2,641 research outputs found
Research and Proof of Concept of Selected ISKE Highest Level Integrity Requirements
Informatsiooni turvalisus on saamas üha olulisemaks tänapäeva ühiskonnas, kus üha rohkem protsesse ja tegevusi digitaliseeritakse ja andmed liiguvad paberilt bittideks ja baitideks digitaalsele kujule. Eesti riigi- ja avalikud asutused koguvad ja töötlevad informatsiooni, et tagada kõrgetasemelisi teenuseid, täita põhiseaduse kohustusi või rahvusvahelisi lepinguid. Avalik sektor Eestis peab täitma andmete käitlemisel informatsiooni turvalisuse standardi Infosüsteemide turvameetmete süsteemi ISKE nõudeid kolmes teguris: käideldavus, terviklus ja konfidentsiaalsus.Käesolev töö võtab tervikluse valdkonna detailsema uurimise alla, et saavutada ISKE meetmete täitmine ja turvaeesmärkide saavutamine, millised on nõutud kõrgeima terviklusega andmetele. Analüüsides ISKE tervikluse valdkonda ja luues mitmekülgse kontseptsiooni teostuse tõestamise projekti turvanõuete realiseerimise meetmetele on võimalik suurendada arendajate ja ISKE rakendamise partnerite teadlikkust saavutamaks parem informatsiooni turvalisus.Information security becomes more and more important in today's society, where more processes and operations will be digitised and data moves from paper to bits and bytes and receive digital form. In Estonia state and public institutions are collecting and processing information for providing high level services, fulfilling state needs on constitutional tasks or international contracts. Public sector in Estonia must apply information security standard IT Baseline Security System ISKE requirements in three factors: availability, integrity and confidentiality of processed data.This work takes integrity domain under detail research to meet ISKE requirements and security objectives demanded for data with highest integrity needs. By analysing integrity domain of ISKE and providing versatile proof of concept about solution for implementing security controls, it is possible to increase awareness of software developers and ISKE implementation participants to achieve better security of information
Automated Change Rule Inference for Distance-Based API Misuse Detection
Developers build on Application Programming Interfaces (APIs) to reuse
existing functionalities of code libraries. Despite the benefits of reusing
established libraries (e.g., time savings, high quality), developers may
diverge from the API's intended usage; potentially causing bugs or, more
specifically, API misuses. Recent research focuses on developing techniques to
automatically detect API misuses, but many suffer from a high false-positive
rate. In this article, we improve on this situation by proposing ChaRLI (Change
RuLe Inference), a technique for automatically inferring change rules from
developers' fixes of API misuses based on API Usage Graphs (AUGs). By
subsequently applying graph-distance algorithms, we use change rules to
discriminate API misuses from correct usages. This allows developers to reuse
others' fixes of an API misuse at other code locations in the same or another
project. We evaluated the ability of change rules to detect API misuses based
on three datasets and found that the best mean relative precision (i.e., for
testable usages) ranges from 77.1 % to 96.1 % while the mean recall ranges from
0.007 % to 17.7 % for individual change rules. These results underpin that
ChaRLI and our misuse detection are helpful complements to existing API misuse
detectors
Active Learning of Discriminative Subgraph Patterns for API Misuse Detection
A common cause of bugs and vulnerabilities are the violations of usage
constraints associated with Application Programming Interfaces (APIs). API
misuses are common in software projects, and while there have been techniques
proposed to detect such misuses, studies have shown that they fail to reliably
detect misuses while reporting many false positives. One limitation of prior
work is the inability to reliably identify correct patterns of usage. Many
approaches confuse a usage pattern's frequency for correctness. Due to the
variety of alternative usage patterns that may be uncommon but correct, anomaly
detection-based techniques have limited success in identifying misuses. We
address these challenges and propose ALP (Actively Learned Patterns),
reformulating API misuse detection as a classification problem. After
representing programs as graphs, ALP mines discriminative subgraphs. While
still incorporating frequency information, through limited human supervision,
we reduce the reliance on the assumption relating frequency and correctness.
