1,246 research outputs found
The Challenges in SDN/ML Based Network Security : A Survey
Machine Learning is gaining popularity in the network security domain as many
more network-enabled devices get connected, as malicious activities become
stealthier, and as new technologies like Software Defined Networking (SDN)
emerge. Sitting at the application layer and communicating with the control
layer, machine learning based SDN security models exercise a huge influence on
the routing/switching of the entire SDN. Compromising the models is
consequently a very desirable goal. Previous surveys have been done on either
adversarial machine learning or the general vulnerabilities of SDNs but not
both. Through examination of the latest ML-based SDN security applications and
a good look at ML/SDN specific vulnerabilities accompanied by common attack
methods on ML, this paper serves as a unique survey, making a case for more
secure development processes of ML-based SDN security applications.Comment: 8 pages. arXiv admin note: substantial text overlap with
arXiv:1705.0056
Analysis of Human Affect and Bug Patterns to Improve Software Quality and Security
The impact of software is ever increasing as more and more systems are being software operated. Despite the usefulness of software, many instances software failures have been causing tremendous losses in lives and dollars. Software failures take place because of bugs (i.e., faults) in the software systems. These bugs cause the program to malfunction or crash and expose security vulnerabilities exploitable by malicious hackers.
Studies confirm that software defects and vulnerabilities appear in source code largely due to the human mistakes and errors of the developers. Human performance is impacted by the underlying development process and human affects, such as sentiment and emotion. This thesis examines these human affects of software developers, which have drawn recent interests in the community. For capturing developers’ sentimental and emotional states, we have developed several software tools (i.e., SentiStrength-SE, DEVA, and MarValous). These are novel tools facilitating automatic detection of sentiments and emotions from the software engineering textual artifacts.
Using such an automated tool, the developers’ sentimental variations are studied with respect to the underlying development tasks (e.g., bug-fixing, bug-introducing), development periods (i.e., days and times), team sizes and project sizes. We expose opportunities for exploiting developers’ sentiments for higher productivity and improved software quality.
While developers’ sentiments and emotions can be leveraged for proactive and active safeguard in identifying and minimizing software bugs, this dissertation also includes in-depth studies of the relationship among various bug patterns, such as software defects, security vulnerabilities, and code smells to find actionable insights in minimizing software bugs and improving software quality and security. Bug patterns are exposed through mining software repositories and bug databases. These bug patterns are crucial in localizing bugs and security vulnerabilities in software codebase for fixing them, predicting portions of software susceptible to failure or exploitation by hackers, devising techniques for automated program repair, and avoiding code constructs and coding idioms that are bug-prone.
The software tools produced from this thesis are empirically evaluated using standard measurement metrics (e.g., precision, recall). The findings of all the studies are validated with appropriate tests for statistical significance. Finally, based on our experience and in-depth analysis of the present state of the art, we expose avenues for further research and development towards a holistic approach for developing improved and secure software systems
Checking smart contracts with structural code embedding
Ministry of Education, Singapore under its Academic Research Funding Tier
On the Security Blind Spots of Software Composition Analysis
Modern software heavily relies on the use of components. Those components are
usually published in central repositories, and managed by build systems via
dependencies. Due to issues around vulnerabilities, licenses and the
propagation of bugs, the study of those dependencies is of utmost importance,
and numerous software composition analysis tools have emerged to address those
issues. A particular challenge are hidden dependencies that are the result of
cloning or shading where code from a component is "inlined", and, in the case
of shading, moved to different namespaces. We present an approach to detect
cloned and shaded artifacts in the Maven repository. Our approach is
lightweight in that it does not require the creation and maintenance of an
index, and uses a custom AST-based clone detection. Our analysis focuses on the
detection of vulnerabilities in artifacts which use cloning or shading.
Starting with eight vulnerabilities with assigned CVEs (four of those
classified as critical) and proof-of-vulnerability projects demonstrating the
presence of a vulnerability in an artifact, we query the Maven repository and
retrieve over 16k potential clones of the vulnerable artifacts. After running
our analysis on this set, we detect 554 artifacts with the respective
vulnerabilities (49 if versions are ignored). We synthesize a testable
proof-of-vulnerability project for each of those. We demonstrate that existing
SCA tools often miss these exposures.Comment: 16 pages, 1 figur
- …