and Roscoe, Bill

Subjects

CRYPTOCURRENCIES, BLOCKCHAINS, COMPUTER software security, COMPUTER software development, MALWARE

Abstract

Smart contracts enabled a new way to perform cryptocurrency transactions over blockchains. While this emerging technique introduces free-of-conflicts and transparency, smart contract itself is vulnerable. As a special form of computer program, smart contract can hardly get rid of bugs. Even worse, an exploitable security bug can lead to catastrophic consequences, e.g., loss of cryptocurrency/money. In this demo paper, we focus on the most common type of security bugs in smart contracts, i.e., reentrancy bug, which caused the famous DAO attack with a loss of 60 million US dollars. We presented ReGuard, an fuzzing-based analyzer to automatically detect reentrancy bugs in Ethereum smart contracts. Specifically, ReGuard performs fuzz testing on smart contracts by iteratively generating random but diverse transactions. Based on the runtime traces, ReGuard further dynamically identifies reentrancy vulnerabilities. In the preliminary evaluation, we have analyzed 5 existing Ethereum contracts. ReGuard automatically flagged 7 previously unreported reentrancy bugs. A demo video of ReGuard is at https://youtu.be/XxJ3_-cmUiY. [ABSTRACT FROM AUTHOR]

Published

2018

31. A Survey of Symbolic Execution Techniques.

Author

BALDONI, ROBERTO, COPPA, EMILIO, CONO D'ELIA, DANIELE, DEMETRESCU, CAMIL, and FINOCCHI, IRENE

Subjects

*SOFTWARE reliability, *COMPUTER software testing, *COMPUTER software security, *APPLICATION software, *SOFTWARE development tools

Abstract

Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. For instance, a tool for identifying software vulnerabilities may need to rule out the existence of any backdoor to bypass a program's authentication. One approach would be to test the program using different, possibly random inputs. As the backdoor may only be hit for very specific program workloads, automated exploration of the space of possible inputs is of the essence. Symbolic execution provides an elegant solution to the problem, by systematically exploring many possible execution paths at the same time without necessarily requiring concrete inputs. Rather than taking on fully specified input values, the technique abstractly represents them as symbols, resorting to constraint solvers to construct actual instances that would cause property violations. Symbolic execution has been incubated in dozens of tools developed over the past four decades, leading to major practical breakthroughs in a number of prominent software reliability applications. The goal of this survey is to provide an overview of the main ideas, challenges, and solutions developed in the area, distilling them for a broad audience. [ABSTRACT FROM AUTHOR]

Published

2019

32. Toward More Secure Software.

Author

Denning, Dorothy E.

Subjects

*COMPUTER security vulnerabilities, *PRODUCT liability, *COMPUTER security, *COMPUTER software security, *LABOR incentives, *DEBUGGING, *TWENTY-first century, *HISTORY

Abstract

The article examines two proposals intended to reduce the number of software security flaws, the first of which calls for the U.S. government to corner the vulnerability market and the second which calls for holding companies liable for faulty software. Topics include software bug bounty programs run by large software companies that reward private individuals for uncovering security flaws; a discussion of the incentivization of both programs; and the way current licensing laws shield software companies from damages arising from faults in their products.

Published

2015

33. Managing Assurance Cases in Model Based Software Systems.

Author

Kokaly, Sahar

Subjects

FINANCIAL services industry, ONLINE social networks, COMPUTER software safety measures, COMPUTER software development, COMPUTER software security, COMPUTER network resources

Abstract

Software has emerged as a significant part of many domains, including financial service platforms, social networks and vehicle control. Standards organizations have responded to this by creating regulations to address issues such as safety and privacy. In this context, compliance of software with standards has emerged as a key issue. For software development organizations, compliance is a complex and costly goal to achieve and is often accomplished by producing so-called assurance cases, which demonstrate that the system indeed satisfies the property imposed by a standard (e.g., safety, privacy, security). As systems and standards undergo evolution for a variety of reasons, maintaining assurance cases multiplies the effort. In this work, we propose to exploit the connection between the field of model management and the problem of compliance management and propose methods that use model management techniques to address compliance scenarios such as assurance case evolution and reuse. For validation, we ground our approaches on the automotive domain and the ISO 26262 standard for functional safety of road vehicles. [ABSTRACT FROM AUTHOR]

