Java Components Vulnerabilities - An Experimental Classification Targeted at the OSGi Platform

The OSGi Platform finds a growing interest in two different applications domains: embedded systems, and applications servers. However, the security properties of this platform are hardly studied, which is likely to hinder its use in production systems. This is all the more important that the dynamic aspect of OSGi-based applications, that can be extended at runtime, make them vulnerable to malicious code injection. We therefore perform a systematic audit of the OSGi platform so as to build a vulnerability catalog that intends to reference OSGi Vulnerabilities originating in the Core Specification, and in behaviors related to the use of the Java language. Standard Services are not considered. To support this audit, a Semi-formal Vulnerability Pattern is defined, that enables to uniquely characterize fundamental properties for each vulnerability, to include verbose description in the pattern, to reference known security protections, and to track the implementation status of the proof-of-concept OSGi Bundles that exploit the vulnerability. Based on the analysis of the catalog, a robust OSGi Platform is built, and recommendations are made to enhance the OSGi Specifications

Kyberuhat konttisataman automaatiojärjestelmässä

The rapid development in connectivity of Industrial Control Systems has created a new security threat in all industrial sectors, and the maritime sector is no exception. Therefore this thesis explores cyber threats in a container terminal automation system using two methods: literature review and attack tree analysis. In this thesis, cyber threats in Industrial Control Systems were first studied in general by the means of a literature review. Then, the identified threats were applied to a software component of a terminal automation system using attack trees. Attack trees are a tool that helps in visualizing different cyber attacks. Based on the results, threats were classified in risk categories and the most problematic areas were identified. Finally, suggestions were made on how to improve cyber security of the component assessed and of the terminal automation system in general. Based on the literature review, ten different risk categories were identified. The categories cover various attacks ranging from malware and Denial-of-Service attacks all the way to physical and social attacks. When assessing the software component, three problem areas were identified: susceptibility to Denial-of-Service attacks, weak protection of communication and vulnerability of a certain software sub-component. The suggested security improvements include changes to the network design, use of stronger authentication and better management of the process automation network

Kyberuhat konttisataman automaatiojärjestelmässä

The rapid development in connectivity of Industrial Control Systems has created a new security threat in all industrial sectors, and the maritime sector is no exception. Therefore this thesis explores cyber threats in a container terminal automation system using two methods: literature review and attack tree analysis. In this thesis, cyber threats in Industrial Control Systems were first studied in general by the means of a literature review. Then, the identified threats were applied to a software component of a terminal automation system using attack trees. Attack trees are a tool that helps in visualizing different cyber attacks. Based on the results, threats were classified in risk categories and the most problematic areas were identified. Finally, suggestions were made on how to improve cyber security of the component assessed and of the terminal automation system in general. Based on the literature review, ten different risk categories were identified. The categories cover various attacks ranging from malware and Denial-of-Service attacks all the way to physical and social attacks. When assessing the software component, three problem areas were identified: susceptibility to Denial-of-Service attacks, weak protection of communication and vulnerability of a certain software sub-component. The suggested security improvements include changes to the network design, use of stronger authentication and better management of the process automation network

Putting the Semantics into Semantic Versioning

The long-standing aspiration for software reuse has made astonishing strides in the past few years. Many modern software development ecosystems now come with rich sets of publicly-available components contributed by the community. Downstream developers can leverage these upstream components, boosting their productivity. However, components evolve at their own pace. This imposes obligations on and yields benefits for downstream developers, especially since changes can be breaking, requiring additional downstream work to adapt to. Upgrading too late leaves downstream vulnerable to security issues and missing out on useful improvements; upgrading too early results in excess work. Semantic versioning has been proposed as an elegant mechanism to communicate levels of compatibility, enabling downstream developers to automate dependency upgrades. While it is questionable whether a version number can adequately characterize version compatibility in general, we argue that developers would greatly benefit from tools such as semantic version calculators to help them upgrade safely. The time is now for the research community to develop such tools: large component ecosystems exist and are accessible, component interactions have become observable through automated builds, and recent advances in program analysis make the development of relevant tools feasible. In particular, contracts (both traditional and lightweight) are a promising input to semantic versioning calculators, which can suggest whether an upgrade is likely to be safe.Comment: to be published as Onward! Essays 202

Ubiquitous Computing

The aim of this book is to give a treatment of the actively developed domain of Ubiquitous computing. Originally proposed by Mark D. Weiser, the concept of Ubiquitous computing enables a real-time global sensing, context-aware informational retrieval, multi-modal interaction with the user and enhanced visualization capabilities. In effect, Ubiquitous computing environments give extremely new and futuristic abilities to look at and interact with our habitat at any time and from anywhere. In that domain, researchers are confronted with many foundational, technological and engineering issues which were not known before. Detailed cross-disciplinary coverage of these issues is really needed today for further progress and widening of application range. This book collects twelve original works of researchers from eleven countries, which are clustered into four sections: Foundations, Security and Privacy, Integration and Middleware, Practical Applications

