Security analyses for detecting deserialisation vulnerabilities : a thesis presented in partial fulfilment of the requirements for the degree of Doctor of Philosophy in Computer Science at Massey University, Palmerston North, New Zealand

An important task in software security is to identify potential vulnerabilities. Attackers exploit security vulnerabilities in systems to obtain confidential information, to breach system integrity, and to make systems unavailable to legitimate users. In recent years, particularly 2012, there has been a rise in reported Java vulnerabilities. One type of vulnerability involves (de)serialisation, a commonly used feature to store objects or data structures to an external format and restore them. In 2015, a deserialisation vulnerability was reported involving Apache Commons Collections, a popular Java library, which affected numerous Java applications. Another major deserialisation-related vulnerability that affected 55\% of Android devices was reported in 2015. Both of these vulnerabilities allowed arbitrary code execution on vulnerable systems by malicious users, a serious risk, and this came as a call for the Java community to issue patches to fix serialisation related vulnerabilities in both the Java Development Kit and libraries. Despite attention to coding guidelines and defensive strategies, deserialisation remains a risky feature and a potential weakness in object-oriented applications. In fact, deserialisation related vulnerabilities (both denial-of-service and remote code execution) continue to be reported for Java applications. Further, deserialisation is a case of parsing where external data is parsed from their external representation to a program's internal data structures and hence, potentially similar vulnerabilities can be present in parsers for file formats and serialisation languages. The problem is, given a software package, to detect either injection or denial-of-service vulnerabilities and propose strategies to prevent attacks that exploit them. The research reported in this thesis casts detecting deserialisation related vulnerabilities as a program analysis task. The goal is to automatically discover this class of vulnerabilities using program analysis techniques, and to experimentally evaluate the efficiency and effectiveness of the proposed methods on real-world software. We use multiple techniques to detect reachability to sensitive methods and taint analysis to detect if untrusted user-input can result in security violations. Challenges in using program analysis for detecting deserialisation vulnerabilities include addressing soundness issues in analysing dynamic features in Java (e.g., native code). Another hurdle is that available techniques mostly target the analysis of applications rather than library code. In this thesis, we develop techniques to address soundness issues related to analysing Java code that uses serialisation, and we adapt dynamic techniques such as fuzzing to address precision issues in the results of our analysis. We also use the results from our analysis to study libraries in other languages, and check if they are vulnerable to deserialisation-type attacks. We then provide a discussion on mitigation measures for engineers to protect their software against such vulnerabilities. In our experiments, we show that we can find unreported vulnerabilities in Java code; and how these vulnerabilities are also present in widely-used serialisers for popular languages such as JavaScript, PHP and Rust. In our study, we discovered previously unknown denial-of-service security bugs in applications/libraries that parse external data formats such as YAML, PDF and SVG

A Systematic Framework for Radio Frequency Identification (RFID) Hazard Mitigation in the Blood Transfusion Supply Chain from Donation to Distribution

The RFID Consortium is developing what will be the first FDA-approved use of radio frequency identification (RFID) technology to identify, track, manage, and monitor blood throughout the entire blood transfusion supply chain. The iTraceTM is an innovative technological system designed to optimize the procedures currently employed when tracing blood from the donor to the recipient. With all novel technologies it is essential to consider not only the advantages, but also the potential harms that may come about from using the system. The deployment of the iTraceTM consists of two phases: 1) Phase One - application of the iTraceTM from the donor to blood center distribution, and 2) Phase Two - application of the iTraceTM from blood center distribution to transfusion. This dissertation seeks to identify the possible hazards that may occur when utilizing the iTraceTM during Phase One, and to assess the mitigation and correction processes to combat these hazards. A thorough examination of verification and validation tests, as well as of the system design, requirements, and standard operating procedures was performed to qualify and quantify each hazard into specific categories of severity and likelihood. A traceability matrix was also established to link each hazard with its associated tests and/or features. Furthermore, a series of analyses were conducted to determine whether the benefits of implementing the iTraceTM outweighed the risks and whether the mitigation and correction strategies of the hazards were effective. Ultimately, this dissertation serves as a usable, generalizable framework for the management of RFID-related hazards in the blood transfusion supply chain from donor to blood center distribution

