Porting to Morello:An In-depth Study on Compiler Behaviors, CERT Guideline Violations, and Security Implications

As the need for secure systems grows, the exploration of secure hardware like Morello, based on the Capability Hardware Enhanced RISC Instructions (CHERI) architecture, becomes crucial. As Morello navigates towards market induction, establishing systematic approaches for transitioning software to its pure capability mode emerges as a crucial research endeavor. This paper investigates two main areas: a comparison with CERT guidelines and an exploitation analysis on the Morello platform. The comparison aims to identify potential developer-induced vulnerabilities and compiler limitations, elucidating how the Morello-llvm compiler behaves when there are CERT rule violations. Our exploitation analysis explores the limitations of the Morello-llvm compiler toolchain and the developer errors that could bypass Morello’s advanced security features. The findings highlight that despite advancements in toolchains, developer-induced vulnerabilities remain a significant issue, emphasizing the importance of adhering to established programming standards like CERT guidelines

Porting to Morello:An In-depth Study on Compiler Behaviors, CERT Guideline Violations, and Security Implications

As the need for secure systems grows, the exploration of secure hardware like Morello, based on the Capability Hardware Enhanced RISC Instructions (CHERI) architecture, becomes crucial. As Morello navigates towards market induction, establishing systematic approaches for transitioning software to its pure capability mode emerges as a crucial research endeavor. This paper investigates two main areas: a comparison with CERT guidelines and an exploitation analysis on the Morello platform. The comparison aims to identify potential developer-induced vulnerabilities and compiler limitations, elucidating how the Morello-llvm compiler behaves when there are CERT rule violations. Our exploitation analysis explores the limitations of the Morello-llvm compiler toolchain and the developer errors that could bypass Morello’s advanced security features. The findings highlight that despite advancements in toolchains, developer-induced vulnerabilities remain a significant issue, emphasizing the importance of adhering to established programming standards like CERT guidelines

Um metamodelo para apoiar a formalização de convenções de codificação

Orientador: Leonardo MontecchiDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: As convenções de codificação são um meio de melhorar a confiabilidade dos sistemas de software. Elas podem ser estabelecidas por vários motivos, desde melhorar a legibilidade do código até evitar a introdução de falhas de segurança. No entanto, convenções de codificação geralmente vêm na forma de documentos textuais em linguagem natural, o que as torna difíceis de gerenciar e aplicar. Seguindo os princípios de engenharia orientados a modelos, nesta dissertação, propomos uma abordagem e uma linguagem para especificar convenções de codificação usando modelos estruturados. Chamamos tal linguagem de Coding Conventions Specification Language (CCSL). Também propomos uma transformação de modelo para gerar automaticamente verificadores a partir de uma especificação CCSL para encontrar violações das regras especificadas. Para avaliar a proposta, realizamos dois experimentos. O primeiro experimento tem como objetivo avaliar o metamodelo CCSL, enquanto o outro tem como objetivo verificar a capacidade dos verificadores de encontrar violações da regra especificada nos códigos Java. Os resultados obtidos são promissores e sugerem que a abordagem proposta é viável. No entanto, eles também destacam que muitos desafios ainda precisam ser superados. No primeiro experimento, analisamos um total de 216 regras individuais de dois grandes conjuntos de convenções de codificação existentes. No geral, foi possível representar 63% das regras de codificação consideradas usando nossa linguagem. No segundo experimento, selecionamos 53 regras dentre as implementadas na ferramenta PMD (um analisador de código popular) para comparar os resultados entre nossa ferramenta e a ferramenta PMD em três projetos reais. Em geral, alcançamos resultados iguais ou melhores da ferramenta PMD em mais da metade das regras selecionadas (79%), enquanto apenas 6% das regras não puderam ser especificadas usando nossa linguagem. Nas regras restantes, os resultados apresentados foram diferentes para cada uma das ferramentas. Concluímos discutindo instruções para trabalhos futurosAbstract: Coding conventions are a means to improve the reliability of software systems. They can be established for many reasons, ranging from improving the readability of code to avoiding the introduction of security flaws. However, coding conventions often come in the form of textual documents in natural language, which makes them hard to be managed and to enforced. Following model-driven engineering principles, in this dissertation we propose an approach and language for specifying coding conventions using structured models. We call this language Coding Conventions Specification Language (CCSL). We also propose a model transformation to concretely generate checkers to find violations of the rules specified with our language. To evaluate the proposal, we performed two experiments. The first experiment aims to evaluate the Coding Conventions Specification Language metamodel, while the other aims to check the capability of the derived checkers to find violations of the specified rule in Java codes. The obtained results are promising and suggest that the proposed approach is feasible. However, they also highlight that many challenges still need to be overcome. In the first experiment, we analyzed a total of 216 individual rules from two large sets of existing coding conventions. Overall, it was possible to represent 63% of the considered coding rules using our language. In the second experiment, we selected 53 rules from those implemented in the PMD tool to compare the results between our tool and the PMD tool in three real projects. In general, we achieve equal or better results of the PMD tool in more than half of the selected rules (79%), while only 6% of the rules could not be specified using our language. There are also cases where PMD performed better than our approach (9%) as well as cases where the results were different for each of the tools (6%). We conclude by discussing directions for future worksMestradoCiência da ComputaçãoMestre em Ciência da Computação2018/11129-8FAPES

