259 research outputs found
Automatic Removal of Flaws in Embedded System Software
Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2022Currently, embedded systems are present in a myriad of devices, such as Internet of Things, drones,
and Cyber-physical Systems. The security of these devices can be critical, depending on the context
they are integrated and the role they play (e.g., water plant, car). C is the core language used to develop
the software for these devices and is known for missing the bounds of its data types, which leads to
vulnerabilities such as buffer overflows. These vulnerabilities, when exploited, cause severe damage and
can put human life in danger. Therefore, the software of these devices must be secure.
One of the concerns with vulnerable C programs is to correct the code automatically, employing
secure code that can remove the existing vulnerabilities and avoid attacks. However, such task faces
some challenges after finding the vulnerabilities, namely determining what code is needed to remove
them and where to insert that code, maintaining the correct behavior of the application after applying the
code correction, and verifying that the generated code correction is secure and effectively removes the
vulnerabilities. Another challenge is to accomplish all these elements automatically.
This work aims to study diverse types of buffer overflow vulnerabilities in the C programming lan guage, forms to build secure code for invalidating such vulnerabilities, including functions from the C
language that can be used to remove flaws. Based on this knowledge, we propose an approach that
automatically, after discovering and confirming potential vulnerabilities of an application, applies code
correction to fix the vulnerable code of those vulnerabilities verified and validate the new code with
fuzzing/attack injection.
We implemented our approach and evaluated it with a set of test cases and with real applications. The
experimental results showed that the tool detected the intended vulnerabilities and generated corrections
capable of removing the vulnerabilities found
Harvey: A Greybox Fuzzer for Smart Contracts
We present Harvey, an industrial greybox fuzzer for smart contracts, which
are programs managing accounts on a blockchain. Greybox fuzzing is a
lightweight test-generation approach that effectively detects bugs and security
vulnerabilities. However, greybox fuzzers randomly mutate program inputs to
exercise new paths; this makes it challenging to cover code that is guarded by
narrow checks, which are satisfied by no more than a few input values.
Moreover, most real-world smart contracts transition through many different
states during their lifetime, e.g., for every bid in an auction. To explore
these states and thereby detect deep vulnerabilities, a greybox fuzzer would
need to generate sequences of contract transactions, e.g., by creating bids
from multiple users, while at the same time keeping the search space and test
suite tractable. In this experience paper, we explain how Harvey alleviates
both challenges with two key fuzzing techniques and distill the main lessons
learned. First, Harvey extends standard greybox fuzzing with a method for
predicting new inputs that are more likely to cover new paths or reveal
vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in
a targeted and demand-driven way. We have evaluated our approach on 27
real-world contracts. Our experiments show that the underlying techniques
significantly increase Harvey's effectiveness in achieving high coverage and
detecting vulnerabilities, in most cases orders-of-magnitude faster; they also
reveal new insights about contract code.Comment: arXiv admin note: substantial text overlap with arXiv:1807.0787
An Analysis of How Many Undiscovered Vulnerabilities Remain in Information Systems
Vulnerability management strategy, from both organizational and public policy
perspectives, hinges on an understanding of the supply of undiscovered
vulnerabilities. If the number of undiscovered vulnerabilities is small enough,
then a reasonable investment strategy would be to focus on finding and removing
the remaining undiscovered vulnerabilities. If the number of undiscovered
vulnerabilities is and will continue to be large, then a better investment
strategy would be to focus on quick patch dissemination and engineering
resilient systems. This paper examines a paradigm, namely that the number of
undiscovered vulnerabilities is manageably small, through the lens of
mathematical concepts from the theory of computing. From this perspective, we
find little support for the paradigm of limited undiscovered vulnerabilities.
We then briefly support the notion that these theory-based conclusions are
relevant to practical computers in use today. We find no reason to believe
undiscovered vulnerabilities are not essentially unlimited in practice and we
examine the possible economic impacts should this be the case. Based on our
analysis, we recommend vulnerability management strategy adopts an approach
favoring quick patch dissemination and engineering resilient systems, while
continuing good software engineering practices to reduce (but never eliminate)
vulnerabilities in information systems
Pre-deployment Analysis of Smart Contracts -- A Survey
Smart contracts are programs that execute transactions involving independent
parties and cryptocurrencies. As programs, smart contracts are susceptible to a
wide range of errors and vulnerabilities. Such vulnerabilities can result in
significant losses. Furthermore, by design, smart contract transactions are
irreversible. This creates a need for methods to ensure the correctness and
security of contracts pre-deployment. Recently there has been substantial
research into such methods. The sheer volume of this research makes
articulating state-of-the-art a substantial undertaking. To address this
challenge, we present a systematic review of the literature. A key feature of
our presentation is to factor out the relationship between vulnerabilities and
methods through properties. Specifically, we enumerate and classify smart
contract vulnerabilities and methods by the properties they address. The
methods considered include static analysis as well as dynamic analysis methods
and machine learning algorithms that analyze smart contracts before deployment.
Several patterns about the strengths of different methods emerge through this
classification process
Empirical Review of Smart Contract and DeFi Security: Vulnerability Detection and Automated Repair
Decentralized Finance (DeFi) is emerging as a peer-to-peer financial
ecosystem, enabling participants to trade products on a permissionless
blockchain. Built on blockchain and smart contracts, the DeFi ecosystem has
experienced explosive growth in recent years. Unfortunately, smart contracts
hold a massive amount of value, making them an attractive target for attacks.
So far, attacks against smart contracts and DeFi protocols have resulted in
billions of dollars in financial losses, severely threatening the security of
the entire DeFi ecosystem. Researchers have proposed various security tools for
smart contracts and DeFi protocols as countermeasures. However, a comprehensive
investigation of these efforts is still lacking, leaving a crucial gap in our
understanding of how to enhance the security posture of the smart contract and
DeFi landscape.
To fill the gap, this paper reviews the progress made in the field of smart
contract and DeFi security from the perspective of both vulnerability detection
and automated repair. First, we analyze the DeFi smart contract security issues
and challenges. Specifically, we lucubrate various DeFi attack incidents and
summarize the attacks into six categories. Then, we present an empirical study
of 42 state-of-the-art techniques that can detect smart contract and DeFi
vulnerabilities. In particular, we evaluate the effectiveness of traditional
smart contract bug detection tools in analyzing complex DeFi protocols.
Additionally, we investigate 8 existing automated repair tools for smart
contracts and DeFi protocols, providing insight into their advantages and
disadvantages. To make this work useful for as wide of an audience as possible,
we also identify several open issues and challenges in the DeFi ecosystem that
should be addressed in the future.Comment: This paper is submitted to the journal of Expert Systems with
Applications (ESWA) for revie
A comprehensive review of RFID and bluetooth security: practical analysis
The Internet of Things (IoT) provides the ability to digitize physical objects into virtual
data, thanks to the integration of hardware (e.g., sensors, actuators) and network communications for
collecting and exchanging data. In this digitization process, however, security challenges need to be
taken into account in order to prevent information availability, integrity, and confidentiality from
being compromised. In this paper, security challenges of two broadly used technologies, RFID (Radio
Frequency Identification) and Bluetooth, are analyzed. First, a review of the main vulnerabilities,
security risk, and threats affecting both technologies are carried out. Then, open hardware and open
source tools like: Proxmark3 and Ubertooth as well as BtleJuice and Bleah are used as part of the
practical analysis. Lastly, risk mitigation and counter measures are proposed
- …