Web Based Virtual Environment For Education - S\u27cape

Simulations provide an environment to experiment safely, openly, and repeatedly for learning mastery. However, many simulation environments experienced within a classroom fail to include automated assessment components or automated data collection. Even when assessments are included, often they fail to account for the unpredictable nature of decision-making within a complex, 3D, open-ended simulation environment. Embedding assessments within a virtual simulation environment poses several challenges. First, the program must provide assessments aligned with educational requirements that will not take the learner cognitively “away” from their activities. Second, the program must not detract from the game-like experience that learners find engaging. Third, assessments should maximize the benefit of the unique capability of digital deliveries, including the ability to allow for the geographically disparate and asynchronous schedules of instructors and learners. This report addresses each of the above challenges in the context of an implementation of a simulation in a classroom environment. The simulation described in this report is designed to function as a stand-alone module to teach and evaluate core concepts of a K-12 curriculum

Regulation 61-7 emergency medical services

This regulation defines various terms related to emergency medical services. It also outlines the requirements for licensure in emergency medical services. It states that only an entity can provide emergency medical response or ambulance services by obtaining a license and ambulance permit from the Department of Health and Environmental Control

Exploring the Hinterland: The Development of a Person-Centered Music Therapy Method for a Hospice Patient with Lewy Body Dementia

This thesis explores the development and implementation of a music therapy method with an individual diagnosed with dementia with Lewy Bodies (DLB) receiving home hospice services. There is very little known about the effect of music therapy on patients diagnosed with DLB. Informed by Tom Kitwood’s Person-Centered Care (PCC) philosophy for dementia care, Yumiko Sato’s Musical Life Review (MLR) model, and Lisa Kelly and Bill Ahessy’s Reminiscence-Focused Music Therapy (RFMT) model, a clinical method was developed to explore the effects of person-centered music therapy on reminiscence, caregiver connection, and identity. I drew inspiration from music therapy concepts by Tony Wigram as well as Hanne Mette Ochsner Ridder’s utilization of acoustic cueing with patients with dementia. Over a period of five weeks, I conducted five sessions each lasting forty-five minutes to an hour. Data were collected in the form of personal reflections and summaries of the method technique as well as recorded musical reflections. Inductive analysis was carried out for each reflection and summary. Themes from reflections and summaries were cross referenced with Tom Kitwood’s flower of psychological needs to further observe what occurred and assess how the method functioned within the PCC framework. Results suggest that person-centered music therapy can assist in promoting reminiscence, addressing psychological needs, and creating connection with a caregiver. In addition, the act of simple reminiscence allowed for the preservation of participant identity and personhood, and empowered him to hold and share his own lived experiences

A Model-Based Abstraction Layer for Heterogeneous SDN Applications

Modern controllers for software-defined networks (SDN) enable the execution of arbitrary SDN applications (eg, Network Address Translation (NAT), traffic monitors) that may be exploited by an overarching set of services (eg, application-layer orchestrators) to build even richer services. To this purpose, the above overarching services require a mechanism that allows reading the run-time state and writing the configuration of arbitrary SDN applications, possibly through a uniform API. Unfortunately, most SDN applications are not designed/implemented by taking into account the possibility to be used as part of higher level service workflows (eg, a complex intrusion prevention system that leverages multiple elementary services as individual components), hence they may not provide an adequate interface that would allow overarching services to exploit their features. This paper addresses this problem by proposing an approach to represent the run-time state of arbitrary applications, where data are exported according to high-level model-based structures. Furthermore, the mapping from the high-level data model to the actual data representation within the SDN application is enabled by a suite of algorithms that are generic enough to operate independently of the actual source code of the application, thus avoiding undesired and invasive modifications to existing applications. The paper also presents a software framework and a prototype implementing the proposed approach, characterizes the resulting performance, and discusses pros and cons of the proposed approach

Task Planning and Execution for Human Robot Team Performing a Shared Task in a Shared Workspace

A cyber-physical system is developed to enable a human-robot team to perform a shared task in a shared workspace. The system setup is suitable for the implementation of a tabletop manipulation task, a common human-robot collaboration scenario. The system integrates elements that exist in the physical (real) and the virtual world. In this work, we report the insights we gathered throughout our exploration in understanding and implementing task planning and execution for human-robot team