Evil Pickles: DoS Attacks Based on Object-Graph Engineering

In recent years, multiple vulnerabilities exploiting the serialisation APIs of various programming languages, including Java, have been discovered. These vulnerabilities can be used to devise in- jection attacks, exploiting the presence of dynamic programming language features like reflection or dynamic proxies. In this paper, we investigate a new type of serialisation-related vulnerabilit- ies for Java that exploit the topology of object graphs constructed from classes of the standard library in a way that deserialisation leads to resource exhaustion, facilitating denial of service attacks. We analyse three such vulnerabilities that can be exploited to exhaust stack memory, heap memory and CPU time. We discuss the language and library design features that enable these vulnerabilities, and investigate whether these vulnerabilities can be ported to C#, Java- Script and Ruby. We present two case studies that demonstrate how the vulnerabilities can be used in attacks on two widely used servers, Jenkins deployed on Tomcat and JBoss. Finally, we propose a mitigation strategy based on contract injection

Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going To Be

Inspired by the boom of the consumer IoT market, many device manufacturers, new start-up companies and technology behemoths have jumped into the space. Indeed, in a span of less than 5 years, we have experienced the manifestation of an array of solutions for the smart home, smart cities and even smart cars. Unfortunately, the exciting utility and rapid marketization of IoTs, come at the expense of privacy and security. Online and industry reports, and academic work have revealed a number of attacks on IoT systems, resulting in privacy leakage, property loss and even large-scale availability problems on some of the most influential Internet services (e.g. Netflix, Twitter). To mitigate such threats, a few new solutions have been proposed. However, it is still less clear what are the impacts they can have on the IoT ecosystem. In this work, we aim to perform a comprehensive study on reported attacks and defenses in the realm of IoTs aiming to find out what we know, where the current studies fall short and how to move forward. To this end, we first build a toolkit that searches through massive amount of online data using semantic analysis to identify over 3000 IoT-related articles (papers, reports and news). Further, by clustering such collected data using machine learning technologies, we are able to compare academic views with the findings from industry and other sources, in an attempt to understand the gaps between them, the trend of the IoT security risks and new problems that need further attention. We systemize this process, by proposing a taxonomy for the IoT ecosystem and organizing IoT security into five problem areas. We use this taxonomy as a beacon to assess each IoT work across a number of properties we define. Our assessment reveals that despite the acknowledged and growing concerns on IoT from both industry and academia, relevant security and privacy problems are far from solved. We discuss how each proposed solution can be applied to a problem area and highlight their strengths, assumptions and constraints. We stress the need for a security framework for IoT vendors and discuss the trend of shifting security liability to external or centralized entities. We also identify open research problems and provide suggestions towards a secure IoT ecosystem

MiSFIT: Mining Software Fault Information and Types

As software becomes more important to society, the number, age, and complexity of systems grow. Software organizations require continuous process improvement to maintain the reliability, security, and quality of these software systems. Software organizations can utilize data from manual fault classification to meet their process improvement needs, but organizations lack the expertise or resources to implement them correctly. This dissertation addresses the need for the automation of software fault classification. Validation results show that automated fault classification, as implemented in the MiSFIT tool, can group faults of similar nature. The resulting classifications result in good agreement for common software faults with no manual effort. To evaluate the method and tool, I develop and apply an extended change taxonomy to classify the source code changes that repaired software faults from an open source project. MiSFIT clusters the faults based on the changes. I manually inspect a random sample of faults from each cluster to validate the results. The automatically classified faults are used to analyze the evolution of a software application over seven major releases. The contributions of this dissertation are an extended change taxonomy for software fault analysis, a method to cluster faults by the syntax of the repair, empirical evidence that fault distribution varies according to the purpose of the module, and the identification of project-specific trends from the analysis of the changes

On the Development of Real-Time Multi-User Web Applications

With the increasing popularity of the World Wide Web (WWW), end-user applications are moving from desktop to the browser. Web applications have several benefits over native applications: web applications have worldwide availability for any browsing capable device without prior installations. In addition, web applications are easy to distribute and update – once deployed, a web application is instantly available worldwide and further modifications to the system are propagated automatically. The current trend seems to be that web applications are offering collaboration, social connections, and user to user interactions as key features. This can be seen, for example, in the popularity of Facebook, Flickr, and Twitter. Despite all the benefits of the Web, web applications are suffering from the shortcomings in underlying technologies. The Web is strongly rooted in information sharing, and the current technical solutions isolate users rather than make them aware of each other. Since the data cannot be pushed from server to a client, the client must always initiate the communication, which causes a considerable impediment for real-time multi-user web applications, like online chats that have several concurrent users continuously interacting with each other. For such systems, it would be practical if the server could push messages to clients. As a further obstacle, most web application frameworks isolate users in their private sessions that only interact indirectly via the database. This main contribution of this thesis is to make the development of real-time multi-user web applications easier. We elaborate on the difficulties in implementation and design and introduce methods of circumventing them. The main argument is that the Web, the available technology stack, and the frameworks are difficult to use for developing real-time multi-user web applications. However, by selecting the proper approach, the problems can be solved. In this thesis, we have divided the frameworks in groups based on how they make separation of concerns between the client and the server. The separation is important as it determines the thickness of the client and thus where to locate the business logic and the application state. In addition, it has effect on the synchronization of the state between the clients. To collect experiences and for backing up our assumptions, we have implemented real-time multi-user web applications for several frameworks and studied how the frameworks should be used for enabling real-time multi-user application development

Trust and Privacy Solutions Based on Holistic Service Requirements

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing