Security patterns are solutions for a recurring security issues that can be applied to mitigate security weaknesses in a software system. With an increased number of security patterns, the selection of a precise pattern to mitigate a vulnerability may become a challenging for software developers. When an appropriate pattern is identified as a potential solution by a software professional, applying that pattern and its level of integration is purely dependent on the software experts' skill and knowledge. Also, adopting the security pattern at an architectural level may be a time consuming and cumbersome task for software developers. To help the software developers' community by making this pattern implementation to be a relatively easy task, we developed a tool named - SPAAS - Security Patterns As Architectural Solution. This tool would automate the process of implementing the selected security pattern in the software system at an architectural level. Our tool was developed to assess potential vulnerabilities at an architectural level and possible fixes by adopting the selected security patterns. This tool checks the possibility of security patterns that have been already implemented in the system and accurately reports the results. In this paper, we demonstrate the use of our tool by conducting a case study on an open-source medical software, OpenEMR. Our analysis on OpenEMR software using the SPAAS tool pointed out the vulnerable source codes in the system that have been missed by some generic vulnerability assessment tools. Using our tool, we implemented the input validation pattern as a solution to mitigate cross-site scripting attacks. Using our pattern application tool, SPAAS, we analyzed OpenEMR software that has 121819 lines of codes. Our experiment on OpenEMR software that are vulnerable to XSS attacks took 2.03 seconds, and reported the presence of 341 spots of vulnerable codes from a total of 121819 lines of source code. We used our tool to implement intercepting validator pattern on those 341 lines, and we could successfully implement the patterns in 2.28 seconds at an architectural level. Our modified version of OpenEMR with security patterns implementation is presented to its software architect and it would be merged as a security solution in the repository. Without a deep understanding of security patterns, any software professional can implement the security pattern at an architectural level using our proposed tool, SPAAS.
{"title":"Security Patterns As Architectural Solution - Mitigating Cross-Site Scripting Attacks in Web Applications","authors":"Priya Anand, J. Ryoo","doi":"10.1109/ICSSA.2017.30","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.30","url":null,"abstract":"Security patterns are solutions for a recurring security issues that can be applied to mitigate security weaknesses in a software system. With an increased number of security patterns, the selection of a precise pattern to mitigate a vulnerability may become a challenging for software developers. When an appropriate pattern is identified as a potential solution by a software professional, applying that pattern and its level of integration is purely dependent on the software experts' skill and knowledge. Also, adopting the security pattern at an architectural level may be a time consuming and cumbersome task for software developers. To help the software developers' community by making this pattern implementation to be a relatively easy task, we developed a tool named - SPAAS - Security Patterns As Architectural Solution. This tool would automate the process of implementing the selected security pattern in the software system at an architectural level. Our tool was developed to assess potential vulnerabilities at an architectural level and possible fixes by adopting the selected security patterns. This tool checks the possibility of security patterns that have been already implemented in the system and accurately reports the results. In this paper, we demonstrate the use of our tool by conducting a case study on an open-source medical software, OpenEMR. Our analysis on OpenEMR software using the SPAAS tool pointed out the vulnerable source codes in the system that have been missed by some generic vulnerability assessment tools. Using our tool, we implemented the input validation pattern as a solution to mitigate cross-site scripting attacks. Using our pattern application tool, SPAAS, we analyzed OpenEMR software that has 121819 lines of codes. Our experiment on OpenEMR software that are vulnerable to XSS attacks took 2.03 seconds, and reported the presence of 341 spots of vulnerable codes from a total of 121819 lines of source code. We used our tool to implement intercepting validator pattern on those 341 lines, and we could successfully implement the patterns in 2.28 seconds at an architectural level. Our modified version of OpenEMR with security patterns implementation is presented to its software architect and it would be merged as a security solution in the repository. Without a deep understanding of security patterns, any software professional can implement the security pattern at an architectural level using our proposed tool, SPAAS.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134109196","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Min Jin Kwon, G. Kwak, Siyoung Jun, Hyung-Jong Kim, Hae Young Lee
It is widely known that learning-by-doing could significantly enhance students' learning in information security. SEED (SEcurity EDucation) labs being developed at Syracuse University can be particularly useful for students to learn security principles. Although the current version of SEED labs is mainly for university education, the labs could be also useful for job seekers and new employees in information security, by adding practical exercises. This paper presents our hands-on labs that could help these people perform more practical, compared to SEED labs, exercises within risk-free environments. Currently, our labs deal with macro malware, vulnerability scanning and mitigation, layer-7 DDoS attacks, and OS fingerprinting. Our labs are designed with the consideration of possible integration with SEED labs.
