545 research outputs found
Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)
There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software
Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)
Security protocols are often found to be flawed after their deployment. We
present an approach that aims at the neutralization or mitigation of the
attacks to flawed protocols: it avoids the complete dismissal of the interested
protocol and allows honest agents to continue to use it until a corrected
version is released. Our approach is based on the knowledge of the network
topology, which we model as a graph, and on the consequent possibility of
creating an interference to an ongoing attack of a Dolev-Yao attacker, by means
of non-collaboration actuated by ad-hoc benign attackers that play the role of
network guardians. Such guardians, positioned in strategical points of the
network, have the task of monitoring the messages in transit and discovering at
runtime, through particular types of inference, whether an attack is ongoing,
interrupting the run of the protocol in the positive case. We study not only
how but also where we can attempt to defend flawed security protocols: we
investigate the different network topologies that make security protocol
defense feasible and illustrate our approach by means of concrete examples.Comment: 29 page
Implementing Man-in-the-Middle Attack to Investigate Network Vulnerabilities in Smart Grid Test-bed
The smart-grid introduces several new data-gathering, communication, and
information-sharing capabilities into the electrical system, as well as
additional privacy threats, vulnerabilities, and cyber-attacks. In this study,
Modbus is regarded as one of the most prevalent interfaces for control systems
in power plants. Modern control interfaces are vulnerable to cyber-attacks,
posing a risk to the entire energy infrastructure. In order to strengthen
resistance to cyber-attacks, this study introduces a test bed for
cyber-physical systems that operate in real-time. To investigate the network
vulnerabilities of smart power grids, Modbus protocol has been examined
combining a real-time power system simulator with a communication system
simulator and the effects of the system presented and analyzed. The goal is to
detect the vulnerability in Modbus protocol and perform the Man-in-the-middle
attack with its impact on the system. This proposed testbed can be evaluated as
a research model for vulnerability assessment as well as a tool for evaluating
cyber-attacks and enquire into any detection mechanism for safeguarding and
defending smart grid systems from a variety of cyberattacks. We present here
the preliminary findings on using the testbed to identify a particular MiTM
attack and the effects on system performance. Finally, we suggest a cyber
security strategy as a solution to address such network vulnerabilities and
deploy appropriate countermeasures.Comment: 7 pages, 10 figures, Conference paper, Accepted in publication for
2023 IEEE World AI IoT Congress (AIIoT
Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study
The combination of smart home platforms and automation apps introduces much
convenience to smart home users. However, this also brings the potential for
privacy leakage. If a smart home platform is permitted to collect all the
events of a user day and night, then the platform will learn the behavior
patterns of this user before long. In this paper, we investigate how IFTTT, one
of the most popular smart home platforms, has the capability of monitoring the
daily life of a user in a variety of ways that are hardly noticeable. Moreover,
we propose multiple ideas for mitigating privacy leakages, which altogether
forms a Filter-and-Fuzz (F&F) process: first, it filters out events unneeded by
the IFTTT platform; then, it fuzzes the values and frequencies of the remaining
events. We evaluate the F&F process, and the results show that the proposed
solution makes IFTTT unable to recognize any of the user's behavior patterns
An Auto-tuning Sanitizing System for Mitigating Injection Flaws
Abstract Injection attacks are dangerous and ubiquitous, contributing enormously to some of the most elaborate Web hacks. Enforcing proper input validation is an effective countermeasure to improve injection flaws. Unless a web application has a strong, centralized mechanism for validating all input from HTTP requests, injection flaws are very likely to exist. However, improper constraining rules may induce some detection error. False negatives may render security risks and false positives will cause improper limits of input characters. In this paper, we design an auto-tuning system to help validating input for each vulnerable injection point. A proper validation rule can be automatically generated through an auto-tuning mechanism. The experimental results show that the system can effectively protect against injection attacks and lower false positives while compared with traditional methods
Applicability of Neural Networks to Software Security
Software design flaws account for 50% software security vulnerability today. As attacks on vulnerable software continue to increase, the demand for secure software is also increasing thereby putting software developers under more pressure. This is especially true for those developers whose primary aim is to produce their software quickly under tight deadlines in order to release it into the market early. While there are many tools focusing on implementation problems during software development lifecycle (SDLC), this does not provide a complete solution in resolving software security problems. Therefore designing software with security in mind will go a long way in developing secure software. However, most of the current approaches used for evaluating software designs require the involvement of security experts because many software developers often lack the required expertise in making their software secure.
In this research the current approaches used in integrating security at the design level is discussed and a new method of evaluating software design using neural network as evaluation tool is presented. With the aid of the proposed neural network tool, this research found out that software design scenarios can be matched to attack patterns that identify the security flaws in the design scenarios. Also, with the proposed neural network tool this research found out that the identified attack patterns can be matched to security patterns that can provide mitigation to the threat in the attack pattern
Using Aspect Programming to Secure Web Applications
International audienceAs the Internet users increase, the need to protect web servers from malicious users has become a priority in many organizations and companies. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With AspectOriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS), that are common attacks in web servers. We experimented this aspect with AspectJ language and JBoss AOP. By this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP
Show Me Your Cookie And I Will Tell You Who You Are
With the success of Web applications, most of our data is now stored on
various third-party servers where they are processed to deliver personalized
services. Naturally we must be authenticated to access this personal
information, but the use of personalized services only restricted by
identification could indirectly and silently leak sensitive data. We analyzed
Google Web Search access mechanisms and found that the current policy applied
to session cookies could be used to retrieve users' personal data. We describe
an attack scheme leveraging the search personalization (based on the same SID
cookie) to retrieve a part of the victim's click history and even some of her
contacts. We implemented a proof of concept of this attack on Firefox and
Chrome Web browsers and conducted an experiment with ten volunteers. Thanks to
this prototype we were able to recover up to 80% of the user's search click
history
- …