Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a "permission gap". Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Our prototype implementation in the context of Android shows that the static analysis must take into account a significant amount of platform-specific knowledge. Using our tool on two datasets of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare

Reducing the Attack Surface of Dynamic Binary Instrumentation Frameworks

Malicious applications pose as one of the most relevant issues in today’s technology scenario, being considered the root of many Internet security threats. In part, this owes the ability of malware developers to promptly respond to the emergence of new security solutions by developing artifacts to detect and avoid them. In this work, we present three countermeasures to mitigate recent mechanisms used by malware to detect analysis environments. Among these techniques, this work focuses on those that enable a malware to detect dynamic binary instrumentation frameworks, thus increasing their attack surface. To ensure the effectiveness of the proposed countermeasures, proofs of concept were developed and tested in a controlled environment with a set of anti-instrumentation techniques. Finally, we evaluated the performance impact of using such countermeasures

Cybersecurity: reducing the attack surface

Almost 60% of the world’s population has access to the internet and most organisations today rely on internet connectivity to conduct business and carry out daily operations. Further to this, it is estimated that concepts such as the Internet of Things (IoT) will facilitate the connections of over 125 billion ‘things’ by the year 2030. However, as people and devices are becoming more and more interconnected, and more data is being shared, the question that must be asked is – are we doing so securely? Each year, cybercriminals cost organisations and individuals millions of dollars, using techniques such as phishing, social engineering, malware and denial of service attacks. In particular, together with the Covid-19 pandemic, there has been a so-called ‘cybercrime pandemic’. Threat actors adapted their techniques to target people with Covid-19-themed cyberattacks and phishing campaigns to exploit their stress and anxiety during the pandemic. Cybersecurity and cybercrime exist in a symbiotic relationship in cyberspace, where, as cybersecurity gets stronger, so the cybercriminals need to become stronger to overcome those defenses. And, as the cybercriminals become stronger, so too must the defenses. Further, this symbiotic relationship plays out on what is called the attack surface. Attack surfaces are the exposed areas of an organisation that make systems more vulnerable to attacks and, essentially, is all the gaps in an organisation’s security that could be compromised by a threat actor. This attack surface is increased through organisations incorporating things such as IoT technologies, migrating to the cloud and decentralising its workforce, as happened during the pandemic with many people working from home. It is essential that organisations reduce the digital attack surface, and the vulnerabilities introduced through devices connected to the internet, with technical strategies and solutions. However, the focus of cybersecurity is often on the digital attack surface and technical solutions, with less of a focus on the human aspects of cybersecurity. The human attack surface encompasses all the vulnerabilities introduced through the actions and activities of employees. These employees should be given the necessary cybersecurity awareness, training and education to reduce the human attack surface of organisations. However, it is not only employees of organisations who are online. All individuals who interact online should be cybersecurity aware and know how to reduce their own digital and human attack surfaces, or digital footprints. This paper emphasises the importance of utilising people as part of the cybersecurity defense through the cultivation of cybersecurity cultures in organisations and a cybersecurity conscious society

AIS CYBERSECURITY SYSTEM FOR REDUCING THE ATTACK SURFACE OF VOYAGE NETWORKS

U.S. Navy and commercial vessels use modern navigation technology consisting of computers and electronic systems that are highly interconnected and create a cyber terrain that is vulnerable to novel cyberattacks. Previous research proved that voyage networks are vulnerable to radio frequency attacks. One especially vulnerable component is the Automatic Identification System (AIS), a navigation and safety tool required on all vessels with a gross weight of 300 tons or greater. Previous security researchers were able to transmit data packets through the AIS receiver. The AIS blindly accepted packets as long as they followed ITU-R M.1371-5 standard protocol. This work aims to design a low-cost AIS data validation system that will reduce the attack surface of voyage networks. In this work, we leverage the NMEA-0183 and ITU-R M.1371-5 standards to implement two cybersecurity strategies, allow-listing and validating inputs, based on the quality dimensions of the data. The threat models that this security system attempts to address are contact spoofing attacks and arbitrary data injection attacks. We believe that a minimalist security system that is standalone, is not resource intensive, and can handle large volumes of AIS traffic is necessary for an effective design. The system proposed in this work fulfills these objectives. The resulting security system is implemented and validated using Python.Navy Cyber Warfare Development Group, Suitland, MDEnsign, United States NavyApproved for public release. Distribution is unlimited

A framework to detect cyber-attacks against networked medical devices (Internet of Medical Things):an attack-surface-reduction by design approach

Most medical devices in the healthcare system are not built-in security concepts. Hence, these devices' built-in vulnerabilities prone them to various cyber-attacks when connected to a hospital network or cloud. Attackers can penetrate devices, tamper, and disrupt services in hospitals and clinics, which results in threatening patients' health and life. A specialist can Manage Cyber-attacks risks by reducing the system's attack surface. Attack surface analysis, either as a potential source for exploiting a potential vulnerability by attackers or as a medium to reduce cyber-attacks play a significant role in mitigating risks. Furthermore, it is necessitated to perform attack surface analysis in the design phase. This research proposes a framework that integrates attack surface concepts into the design and development of medical devices. Devices are classified as high-risk, medium-risk, and low-risk. After risk assessment, the employed classification algorithm detects and analyzes the attack surfaces. Accordingly, the relevant adapted security controls will be prompted to hinder the attack. The simulation and evaluation of the framework is the subject of further research.</p

Reducing Attack Surface of a Web Application by Open Web Application Security Project Compliance

The attack surface of a system is the amount of application area that is exposed to the adversaries. The overall vulnerability can be reduced by reducing the attack surface of a web application. In this paper, we have considered the web components of two versions of an in-house developed project management web application and the attack surface has been calculated prior and post open web application security project (OWASP) compliance based on a security audit to determine and then compare the security of this Project Management Application. OWASP is an open community to provide free tools and guidelines for application security. It was observed that the attack surface of the software reduced by 45 per cent once it was made OWASP compliant. The vulnerable surface exposed by the code even after OWASP compliance was due to the mandatory access points left in the software to ensure accessibility over a network.Defence Science Journal, 2012, 62(5), pp.324-330, DOI:http://dx.doi.org/10.14429/dsj.62.129

Experimental investigation of the effects of aft blowing with various nozzle exit geometries on a 3.0 caliber tangent ogive at high angles of attack: Forebody pressure distributions

An experimental study of the effects of aft blowing on the asymmetric vortex flow of a slender, axisymmetric body at high angles of attack was conducted. A 3.0 caliber tangent ogive body fitted with a cylindrical afterbody was tested in a wind tunnel under subsonic, laminar flow test conditions. Asymmetric blowing from both a single nozzle and a double nozzle configuration, positioned near the body apex, was studied. Aft blowing was observed to alter the vortex asymmetry by moving the blowing-side vortex closer to the body surface while moving the non-blowing-side vortex further away from the body. The effect of increasing the blowing coefficient was to move the blowing-side vortex closer to the body surface at a more upstream location. The data also showed that blowing was more effective in altering the initial vortex asymmetry at the higher angles of attack than at the lower. The effects of changing the nozzle exit geometry were studied and it was observed that blowing from a nozzle with a low, broad exit geometry was more effective in reducing the vortex asymmetry than blowing from a high, narrow exit geometry