4,677 research outputs found
Mining patterns of unsatisfiable constraints to detect infeasible paths
Detection of infeasible paths is required in many areas including test coverage analysis, test case generation, security vulnerability analysis, etc. Existing approaches typically use static analysis coupled with symbolic evaluation, heuristics, or path-pattern analysis. This paper is related to these approaches but with a different objective. It is to analyze code of real systems to build patterns of unsatisfiable constraints in infeasible paths. The resulting patterns can be used to detect infeasible paths without the use of constraint solver and evaluation of function calls involved, thus improving scalability. The patterns can be built gradually. Evaluation of the proposed approach shows promising results
A log mining approach for process monitoring in SCADA
SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow
SHARKS: Smart Hacking Approaches for RisK Scanning in Internet-of-Things and Cyber-Physical Systems based on Machine Learning
Cyber-physical systems (CPS) and Internet-of-Things (IoT) devices are
increasingly being deployed across multiple functionalities, ranging from
healthcare devices and wearables to critical infrastructures, e.g., nuclear
power plants, autonomous vehicles, smart cities, and smart homes. These devices
are inherently not secure across their comprehensive software, hardware, and
network stacks, thus presenting a large attack surface that can be exploited by
hackers. In this article, we present an innovative technique for detecting
unknown system vulnerabilities, managing these vulnerabilities, and improving
incident response when such vulnerabilities are exploited. The novelty of this
approach lies in extracting intelligence from known real-world CPS/IoT attacks,
representing them in the form of regular expressions, and employing machine
learning (ML) techniques on this ensemble of regular expressions to generate
new attack vectors and security vulnerabilities. Our results show that 10 new
attack vectors and 122 new vulnerability exploits can be successfully generated
that have the potential to exploit a CPS or an IoT ecosystem. The ML
methodology achieves an accuracy of 97.4% and enables us to predict these
attacks efficiently with an 87.2% reduction in the search space. We demonstrate
the application of our method to the hacking of the in-vehicle network of a
connected car. To defend against the known attacks and possible novel exploits,
we discuss a defense-in-depth mechanism for various classes of attacks and the
classification of data targeted by such attacks. This defense mechanism
optimizes the cost of security measures based on the sensitivity of the
protected resource, thus incentivizing its adoption in real-world CPS/IoT by
cybersecurity practitioners.Comment: This article has been accepted in IEEE Transactions on Emerging
Topics in Computing. 17 pages, 12 figures, IEEE copyrigh
Test generation for high coverage with abstraction refinement and coarsening (ARC)
Testing is the main approach used in the software industry to expose failures. Producing thorough test suites is an expensive and error prone task that can greatly benefit from automation. Two challenging problems in test automation are generating test input and evaluating the adequacy of test suites: the first amounts to producing a set of test cases that accurately represent the software behavior, the second requires defining appropriate metrics to evaluate the thoroughness of the testing activities. Structural testing addresses these problems by measuring the amount of code elements that are executed by a test suite. The code elements that are not covered by any execution are natural candidates for generating further test cases, and the measured coverage rate can be used to estimate the thoroughness of the test suite. Several empirical studies show that test suites achieving high coverage rates exhibit a high failure detection ability. However, producing highly covering test suites automatically is hard as certain code elements are executed only under complex conditions while other might be not reachable at all. In this thesis we propose Abstraction Refinement and Coarsening (ARC), a goal oriented technique that combines static and dynamic software analysis to automatically generate test suites with high code coverage. At the core of our approach there is an abstract program model that enables the synergistic application of the different analysis components. In ARC we integrate Dynamic Symbolic Execution (DSE) and abstraction refinement to precisely direct test generation towards the coverage goals and detect infeasible elements. ARC includes a novel coarsening algorithm for improved scalability. We implemented ARC-B, a prototype tool that analyses C programs and produces test suites that achieve high branch coverage. Our experiments show that the approach effectively exploits the synergy between symbolic testing and reachability analysis outperforming state of the art test generation approaches. We evaluated ARC-B on industry relevant software, and exposed previously unknown failures in a safety-critical software component
Specognitor: Identifying Spectre Vulnerabilities via Prediction-Aware Symbolic Execution
Spectre attacks exploit speculative execution to leak sensitive information.
In the last few years, a number of static side-channel detectors have been
proposed to detect cache leakage in the presence of speculative execution.
However, these techniques either ignore branch prediction mechanism, detect
static pre-defined patterns which is not suitable for detecting new patterns,
or lead to false negatives.
In this paper, we illustrate the weakness of prediction-agnostic
state-of-the-art approaches. We propose Specognitor, a novel prediction-aware
symbolic execution engine to soundly explore program paths and detect subtle
spectre variant 1 and variant 2 vulnerabilities. We propose a dynamic pattern
detection mechanism to account for both existing and future vulnerabilities.
Our experimental results show the effectiveness and efficiency of Specognitor
in analyzing real-world cryptographic programs w.r.t. different processor
families
- …