The development of a database taxonomy of vulnerabilities to support the study of denial of service attacks

As computer networks continue to proliferate, the world\u27s dependence on a secure communication infrastructure is of prime importance. Disruption of service through Denial of Service (DoS) attacks can result in great financial loss for Internet-based companies and major inconveniences for users of Internet services. The purpose of this two-year study was to study and understand network denial of service attacks so that methods may be developed to detect and prevent them.;Initially, the researcher constructed a database of system and network exploits that revealed the underlying vulnerabilities in the software or protocols they attack. The database was populated with exploits posted at popular reporting sites such as Rootshell, Bugtraq, Security Focus. To encourage the use of a common vulnerability taxonomy and to facilitate sharing of data, parts of the classification scheme proposed by Krsul (1998) in his research were included, as well as developing a taxonomy tree based on the current research.;Sifting through the reports and categorizing the attacks has been a challenging experience; and creating categories that are unambiguous, repeatable, and exhaustive has proven to be a difficult task. The results were two to three methods of classification that are useful for developing categories of vulnerabilities. The next phase of the project was to look for any clustering of attacks based on these vulnerability categories, and to determine if effective countermeasures can be deployed against them. Although past history is no guarantee of future exploit activity, it is hoped that the countermeasures proposed based on these 630 exploits will remain valid for future DoS attacks. Toward this goal, the research made use of data mining software packages to plot the various categories of attacks so that the interrelationships could be more easily discovered and studied. A sampling of the database plots, an interpretation of the plotted data, and the countermeasures proposed for the vulnerability categories developed as part of the database creation are presented in this research

Development Life Cycle

Security in the Software Life Cycle This article emphasizes how developers need to make additional, significant increases in their processes, by adding structure and repeatability to further the security and quality of their software. by Joe Jarzombek and Karen Mercedes Goertze

Mitigating Insider Threat Risks in Cyber-physical Manufacturing Systems

Cyber-Physical Manufacturing System (CPMS)—a next generation manufacturing system—seamlessly integrates digital and physical domains via the internet or computer networks. It will enable drastic improvements in production flexibility, capacity, and cost-efficiency. However, enlarged connectivity and accessibility from the integration can yield unintended security concerns. The major concern arises from cyber-physical attacks, which can cause damages to the physical domain while attacks originate in the digital domain. Especially, such attacks can be performed by insiders easily but in a more critical manner: Insider Threats. Insiders can be defined as anyone who is or has been affiliated with a system. Insiders have knowledge and access authentications of the system\u27s properties, therefore, can perform more serious attacks than outsiders. Furthermore, it is hard to detect or prevent insider threats in CPMS in a timely manner, since they can easily bypass or incapacitate general defensive mechanisms of the system by exploiting their physical access, security clearance, and knowledge of the system vulnerabilities. This thesis seeks to address the above issues by developing an insider threat tolerant CPMS, enhanced by a service-oriented blockchain augmentation and conducting experiments & analysis. The aim of the research is to identify insider threat vulnerabilities and improve the security of CPMS. Blockchain\u27s unique distributed system approach is adopted to mitigate the insider threat risks in CPMS. However, the blockchain limits the system performance due to the arbitrary block generation time and block occurrence frequency. The service-oriented blockchain augmentation is providing physical and digital entities with the blockchain communication protocol through a service layer. In this way, multiple entities are integrated by the service layer, which enables the services with less arbitrary delays while retaining their strong security from the blockchain. Also, multiple independent service applications in the service layer can ensure the flexibility and productivity of the CPMS. To study the effectiveness of the blockchain augmentation against insider threats, two example models of the proposed system have been developed: Layer Image Auditing System (LIAS) and Secure Programmable Logic Controller (SPLC). Also, four case studies are designed and presented based on the two models and evaluated by an Insider Attack Scenario Assessment Framework. The framework investigates the system\u27s security vulnerabilities and practically evaluates the insider attack scenarios. The research contributes to the understanding of insider threats and blockchain implementations in CPMS by addressing key issues that have been identified in the literature. The issues are addressed by EBIS (Establish, Build, Identify, Simulation) validation process with numerical experiments and the results, which are in turn used towards mitigating insider threat risks in CPMS