{"title":"Enriching Security Education Hands-on Labs with Practical Exercises","authors":"Min Jin Kwon, G. Kwak, Siyoung Jun, Hyung-Jong Kim, Hae Young Lee","doi":"10.1109/ICSSA.2017.8","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.8","url":null,"abstract":"It is widely known that learning-by-doing could significantly enhance students' learning in information security. SEED (SEcurity EDucation) labs being developed at Syracuse University can be particularly useful for students to learn security principles. Although the current version of SEED labs is mainly for university education, the labs could be also useful for job seekers and new employees in information security, by adding practical exercises. This paper presents our hands-on labs that could help these people perform more practical, compared to SEED labs, exercises within risk-free environments. Currently, our labs deal with macro malware, vulnerability scanning and mitigation, layer-7 DDoS attacks, and OS fingerprinting. Our labs are designed with the consideration of possible integration with SEED labs.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132762478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modeling and simulation is a way to improve the quality of a product. The people who make use of the model can interact with them and learn from them. The learning from simulation models includes user experiences, data gathering and analysis from the computer model. Meanwhile, the funding organizations and government bodies want to know the effectiveness of the construction and simulation of the models because it costs a lot. In this work, we are suggesting a procedure for data gathering and cost management of research and development project and we show that the procedure can be used to speculate effectiveness of simulation model construction. The contribution of this work is in showing a way to quantify the effectiveness of modeling and simulation for R&D projects.
{"title":"A Quantification of Effectiveness of Simulation Models by Managing Cost of Development","authors":"Hyung-Jong Kim, Hae Young Lee","doi":"10.1109/ICSSA.2017.32","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.32","url":null,"abstract":"Modeling and simulation is a way to improve the quality of a product. The people who make use of the model can interact with them and learn from them. The learning from simulation models includes user experiences, data gathering and analysis from the computer model. Meanwhile, the funding organizations and government bodies want to know the effectiveness of the construction and simulation of the models because it costs a lot. In this work, we are suggesting a procedure for data gathering and cost management of research and development project and we show that the procedure can be used to speculate effectiveness of simulation model construction. The contribution of this work is in showing a way to quantify the effectiveness of modeling and simulation for R&D projects.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124330751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
During the lifetime of an advanced persistent threat (APT) attackers compromise a potentially large number of computers to accomplish their ultimate objective. Very often these infected machines are used as a stepping stone towards obtaining control over the network and its resources. Stealth malware is left behind on these intermediate machines to disguise such propagation and takeover actions. With the Internet of things (IoT) gaining prominence, more and more devices appear on local networks, which significantly increase the overall attack surface. This new category of devices brings up new challenges and sees the return of many known attacks. Because of their rapidly growing numbers, IoT devices are being increasingly focused by APT actors during the initial installation phase. This paper focuses on one such a foothold attack, called Direct Kernel Object Manipulation (DKOM), and brings it into the context of the Internet of things.
{"title":"On the Impact of Kernel Code Vulnerabilities in IoT Devices","authors":"Sebastian Eresheim, R. Luh, S. Schrittwieser","doi":"10.1109/ICSSA.2017.16","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.16","url":null,"abstract":"During the lifetime of an advanced persistent threat (APT) attackers compromise a potentially large number of computers to accomplish their ultimate objective. Very often these infected machines are used as a stepping stone towards obtaining control over the network and its resources. Stealth malware is left behind on these intermediate machines to disguise such propagation and takeover actions. With the Internet of things (IoT) gaining prominence, more and more devices appear on local networks, which significantly increase the overall attack surface. This new category of devices brings up new challenges and sees the return of many known attacks. Because of their rapidly growing numbers, IoT devices are being increasingly focused by APT actors during the initial installation phase. This paper focuses on one such a foothold attack, called Direct Kernel Object Manipulation (DKOM), and brings it into the context of the Internet of things.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116546080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Ganesh, Priyanka Pednekar, P. Prabhuswamy, Divyashri Sreedharan Nair, Younghee Park, Hyeran Jeon
The growth in mobile devices has exponentially increased, making information easy to access but at the same time vulnerable. Malicious applications can gain access to sensitive and critical user information by exploiting unsolicited permission controls. Since high false detection rates render signature-based antivirus solutions on mobile phones ineffective, especially in malware variants, it is imperative to develop a more efficient and adaptable solution. This paper presents a deep learning-based malware detection to identify and categorize malicious applications. The proposed method investigates permission patterns based on a convolutional neural network. Our solution identifies malware with 93% accuracy on a dataset of 2500 Android applications, of which 2000 were malicious and 500 were benign.
{"title":"CNN-Based Android Malware Detection","authors":"M. Ganesh, Priyanka Pednekar, P. Prabhuswamy, Divyashri Sreedharan Nair, Younghee Park, Hyeran Jeon","doi":"10.1109/ICSSA.2017.18","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.18","url":null,"abstract":"The growth in mobile devices has exponentially increased, making information easy to access but at the same time vulnerable. Malicious applications can gain access to sensitive and critical user information by exploiting unsolicited permission controls. Since high false detection rates render signature-based antivirus solutions on mobile phones ineffective, especially in malware variants, it is imperative to develop a more efficient and adaptable solution. This paper presents a deep learning-based malware detection to identify and categorize malicious applications. The proposed method investigates permission patterns based on a convolutional neural network. Our solution identifies malware with 93% accuracy on a dataset of 2500 Android applications, of which 2000 were malicious and 500 were benign.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116684298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the growth of cloud computing, genomic data is considered to be stored and processed on cloud platform. However, existing file formats to store genomic data does not guarantee the security in case of data leakage by hacker. In this paper, we therefore propose an encrypted version of the variant call format (VCF), which is one of the most widely used file formats to store genomic sequences. The encrypted variant call format (eVCF) supports a privacy preserving data processing on encrypted data and requires only few more seconds and data size than existing VCF.
{"title":"An Efficient Method for Securely Storing and Handling of Genomic Data","authors":"Youngjoon Ki, J. Yoon","doi":"10.1109/ICSSA.2017.13","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.13","url":null,"abstract":"With the growth of cloud computing, genomic data is considered to be stored and processed on cloud platform. However, existing file formats to store genomic data does not guarantee the security in case of data leakage by hacker. In this paper, we therefore propose an encrypted version of the variant call format (VCF), which is one of the most widely used file formats to store genomic sequences. The encrypted variant call format (eVCF) supports a privacy preserving data processing on encrypted data and requires only few more seconds and data size than existing VCF.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125177453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security patterns implement security features in a software system. The missing or incomplete application of security patterns may produce vulnerabilities and invite attackers. Therefore, the detection of security patterns is the key to assuring security to software systems before release. In this paper, we propose a security pattern detection framework (SPDF) based on ordered matrix matching (OMM) technique. The framework provides a platform for data extraction, matching, and dictionary data checking. The experimental results show appropriate detection accuracy, reasonable time consumption, and zero false positives.
{"title":"Security Pattern Detection Using Ordered Matrix Matching","authors":"A. Alvi, Mohammad Zulkernine","doi":"10.1109/ICSSA.2017.24","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.24","url":null,"abstract":"Security patterns implement security features in a software system. The missing or incomplete application of security patterns may produce vulnerabilities and invite attackers. Therefore, the detection of security patterns is the key to assuring security to software systems before release. In this paper, we propose a security pattern detection framework (SPDF) based on ordered matrix matching (OMM) technique. The framework provides a platform for data extraction, matching, and dictionary data checking. The experimental results show appropriate detection accuracy, reasonable time consumption, and zero false positives.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130338590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
P. Murugesan, S. Chinnappa, Alaa S. Alaerjan, Dae-Kyoo Kim
The Internet of Things (IoT) is characterized by heterogeneous protocols and technologies which co-operate to provide various innovative services in various application domains. In the last few years, several protocols and approaches have been developed and proposed to support the connectivity, interoperability, and security in the IoT. The Data Distribution Service (DDS), which is a standard for data-centric publish/subscribe communication, is introduced to address interoperability in the IoT. DDS defines its own access control model that can be adapted to Attribute-Based Access Control (ABAC) for greater flexibility. In this work, we present a feasibility study on how Attribute-Based Access Control (ABAC) can be adopted to DDS.