The principles of active learning are incorporated to shift human attention
away from the most frequent patterns. Instead, ALP samples informative and
representative examples while minimizing labeling effort. In our empirical
evaluation, ALP substantially outperforms prior approaches on both MUBench, an
API Misuse benchmark, and a new dataset that we constructed from real-world
software projects
Evaluating Pre-trained Language Models for Repairing API Misuses
API misuses often lead to software bugs, crashes, and vulnerabilities. While
several API misuse detectors have been proposed, there are no automatic repair
tools specifically designed for this purpose. In a recent study,
test-suite-based automatic program repair (APR) tools were found to be
ineffective in repairing API misuses. Still, since the study focused on
non-learning-aided APR tools, it remains unknown whether learning-aided APR
tools are capable of fixing API misuses. In recent years, pre-trained language
models (PLMs) have succeeded greatly in many natural language processing tasks.
There is a rising interest in applying PLMs to APR. However, there has not been
any study that investigates the effectiveness of PLMs in repairing API misuse.
To fill this gap, we conduct a comprehensive empirical study on 11
learning-aided APR tools, which include 9 of the state-of-the-art
general-purpose PLMs and two APR tools. We evaluate these models with an
API-misuse repair dataset, consisting of two variants. Our results show that
PLMs perform better than the studied APR tools in repairing API misuses. Among
the 9 pre-trained models tested, CodeT5 is the best performer in the exact
match. We also offer insights and potential exploration directions for future
research.Comment: Under review by TOSE
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
Illicit crypto-mining leverages resources stolen from victims to mine
cryptocurrencies on behalf of criminals. While recent works have analyzed one
side of this threat, i.e.: web-browser cryptojacking, only commercial reports
have partially covered binary-based crypto-mining malware. In this paper, we
conduct the largest measurement of crypto-mining malware to date, analyzing
approximately 4.5 million malware samples (1.2 million malicious miners), over
a period of twelve years from 2007 to 2019. Our analysis pipeline applies both
static and dynamic analysis to extract information from the samples, such as
wallet identifiers and mining pools. Together with OSINT data, this information
is used to group samples into campaigns. We then analyze publicly-available
payments sent to the wallets from mining-pools as a reward for mining, and
estimate profits for the different campaigns. All this together is is done in a
fully automated fashion, which enables us to leverage measurement-based
findings of illicit crypto-mining at scale. Our profit analysis reveals
campaigns with multi-million earnings, associating over 4.4% of Monero with
illicit mining. We analyze the infrastructure related with the different
campaigns, showing that a high proportion of this ecosystem is supported by
underground economies such as Pay-Per-Install services. We also uncover novel
techniques that allow criminals to run successful campaigns.Comment: A shorter version of this paper appears in the Proceedings of 19th
ACM Internet Measurement Conference (IMC 2019). This is the full versio
Identifying Native Applications with High Assurance
The work described in this paper investigates the problem
of identifying and deterring stealthy malicious processes on
a host. We point out the lack of strong application iden-
tication in main stream operating systems. We solve the
application identication problem by proposing a novel iden-
tication model in which user-level applications are required
to present identication proofs at run time to be authenti-
cated by the kernel using an embedded secret key. The se-
cret key of an application is registered with a trusted kernel
using a key registrar and is used to uniquely authenticate
and authorize the application. We present a protocol for
secure authentication of applications. Additionally, we de-
velop a system call monitoring architecture that uses our
model to verify the identity of applications when making
critical system calls. Our system call monitoring can be
integrated with existing policy specication frameworks to
enforce application-level access rights. We implement and
evaluate a prototype of our monitoring architecture in Linux
as device drivers with nearly no modication of the ker-
nel. The results from our extensive performance evaluation
shows that our prototype incurs low overhead, indicating the
feasibility of our model
- …