Finding Software Vulnerabilities in Open-Source C Projects via Bounded Model Checking

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for modern software products. We advocate that bounded model-checking techniques can efficiently detect vulnerabilities in general software systems. However, such an approach struggles to scale up and verify extensive code bases. Consequently, we have developed and evaluated a methodology to verify large software systems using a state-of-the-art bounded model checker. In particular, we pre-process input source-code files and guide the respective model checker to explore them systematically. Moreover, the proposed scheme includes a function-wise prioritization strategy, which readily provides results for code entities according to a scale of importance. Experimental results using a real implementation of the proposed methodology show that it can efficiently verify large software systems. Besides, it presented low peak memory allocation when executed. We have evaluated our approach by verifying twelve popular open-source C projects, where we have found real software vulnerabilities that their developers confirmed.Comment: 27 pages, submitted to STTT journa

Software Assurance Best Practices for Air Force Weapon and Information Technology Systems - Are We Bleeding?

In the corporate world, bits mean money, and as the Department of Defense (DoD) becomes more and more reliant on net-centric warfare, bits mean national security. Software security threats are very real, as demonstrated by the constant barrage of Internet viruses, worms, Trojans, and hackers seeking to exploit the latest vulnerability. Most organizations focus their resources on reactive defenses such as firewalls, antivirus software, and encryption, however as demonstrated by the numerous attacks that are successful, those post facto measures are not enough to stop the bleeding. The DoD defines software assurance (SwA) as the level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software. SwA focuses on baking in security versus bolting it on afterwards. The Department of Homeland Security and DoD each have had SwA programs for a few years; however the Air Force (AF) just recently formed the Application Software Assurance Center of Excellence at Maxwell AFB-Gunter Annex, AL. This research seeks to identify common issues that present challenges to the development of secure software and best practices that the AF could adopt as it proactively begins to heal the SwA problem

Human decision-making in computer security incident response

Background: Cybersecurity has risen to international importance. Almost every organization will fall victim to a successful cyberattack. Yet, guidance for computer security incident response analysts is inadequate. Research Questions: What heuristics should an incident analyst use to construct general knowledge and analyse attacks? Can we construct formal tools to enable automated decision support for the analyst with such heuristics and knowledge? Method: We take an interdisciplinary approach. To answer the first question, we use the research tradition of philosophy of science, specifically the study of mechanisms. To answer the question on formal tools, we use the research tradition of program verification and logic, specifically Separation Logic. Results: We identify several heuristics from biological sciences that cybersecurity researchers have re-invented to varying degrees. We consolidate the new mechanisms literature to yield heuristics related to the fact that knowledge is of clusters of multi-field mechanism schema on four dimensions. General knowledge structures such as the intrusion kill chain provide context and provide hypotheses for filling in details. The philosophical analysis answers this research question, and also provides constraints on building the logic. Finally, we succeed in defining an incident analysis logic resembling Separation Logic and translating the kill chain into it as a proof of concept. Conclusion: These results benefits incident analysis, enabling it to expand from a tradecraft or art to also integrate science. Future research might realize our logic into automated decision-support. Additionally, we have opened the field of cybersecuity to collaboration with philosophers of science and logicians