Published

2017

34. A Game-Theoretic Decision-Making Framework for Engineering Self-Protecting Software Systems.

Author

Emami-Taba, Mahsa

Subjects

COMPUTER software security, CYBERTERRORISM, DECISION making, GAME theory, COMPUTER software development

Abstract

Targeted and destructive nature of strategies used by attackers to break down the system require mitigation approaches with dynamic awareness. Making a right decision, when facing today's sophisticated and dynamic attacks, is one of the most challenging aspects of engineering self-protecting software systems. Inspired by game theory, in this research work, we model the interactions between the attacker and the software system as a two-player game. Using game-theoretic techniques, the selfprotecting software systems is able to: (i) fuse the strategies of attackers into the decision-making model, and (ii) refine the strategies in dynamic attack scenarios by utilizing what has learned from the system's and adversary's interactions. This research introduces a novel decision-making framework with three phases: (i) modeling quality goals aiming at incorporating them into the decision model, (ii) designing game-theoretic techniques in order to build the decision model, and (iii) realizing the decisionmaking engine in the adaptation manager. Modeling quality goals provides the adaptation manager with the knowledgebase required in making a systematic adaptation decision. The framework aims at exhibiting a plug-and-play capability to adapt game-theoretic techniques that suite security goals and requirements of the software. [ABSTRACT FROM AUTHOR]

Published

2017

35. Analysis of JavaScript Web Applications Using SAFE 2.0.

Author

Jihyeok Park, Yeonhee Ryou, Joonyoung Park, and Sukyoung Ryu

Subjects

JAVASCRIPT programming language, WEB-based user interfaces, COMPUTER software security, DEBUGGING, PLUG-ins (Computer programs)

Abstract

JavaScript has been the language for web applications, and the growing prevalence of web environments in various devices makes JavaScript web applications even more ubiquitous. However, because JavaScript and web environments are extremely dynamic, JavaScript web applications are often vulnerable to type-related errors and security attacks. To lessen the problem, researchers have developed various analysis techniques in different analyzers, but such analyzers are not especially aimed for ease of use by analysis developers. In this paper, we present SAFE 2.0, a scalable analysis framework for ECMAScript especially designed as a playground for advanced research in JavaScript web applications. SAFE 2.0 is light-weight, which supports pluggability, extensibility, and debuggability. [ABSTRACT FROM AUTHOR]

Published

2017

36. acm forum.

Author

Siegal, Seth, Graham, Robert L., Rising, Linda, Miya, Eugene, Spector, Alfred Z., Andrew, Lloyd, Buckley, Neil, Cannell, Marshall H., Bettinger, Ross, McKeough, William J., Anderson, William L., Rogers, Jean B., Spicer, Steven W., and Harbron, Thomas R.

Subjects

*LETTERS to the editor, *COMPUTER software security, *COMMUNICATION, *BUSINESS communication

Abstract

Several letters to the editor are presented in response to articles on previous issues including "The Legal Protection of Computer Software," by Robert L. Graham in the May 1984 issue, "ACM News," August issue, and the article which contains the interview with Andries van Dam in the July 1984 issue.

Published

1984

37. MUST and MUST NOT.

Author

Neville-Neil, George V.

Subjects

*COMPUTER software security, *COMPOSITION (Language arts)

Abstract

The article offers an answer to a question about writing security processes for a software project, noting the document RFC (Requests for Comments) 2119.

Published

2019

38. Experiences in Developing and Delivering a Programme of Part-Time Education in Software and Systems Security.

Author

Simpson, Andrew, Martin, Andrew, Cremers, Cas, Flechais, Ivan, Martinovic, Ivan, and Rasmussen, Kasper

Subjects

EDUCATION software, SOFTWARE engineering, COMPUTER software security, COMPUTER security

Abstract

We report upon our experiences in developing and delivering a programme of part-time education in Software and Systems Security at the University of Oxford. The MSc in Software and Systems Security is delivered as part of the Software Engineering Programme at Oxford -- a collection of one-week intensive courses aimed at individuals who are responsible for the procurement, development, deployment and maintenance of large-scale software-based systems. We expect that our experiences will be useful to those considering a similar journey. [ABSTRACT FROM AUTHOR]

Published

2015

39. Editorial: A Retrospective and Prospective Reflection.

Author

PEZZÈ, MAURO

Subjects

SOFTWARE engineering, SOFTWARE engineers, COMPUTER software security

Abstract

An editorial is presented on portraits of relevant research software engineering areas. Topics include extraordinary growth of TOSEM consolidating and extending the traditional role as the premier journal for leading software engineering research; and encouraging repeatability, reproducibility, and replicability of the results by complementing the excellent experience of software engineering.

Published

2022

40. Frama-C: A software analysis perspective.

Author

Kirchner, Florent, Kosmatov, Nikolai, Prevosto, Virgile, Signoles, Julien, and Yakobowski, Boris

Subjects

*COMPUTER software research, *CODING theory, *SOFTWARE verification, *PROGRAMMING languages, *COMPUTER software security

Abstract

Frama-C is a source code analysis platform that aims at conducting verification of industrial-size C programs. It provides its users with a collection of plug-ins that perform static analysis, deductive verification, and testing, for safety- and security-critical software. Collaborative verification across cooperating plug-ins is enabled by their integration on top of a shared kernel and datastructures, and their compliance to a common specification language. This foundational article presents a consolidated view of the platform, its main and composite analyses, and some of its industrial achievements. [ABSTRACT FROM AUTHOR]

Published

2015

41. Semantic Smells and Errors in Access Control Models: A Case Study in PHP.

Author

Gauthier, François and Merlo, Ettore

Subjects

PHP (Computer program language), ACCESS control, SECURITY systems, INFORMATION retrieval, WEB-based user interfaces, SOURCE code, COMPUTER software security, OPEN source software

Abstract

Access control models implement mechanisms to restrict access to sensitive data from unprivileged users. Access controls typically check privileges that capture the semantics of the operations they protect. Semantic smells and errors in access control models stem from privileges that are partially or totally unrelated to the action they protect. This paper presents a novel approach, partly based on static analysis and information retrieval techniques, for the automatic detection of semantic smells and errors in access control models. Investigation of the case study application revealed 31 smells and 2 errors. Errors were reported to developers who quickly confirmed their relevance and took actions to correct them. Based on the obtained results, we also propose three categories of semantic smells and errors to lay the foundations for further research on access control smells in other systems and domains. [ABSTRACT FROM AUTHOR]

Published

2013

42. Vulnerability of the Day: Concrete Demonstrations for Software Engineering Undergraduates.

Author

Meneely, Andrew and Lucidi, Samuel

Subjects

SOFTWARE engineering education, COMPUTER software security, SOFTWARE engineers, UNDERGRADUATES, SOFTWARE architecture, PSYCHOLOGICAL vulnerability, COMPUTER software development

Abstract

Software security is a tough reality that affects the many facets of our modern, digital world. The pressure to produce secure software is felt particularly strongly by software engineers. Today's software engineering students will need to deal with software security in their profession. However, these students will also not be security experts, rather, they need to balance security concerns with the myriad of other draws of their attention, such as reliability, performance, and delivering the product on-time and on-budget. At the Department of Software Engineering at the Rochester Institute of Technology, we developed a course called Engineering Secure Software, designed for applying security principles to each stage of the software development lifecycle. As a part of this course, we developed a component called Vulnerability of the Day, which is a set of selected example software vulnerabilities. We selected these vulnerabilities to be simple, demonstrable, and relevant so that the vulnerability could be demonstrated in the first 10 minutes of each class session. For each vulnerability demonstration, we provide historical examples, realistic scenarios, and mitigations. With student reaction being overwhelmingly positive, we have created an open source project for our Vulnerabilities of the Day, and have defined guiding principles for developing and contributing effective examples. [ABSTRACT FROM AUTHOR]

Published

2013

43. Give Me Code Access.

Author

Škorić, Miroslav

Subjects

*COMPUTER software security

Abstract

A letter to the editor is presented in response to the article "Toward More Secure Software" by Dorothy E. Denning from the April 2015 issue.

Published

2015

44. A Framework for Defending Embedded Systems Against Software Attacks.

Author

AARAJ, NAJWA, RAGHUNATHAN, ANAND, and JHA, NIRAJ K.

Subjects

EMBEDDED computer systems, MALWARE, COMPUTER software security, DYNAMICS, COMPUTER software, MATHEMATICAL optimization, MULTIPROCESSORS, COMPUTER input-output equipment

Published

2011

45. A Semantics-Based Approach to Malware Detection.

Author

PREDA, MILA DALLA, CHRISTODORESCU, MIHAI, JHA, SOMESH, and SAUMYA DEBRAY

Subjects

*MALWARE, *DETECTORS, *COMPUTER software, *COMPUTER software security, *SOFTWARE engineering, *SOFTWARE measurement, *COMPUTER security software

Abstract

Malware detection is a crucial aspect of software security. Current malware detectors work by checking for signatures, which attempt to capture the syntactic characteristics of the machine-level byte sequence of the malware. This reliance on a syntactic approach makes current detectors vulnerable to code obfuscations, increasingly used by malware writers, that alter the syntactic properties of the malware byte sequence without significantly affecting their execution behavior. This paper takes the position that the key to maiware identification lies in their semantics. It proposes a semantics-based framework for reasoning about malware detectors and proving properties such as soundness and completeness of these detectors. Our approach uses a trace semantics to characterize the behavior of malware as well as that of the program being checked for infection, and uses abstract interpretation to "hide" irrelevant aspects of these behaviors. As a concrete application of our approach, we show that (1) standard signature matching detection schemes are generally sound but not complete, (2) the semantics-aware malware detector proposed by Christodorescu et al. is complete with respect to a number of common obfuscations used by malware writers and (3) the maiware detection scheme proposed by Kinder et al. and based on standard model-checking techniques is sound in general and complete on some, but not all, obfuscations handled by the semantics-aware malware detector. [ABSTRACT FROM AUTHOR]

Published

2008

46. User Interfaces for Privacy Agents.

Author

Cranor, Lorrie Faith, Guduru, Praveen, and Arjula, Manjula

Subjects

PRIVACY, CONSUMER preferences, WEBSITES, HUMAN-computer interaction, USER interfaces, WEB development, SYSTEMS design, COMPUTER software, COMPUTER software security, PROTOTYPES

Abstract

Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P user agents can fetch P3P privacy policies automatically, compare them with a user's privacy preferences, and alert and advise the user. Developing user interfaces for P3P user agents is challenging for several reasons: privacy policies are complex, user privacy preferences are often complex and nuanced, users tend to have little experience articulating their privacy preferences, users are generally unfamiliar with much of the terminology used by privacy experts, users often do not understand the privacy-related consequences of their behavior, and users have differing expectations about the type and extent of privacy policy information they would like to see. We developed a P3P user agent called Privacy Bird. Our design was informed by privacy surveys and our previous experience with prototype P3P user agents. We describe our design approach, compare it with the approach used in other P3P use agents, evaluate our design, and make recommendations to designers of other privacy agents. [ABSTRACT FROM AUTHOR]

Published

2006

47. Certificate Transparency.

Author

Laurie, Ben

Subjects

CERTIFICATE authority, DIGITAL certificates, COMPUTER software security, INTERNET domain naming system

Abstract

The article focuses on certificate authority (CA) in view of breaches or mis-issuance. Topics discussed include the certificate issued by DigiNotar used to conduct a man-in-the-middle attack against multiple users in Iran, other cases when the CA had been compromised, the constraints in devising a secure system for Google Chrome, the reasons for the failure of pinning, notaries, domain name system security extensions (DNSSEC), and Bitcoin, and the concept of certificate transparency.

Published

2014

48. State of the systems security.

Author

Bodden, Eric

Subjects

COMPUTER software development, COMPUTER software security, CYBERTERRORISM, APPLICATION software, SOFTWARE engineers

Abstract

Software-intensive systems are increasingly pervading our everyday lives. As they get more and more connected, this opens them up to far-reaching cyber attacks. Moreover, a recent study by the U.S. Department of Homeland Security shows that more than 90% of current cyber-attacks are enabled not by faulty crypto, networks or hardware but by application-level implementation vulnerabilities. I argue that those problems can only be resolved by the widespread introduction of a secure software development lifecycle (SDLC). In this technical briefing I explain where secure engineering currently fails in practice, and what software engineers can do if they want to make a positive impact in the field. I will do so by explaining major open challenges in the field, but also by resorting to success stories from the introduction of SDLCs in industry. [ABSTRACT FROM AUTHOR]

Published

2018

49. Identifying security issues in software development.

Author

Morrison, Patrick, Oyetoyan, Tosin Daniel, and Williams, Laurie

Subjects

COMPUTER software development, COMPUTER hackers, COMPUTER users, COMPUTER programming, COMPUTER software security, SOURCE code

Abstract

Identifying security issues before attackers do has become a critical concern for software development teams and software users. While methods for finding programming errors (e.g. fuzzers 1, static code analysis [3] and vulnerability prediction models like Scandariato et al. [10]) are valuable, identifying security issues related to the lack of secure design principles and to poor development processes could help ensure that programming errors are avoided before they are committed to source code. Typical approaches (e.g. [4, 6—8]) to identifying security-related messages in software development project repositories use text mining based on pre-selected sets of standard security-related keywords, for instance; authentication, ssl, encryption, availability, or password. We hypothesize that these standard keywords may not capture the entire spectrum of security-related issues in a project, and that additional project-specific and/or domain-specific vocabulary may be needed to develop an accurate picture of a project's security. For instance, Arnold et al.[1], in a review of bug-fix patches on Linux kernel version 2.6.24, identified a commit (commit message: "Fix - >vm_file accounting, mmap_region() may do do_munmap()" 2) with serious security consequences that was mis-classified as a non-security bug. While no typical security keyword is mentioned, memory mapping ('mmap') in the domain of kernel development has significance from a security perspective, parallel to buffer overflows in languages like C/C++. Whether memory or currency is at stake, identifying changes to assets that the software manages is potentially security-related. The goal of this research is to support researchers and practitioners in identifying security issues in software development project artifacts by defining and evaluating a systematic scheme for identifying project-specific security vocabularies that can be used for keyword-based classification. We derive three research questions from our goal: • RQ1: How does the vocabulary of security issues vary between software development projects? • RQ2: How well do project-specific security vocabularies identify messages related to publicly reported vulnerabilities? • RQ3: How well do existing security keywords identify project-specific security-related messages and messages related to publicly reported vulnerabilities? To address these research questions, we collected developer email, bug tracking, commit message, and CVE record project artifacts from three open source projects : Dolibarr, Apache Camel, and Apache Derby. We manually classified 5400 messages from the three project's commit messages, bug trackers, and emails, and linked the messages to each project's public vulnerability records, Adapting techniques from Bachmann and Bernstein [2], Schermann et al. [11], and Guzzi [5], we analyzed each project's security vocabulary and the vocabulary's relationship to the project's vulnerabilities. We trained two classifiers (Model.A and Model.B) on samples of the project data, and used the classifiers to predict security-related messages in the manually-classified project oracles. Our contributions include: • A systematic scheme for linking CVE records to related messages in software development project artifacts • An empirical evaluation of project-specific security vocabulary similarities and differences between project artifacts and between projects To summarize our findings on RQ1, we present tables of our qualitative and quantitative results. We tabulated counts of