3 research outputs found
An aspect oriented approach for security hardening : semantic foundations
Computer security is nowadays a very important field in computer science and security hardening of applications becomes of paramount importance. Aspect oriented programming (AOP) is a relatively new technology that allows separation of concerns such as security, synchronization, logging, etc. This increases the readability, understandability, maintainability, and security of software systems. Furthermore, AOP allows automatic injection of the crosscutting concerns into the application code using a weaving mechanism. This thesis comes to provide theoretical study of using AOP for security hardening of applications. The main contributions of this thesis are the following. We propose a comparative study of AOP approaches from a security perspective. We establish a security appropriateness analysis of AspectJ and we propose new security constructs for this language. Since aspects in AspectJ are weaved (combined) with the Java Virtual Machine Language (JVML) application code, we develop a formal semantics for the JVML. We propose also a semantics for AspectJ that formalizes the advice weaving. We develop a new AOP calculus, n_SAOP, based on lambda calculus extended with security pointcuts. Finally, we implement three new constructs in AspectJ, namely getLocal , setLocal , and dflow , for local variable accesses and data flow analysis. In conclusion, this thesis demonstrates the relevance, importance, and appropriateness of using the AOP programming paradigm in hardening the security of application
Runtime verification on data-carrying traces
Malfunctioning software systems can cause severe loss of money,
sensitive data, or even human life. The ambition is therefore to
verify these systems not only statically, but also monitor their
behaviour at runtime. For the latter case, the temporal logic
LTL---a de facto standard specification formalism in runtime
verification---is widely used and well-understood. However,
propositional variables are usually not a natural nor sufficient
model to represent the behaviour of complex, interactive systems
that can process arbitrary input values. Consequently, there is a
demand for more expressive formalisms that are defined what we
call traces with data, i.e., traces that contain propositions
enriched with values from a (possibly) infinite domain.
This thesis studies the runtime monitoring with data for a
natural extension of LTL that includes first-order
quantification, called LTLFO. The logic's quantifiers range over
values that appear in a trace. Under assumptions laid out of what
should arguably be considered a ``proper'' runtime monitor, this
thesis first identifies and analyses the underlying decision
problems of monitoring properties in LTL and LTLFO. Moreover, it
proposes a monitoring procedure for the latter. A result is that
LTLFO is undecidable, and the prefix problem too, which an online
monitor has to preferably solve to coincide with monotonicity.
Hence, the obtained monitor cannot be complete for LTLFO;
however, this thesis proves the soundness of its construction and
gives experimental results from an implementation, in order to
justify its usefulness and efficiency in practice. The monitor is
based on a new type of automaton, called spawning automaton; it
helps to efficiently decide what parts of a possibly infinite
state space need to be memorised at runtime. Furthermore, the
problem occurs that not every property can be monitored
trace-length independently, which is possible in LTL. For that
reason, a hierarchy of effectively monitorable properties is
proposed. It distinguishes properties for which a monitor
requires only constant memory from ones for which a monitor
inevitably has to grow ad infinitum, independently of how the
future of a trace evolves.
Last but not least, a proof of concept validates the monitoring
means developed in this thesis on a widely established system
with intensive data use: Malicious behaviour is checked on
Android devices based on the most comprehensive malware set
presently available. The overall detection and false positive
rates are 93.9% and 28%, respectively. As a means of conducting
the experiments and as a contribution in itself, an
application-agnostic logging-layer for the Android system has
been developed and its technical insights are explained. It aims
at leveraging runtime verification techniques on Android, like
other domain-specific instrumentation approaches did, such as
AspectJ for Java
Intensional Cyberforensics
This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled.
The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, MARFL, and JOOIP bound by the underlying intensional programming paradigm