571 research outputs found
Towards Better Static Analysis Security Testing Methodologies
Software vulnerabilities have been a significant attack surface used in cyberattacks, which
have been escalating recently. Software vulnerabilities have caused substantial damage,
and thus there are many techniques to guard against them. Nevertheless, detecting and
eliminating software vulnerabilities from the source code is the best and most effective solution
in terms of protection and cost. Static Analysis Security Testing (SAST) tools spot
vulnerabilities and help programmers to remove the vulnerabilities. The fundamental problem
is that modern software continues to evolve and shift, making detecting vulnerabilities
more difficult. Hence, this thesis takes a step toward highlighting the features required to
be present in the SAST tools to address software vulnerabilities in modern software. The
thesis’s end goal is to introduce SAST methods and tools to detect the dominant type of
software vulnerabilities in modern software. The investigation first focuses on state-of-theart
SAST tools when working with large-scale modern software. The research examines
how different state-of-the-art SAST tools react to different types of warnings over time,
and measures SAST tools precision of different types of warnings. The study presumption
is that the SAST tools’ precision can be obtained from studying real-world projects’ history
and SAST tools that generated warnings over time. The empirical analysis in this
study then takes a further step to look at the problem from a different angle, starting at
the real-world vulnerabilities detected by individuals and published in well-known vulnerabilities
databases. Android application vulnerabilities are used as an example of modern
software vulnerabilities. This study aims to measure the recall of SAST tools when they
work with modern software vulnerabilities and understand how software vulnerabilities
manifest in the real world. We find that buffer errors that belong to the input validation
and representation class of vulnerability dominate modern software. Also, we find that
studied state-of-the-art SAST tools failed to identify real-world vulnerabilities. To address
the issue of detecting vulnerabilities in modern software, we introduce two methodologies.
The first methodology is a coarse-grain method that targets helping taint static analysis
methods to tackle two aspects of the complexity of modern software. One aspect is that
one vulnerability can be scattered across different languages in a single application making
the analysis harder to achieve. The second aspect is that the number of sources and
sinks is high and increasing over time, which can be hard for taint analysis to cover such
a high number of sources and sinks. We implement the proposed methodology in a tool
called Source Sink (SoS) that filters out the source and sink pairs that do not have feasible
paths. Then, another fine-grain methodology focuses on discovering buffer errors that
occur in modern software. The method performs taint analysis to examine the reachability
between sources and sinks and looks for "validators" that validates the untrusted input.
We implemented methodology in a tool called Buffer Error Finder (BEFinder)
DebAuthn: a Relying Party Implementation as a WebAuthn Authenticator Debugging Tool
[Abstract]
Passwords as an authentication method have become vulnerable to numerous attacks. During
the last few years, the FIDO Alliance and the W3C have been working on a new authentication
method based on public key cryptography and hardware authenticators, which avoids attacks
like phishing or password stealing. This degree thesis focuses on the development of a web
application as a flexible testing and debugging environment for developers and researchers
of the protocol, still under development. Moreover, the developed tool is used for testing the
most relevant hardware authenticators, showcasing their main characteristics.[Resumo]
Os contrasinais como método de autentificación volvéronse vulnerables a numerosos ataques.
Durante os últimos anos, a FIDO Alliance e a W3C estiveron traballando nun novo sistema
de autentificación baseado en criptografÃa de chave pública e autentificadores hardware,
o que evita ataques como phishing ou roubo de contrasinais. Este traballo de fin de grao
céntrase no desenvolvemento dunha aplicación web como un entorno flexible de probas e
depuración para desenvolvedores e investigadores do protocolo, aÃnda en desenvolvemento.
Ademais, a ferramenta desenvolvida é usada para probar os autentificadores hardware máis
relevantes, mostrando as súas caracterÃsticas principais
Annotation-Based Static Analysis for Personal Data Protection
This paper elaborates the use of static source code analysis in the context
of data protection. The topic is important for software engineering in order
for software developers to improve the protection of personal data during
software development. To this end, the paper proposes a design of annotating
classes and functions that process personal data. The design serves two primary
purposes: on one hand, it provides means for software developers to document
their intent; on the other hand, it furnishes tools for automatic detection of
potential violations. This dual rationale facilitates compliance with the
General Data Protection Regulation (GDPR) and other emerging data protection
and privacy regulations. In addition to a brief review of the state-of-the-art
of static analysis in the data protection context and the design of the
proposed analysis method, a concrete tool is presented to demonstrate a
practical implementation for the Java programming language
Reproducing Failures in Fault Signatures
Software often fails in the field, however reproducing and debugging field
failures is very challenging: the failure-inducing input may be missing, and
the program setup can be complicated and hard to reproduce by the developers.
In this paper, we propose to generate fault signatures from the failure
locations and the original source code to reproduce the faults in small
executable programs. We say that a fault signature reproduces the fault in the
original program if the two failed in the same location, triggered the same
error conditions after executing the same selective sequences of
failure-inducing statements. A fault signature aims to contain only sufficient
statements that can reproduce the faults. That way, it provides some context to
inform how a fault is developed and also avoids unnecessary complexity and
setups that may block fault diagnosis. To compute fault signatures from the
failures, we applied a path-sensitive static analysis tool to generate a path
that leads to the fault, and then applied an existing syntactic patching tool
to convert the path into an executable program. Our evaluation on real-world
bugs from Corebench, BugBench, and Manybugs shows that fault signatures can
reproduce the fault for the original programs. Because fault signatures are
less complex, automatic test input generation tools generated failure-inducing
inputs that could not be generated by using the entire programs. Some
failure-inducing inputs can be directly transferred to the original programs.
Our experimental data are publicly available at
https://doi.org/10.5281/zenodo.5430155
The Android Platform Security Model
Android is the most widely deployed end-user focused operating system. With
its growing set of use cases encompassing communication, navigation, media
consumption, entertainment, finance, health, and access to sensors, actuators,
cameras, or microphones, its underlying security model needs to address a host
of practical threats in a wide variety of scenarios while being useful to
non-security experts. The model needs to strike a difficult balance between
security, privacy, and usability for end users, assurances for app developers,
and system performance under tight hardware constraints. While many of the
underlying design principles have implicitly informed the overall system
architecture, access control mechanisms, and mitigation techniques, the Android
security model has previously not been formally published. This paper aims to
both document the abstract model and discuss its implications. Based on a
definition of the threat model and Android ecosystem context in which it
operates, we analyze how the different security measures in past and current
Android implementations work together to mitigate these threats. There are some
special cases in applying the security model, and we discuss such deliberate
deviations from the abstract model
- …