words found in security-related messages. Traditional security keywords (e.g. password, encryption) are present, particularly in the explicit column, but each project also contains terms describing entities unique to the project, for example 'endpoint' (Camel), 'blob' (short for 'Binary Large Object'), 'clob' ('Character Large Object'), 'deadlock' (Derby), and 'invoice', 'order' for Dolibarr. The presence of these terms in security-related issues suggests that they are assets worthy of careful attention during the development life cycle. Table 1 lists the statistics for security-related messages from the three projects, broken down by security class and security property. Explicit security-related messages (messages referencing security properties) are in the minority in each project. Implicit messages represent the majority of security-related messages in each project. In Table 2, we present the results of the classifiers built using the various project and literature security vocabularies to predict security-related messages in the oracle and CVE datasets. We have marked in bold the highest result for each performance measure for each dataset. Both Models A and B have a high performance across the projects when predicting for the oracle dataset of the project for which they were built. Further, the project-specific models have higher performance than the literature-based models (Ray.vocab [9] and Pletea.vocab [7]) on the project oracle datasets. Model performance is not sustained and is inconsistent when applied to other project's datasets. To summarize our findings on RQ2, Table 3 presents performance results for the project vocabulary models on the CVE datasets for each project. We have marked in bold the highest result for each performance measure for each dataset. Results for Model.A shows a high recall for Derby and Camel and a worse than average recall for Dolibarr. However, in Model.B, the recall is above 60% for Dolibarr and over 85% for both Derby and Camel. We reason the low precision is due to our approach of labeling only CVE-related messages as security-related and the rest of the messages are labeled to be not security-related. The Dolibarr results are further complicated by the low proportion of security-related messages compared with the other two projects (as reported in 1). To summarize our findings on RQ3, Table 2 and Table 3 present the classifier performance results for two sets of keywords, Ray.vocab, and Pletea.vocab, drawn from the literature. In each case, the project vocabulary model had the highest recall, precision and F-Score on the project's oracle dataset. With regards to the CVE-dataset, the project vocabulary model has the highest recall. However, the overall performance, as measured by F-Score, varied by dataset, with the Ray and Pletea keywords scoring higher than the project vocabulary model. The low precision for the classifier built on the project's vocabularies follows the explanation provided under RQ2. Our results suggest that domain vocabulary model show recalls that outperform standard security terms across our datasets. Our conjecture, supported in our data, is that augmenting standard security keywords with a project's security vocabulary yields a more accurate security picture. In future work, we aim to refine vocabulary selection to improve classifier performance, and to define tools implementing the approach in this paper to aid practitioners and researchers in identifying software project security issues. [ABSTRACT FROM AUTHOR]

Published

2018

50. Knowledge-enriched security and privacy threat modeling.

Author

Sion, Laurens, Yskout, Koen, Van Landuyt, Dimitri, and Joosen, Wouter

Subjects

COMPUTER software development, COMPUTER software security, DECISION making, DATA security, SOFTWARE architecture

Abstract

Creating secure and privacy-protecting systems entails the simultaneous coordination of development activities along three different yet mutually influencing dimensions: translating (security and privacy) goals to design choices, analyzing the design for threats, and performing a risk analysis of these threats in light of the goals. These activities are often executed in isolation, and such a disconnect impedes the prioritization of elicited threats, assessment which threats are sufficiently mitigated, and decision-making in terms of which risks can be accepted. In the proposed TMaRA approach, we facilitate the simultaneous consideration of these dimensions by integrating support for threat modeling, risk analysis, and design decisions. Key risk assessment inputs are systematically modeled and threat modeling efforts are fed back into the risk management process. This enables prioritizing threats based on their estimated risk, thereby providing decision support in the mitigation, acceptance, or transferral of risk for the system under design. [ABSTRACT FROM AUTHOR]

Published

2018