{"title":"Adopting Attribute-Based Access Control to Data Distribution Service","authors":"P. Murugesan, S. Chinnappa, Alaa S. Alaerjan, Dae-Kyoo Kim","doi":"10.1109/ICSSA.2017.23","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.23","url":null,"abstract":"The Internet of Things (IoT) is characterized by heterogeneous protocols and technologies which co-operate to provide various innovative services in various application domains. In the last few years, several protocols and approaches have been developed and proposed to support the connectivity, interoperability, and security in the IoT. The Data Distribution Service (DDS), which is a standard for data-centric publish/subscribe communication, is introduced to address interoperability in the IoT. DDS defines its own access control model that can be adapted to Attribute-Based Access Control (ABAC) for greater flexibility. In this work, we present a feasibility study on how Attribute-Based Access Control (ABAC) can be adopted to DDS.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116539392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. Buhov, Patrick Kochberger, Richard Thron, S. Schrittwieser
In benign programs, encryption is used to prevent sensitive data from being exposed. Malware, on the other hand, uses encryption to hide from analysis or perform malicious activities, e.g. ransomware. The challenge in detecting the presence of these cryptographic algorithms lies in the fact that it is generally not possible to identify the entire functionality of binary programs through static analysis. In this paper we present a novel approach for detecting specific cryptographic algorithms through control flow analysis based on symbolic execution. The control flow graph generated and symbolic execution done by the angr framework is used to search for loops. Nodes that are executed a certain number of times and in a specific order let us point out possible cryptographic activities. In the proof-of-concept implementation we were able to identify and differentiate DES, TripleDES and several variants of the AES algorithm. Our solution is able to detect the presence of these algorithms without access to the source code of the program. It also eliminates the need for a skilled operator to perform the analysis.
{"title":"Discovering Cryptographic Algorithms in Binary Code Through Loop Enumeration","authors":"D. Buhov, Patrick Kochberger, Richard Thron, S. Schrittwieser","doi":"10.1109/ICSSA.2017.22","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.22","url":null,"abstract":"In benign programs, encryption is used to prevent sensitive data from being exposed. Malware, on the other hand, uses encryption to hide from analysis or perform malicious activities, e.g. ransomware. The challenge in detecting the presence of these cryptographic algorithms lies in the fact that it is generally not possible to identify the entire functionality of binary programs through static analysis. In this paper we present a novel approach for detecting specific cryptographic algorithms through control flow analysis based on symbolic execution. The control flow graph generated and symbolic execution done by the angr framework is used to search for loops. Nodes that are executed a certain number of times and in a specific order let us point out possible cryptographic activities. In the proof-of-concept implementation we were able to identify and differentiate DES, TripleDES and several variants of the AES algorithm. Our solution is able to detect the presence of these algorithms without access to the source code of the program. It also eliminates the need for a skilled operator to perform the analysis.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133091183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We discuss cookies, a vital and relevant piece of technology that is used by many on the Internet today. Specifically, we talk about what a cookie is, how they work and how a cookie may be stolen from an end user to gain illegitimate access to accounts. A lab, utilized for both testing and demonstration consists of an attacker and a victim. Finally, we discuss mitigation techniques for end users.
{"title":"Cookies and Sessions: A Study of What They Are, How They Work and How They Can Be Stolen","authors":"Kenneth P. LaCroix, Yin L. Loo, Young B. Choi","doi":"10.1109/ICSSA.2017.9","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.9","url":null,"abstract":"We discuss cookies, a vital and relevant piece of technology that is used by many on the Internet today. Specifically, we talk about what a cookie is, how they work and how a cookie may be stolen from an end user to gain illegitimate access to accounts. A lab, utilized for both testing and demonstration consists of an attacker and a victim. Finally, we discuss mitigation techniques for end users.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124651365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: