An aspect-oriented framework for systematic security hardening of software

In this thesis, we address the problems related to the security hardening of open source software. Accordingly, we first propose an aspect-oriented and pattern-based approach for systematic security hardening. It is based on the full separation between the roles and duties of the security experts and the developers performing the hardening. Such proposition constitutes a bridge that allows the security experts to provide the best solutions to particular security problems with the details on why, how and where to apply them. Moreover, it allows the developers to use these solutions to harden open source software without the need to have high security expertise. We realize the proposed approach by elaborating a programming independent and aspect-oriented based language for security hardening called SHL, developing its corresponding parser, compiler and facilities and integrating all of them into a framework for software security hardening. We also illustrate the feasibility of the elaborated framework by developing several security hardening case studies that deal with known security requirements and vulnerabilities and applying them on large scale software. Second, we enrich SHL and the aspect-oriented languages with new pointcut and primitive constructs ( GAFlow, GDFlow, ExportParameter and ImportParameter ) that provide features missing in the current AOP proposals and needed for systematic security hardening concerns. We also explore the viability of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies. Finally, we improve the proposed framework by proposing a new approach for applying security hardening on the Gimple representation of software and elaborating formal syntax for SHL and Gimple together with an operational semantics for SHL weaving based on Gimple. We realize our proposition by integrating into the GCC compiler few features described in the SHL weaving semantics and developing a demonstrative case stud

Capacidades Técnicas, legales y de gestión para equipos BlueTeam y RedTeam

El desarrollo del informe se centra en las distintas estrategias de ciberseguridad adoptadas por los equipos Red Team y Blue Team para garantizar la seguridad de los activos de información de una organización, con la ayuda de un escenario simulado en el que una organización denominada “The WiteHouse Security” decide conformar un equipo Red Team & Blue Team con el fin de incrementar los protocolos de seguridad al interior de esta. El primer momento empieza con la evaluación de las acciones de los equipos Red Team & Blue Team de una organización en el marco de los criterios éticos y legales, para lo cual se hará el análisis de las cláusulas de un contrato y un acuerdo de confidencialidad en busca de elementos que vallan en contra de los estamentos legales y de ética profesional vigentes en el país. Posteriormente, se abordan las tareas propias de un equipo Red Team mediante un primer escenario en el que es necesario a través de la ejecución de pruebas de intrusión identificar un fallo de seguridad por medio del cual se está produciendo una fuga de información al interior de una organización; para luego proceder a un segundo escenario, en el que desde la perspectiva de un equipo Blue Team, se realizará la contención del ataque informático que se produjo en el escenario anterior. Por último, se expondrán las recomendaciones y conclusiones relacionadas con los hallazgos más relevantes como producto de la realización de las distintas actividades que hacen parte de cada una de las etapas que conforman el seminario especializado.The development of the report focuses on the different cybersecurity strategies adopted by the Red Team and Blue Team to ensure the security of the information assets of an organization, with the help of a simulated scenario in which an organization called "The WiteHouse Security" decides to form a Red Team & Blue Team in order to increase the security protocols within it. The first step begins with the evaluation of the actions of the Red Team & Blue Team of an organization within the framework of ethical and legal criteria, for which the clauses of a contract and a confidentiality agreement will be analyzed in search of elements that go against the legal and professional ethics standards in force in the country. Subsequently, the tasks of a Red Team are addressed through a first scenario in which it is necessary, through the execution of intrusion tests, to identify a security breach through which an information leak is occurring within an organization; and then proceed to a second scenario, in which, from the perspective of a Blue Team, the containment of the computer attack that occurred in the previous scenario will be carried out. Finally, recommendations and conclusions related to the most relevant findings as a result of the different activities that are part of each of the stages that make up the specialized seminar will be presented

Capacidades técnicas, legales y de gestión para equipos BlueTeam y RedTeam

La primera fase del trabajo realizado inicia con la examinación de las acciones en los equipos de Red Team y Blue Team dentro de una institución en los aspectos éticos y legales, con lo que se hará una interpretación de las cláusulas del contrato que tengan irregularidades y en busca de elementos que no convengan dentro de las leyes nacionales e internacionales en materia de seguridad informática. Consecuentemente a esto, se hace un abordaje de tareas que contiene un equipo Red Team a partir de una situación problema en la que se hace necesaria la ejecución de pentesting para hacer un análisis de fallos de seguridad a través de los cuales se producen fugas de información dentro de una institución y luego se procede a una segunda situación en la que desde el punto de vista de un Blue Team, se ejecutan contenciones para este ataque informático simulado. Finalmente se hacen recomendaciones en relación a los hallazgos relevantes que producen la realización de estas distintas actividades mencionadas anteriormente.The first phase of these developments begins with the examination of the actions in the Red Team and Blue Team teams within an institution in ethical and legal aspects, with which an interpretation of the contract clauses that have irregularities and in Search for elements that do not agree within national and international laws on computer security. Consequently, a task approach is made that contains a Red Team from a problem situation in which the execution of pentesting is necessary to perform an analysis of security failures through which information leaks occur. within an institution and then proceed to a second situation in which from the point of view of a Blue Team, containments are executed for this simulated cyber attack. Finally, recommendations are made in relation to the relevant findings that produce the performance of these different activities mentioned above

From distributed coordination to field calculus and aggregate computing

open6siThis work has been partially supported by: EU Horizon 2020 project HyVar (www.hyvar-project .eu), GA No. 644298; ICT COST Action IC1402 ARVI (www.cost -arvi .eu); Ateneo/CSP D16D15000360005 project RunVar (runvar-project.di.unito.it).Aggregate computing is an emerging approach to the engineering of complex coordination for distributed systems, based on viewing system interactions in terms of information propagating through collectives of devices, rather than in terms of individual devices and their interaction with their peers and environment. The foundation of this approach is the distillation of a number of prior approaches, both formal and pragmatic, proposed under the umbrella of field-based coordination, and culminating into the field calculus, a universal functional programming model for the specification and composition of collective behaviours with equivalent local and aggregate semantics. This foundation has been elaborated into a layered approach to engineering coordination of complex distributed systems, building up to pragmatic applications through intermediate layers encompassing reusable libraries of program components. Furthermore, some of these components are formally shown to satisfy formal properties like self-stabilisation, which transfer to whole application services by functional composition. In this survey, we trace the development and antecedents of field calculus, review the field calculus itself and the current state of aggregate computing theory and practice, and discuss a roadmap of current research directions with implications for the development of a broad range of distributed systems.embargoed_20210910Viroli, Mirko; Beal, Jacob; Damiani, Ferruccio; Audrito, Giorgio; Casadei, Roberto; Pianini, DaniloViroli, Mirko; Beal, Jacob; Damiani, Ferruccio; Audrito, Giorgio; Casadei, Roberto; Pianini, Danil

Vulnerability Identification on GNU/Linux Operating Systems through Case-Based Reasoning

Operating system security has been steadily evolving over the years. Several mechanisms, softwares and guides of best practices of configuration have been developed to contribute with the security of such systems. The process that makes an operating system safer by considering the default level obtained at the installation is known as hardening. Experience and technical knowledge are important attributes for the professional performing this process. In this context, automated rule-based tools are often used to assist professionals with little experience in vulnerability identification activities. However, the use of rules establishes a dependency on developers for the development of new rules as well as to keep them updated. Failure to update rules can significantly compromise the integrity of vulnerability identification results. In this paper, the Case-Based Reasoning (CBR) technique is used to improve tools that assist inexperienced professionals in conducting vulnerability identification activities. The purpose of using CBR is to make inexperienced professionals obtain similar results as experienced professionals. In addition, the dependence on rule developers is diminished. A prototype was developed considering the GNU/Linux system in order to carry out an experimental evaluation. This evaluation demonstrated that the application of CBR improves the performance of inexperienced professionals in terms of the number of identified vulnerabilities

A Hybrid Framework for the Systematic Detection of Software Security Vulnerabilities in Source Code

In this thesis, we address the problem of detecting vulnerabilities in software where the source code is available, such as free-and-open-source software. In this, we rely on the use of security testing. Either static or dynamic analysis can be used for security testing approaches, yet both analyses have their advantages and drawbacks. In fact, while these analyses are different, they are complementary to each other in many ways. Consequently, approaches that would combine these analyses have the potential of becoming very advantageous to security testing and vulnerability detection. This has motivated the work presented in this thesis. For the purpose of security testing, security analysts need to specify the security properties that they wish to test software against for security violations. Accordingly, we firstly propose a security model called Team Edit Automata (TEA), which extends security automata. Using TEA, security analysts are capable of precisely specifying the security properties under concerns. Since various code instrumentations are needed at different program points for the purpose of profiling the software behavior at run-time, we secondly propose a code instrumentation profiler. Furthermore, we provide an extension to the GCC compiler to enable such instrumentations. The profiler is based on the pointcut model of Aspect-Oriented Programming (AOP) languages and accordingly it is capable of providing a large set of instrumentation capabilities to the analysts. We particularly explore the capabilities and the current limitations of AOP languages as tools for security testing code instrumentation, and propose extensions to these languages to allow them to be used for such purposes. Thirdly, we explore the potential of static analysis for vulnerability detection and illustrate its applicability and limitations. Fourthly, we propose a framework that reduces security vulnerability detection to a reachability problem. The framework combines three main techniques: static analysis, program slicing, and reachability analysis. This framework mainly targets software applications that are generally categorized as being safety/security critical, and are of relatively small sizes, such as embedded software. Finally, we propose a more comprehensive security testing and test-data generation framework that provides further advantages over the proposed reachability model. This framework combines the power of static and dynamic analyses, and is used to generate concrete data, with which the existence of a vulnerability is proven beyond doubt, hence mitigating major drawbacks of static analysis, namely false positives. We also illustrate the feasibility of the elaborated frameworks by developing case studies for test-data generation and vulnerability detection on various-size software

A Hybrid Framework for the Systematic Detection of Software Security Vulnerabilities in Source Code

In this thesis, we address the problem of detecting vulnerabilities in software where the source code is available, such as free-and-open-source software. In this, we rely on the use of security testing. Either static or dynamic analysis can be used for security testing approaches, yet both analyses have their advantages and drawbacks. In fact, while these analyses are different, they are complementary to each other in many ways. Consequently, approaches that would combine these analyses have the potential of becoming very advantageous to security testing and vulnerability detection. This has motivated the work presented in this thesis. For the purpose of security testing, security analysts need to specify the security properties that they wish to test software against for security violations. Accordingly, we firstly propose a security model called Team Edit Automata (TEA), which extends security automata. Using TEA, security analysts are capable of precisely specifying the security properties under concerns. Since various code instrumentations are needed at different program points for the purpose of profiling the software behavior at run-time, we secondly propose a code instrumentation profiler. Furthermore, we provide an extension to the GCC compiler to enable such instrumentations. The profiler is based on the pointcut model of Aspect-Oriented Programming (AOP) languages and accordingly it is capable of providing a large set of instrumentation capabilities to the analysts. We particularly explore the capabilities and the current limitations of AOP languages as tools for security testing code instrumentation, and propose extensions to these languages to allow them to be used for such purposes. Thirdly, we explore the potential of static analysis for vulnerability detection and illustrate its applicability and limitations. Fourthly, we propose a framework that reduces security vulnerability detection to a reachability problem. The framework combines three main techniques: static analysis, program slicing, and reachability analysis. This framework mainly targets software applications that are generally categorized as being safety/security critical, and are of relatively small sizes, such as embedded software. Finally, we propose a more comprehensive security testing and test-data generation framework that provides further advantages over the proposed reachability model. This framework combines the power of static and dynamic analyses, and is used to generate concrete data, with which the existence of a vulnerability is proven beyond doubt, hence mitigating major drawbacks of static analysis, namely false positives. We also illustrate the feasibility of the elaborated frameworks by developing case studies for test-data generation and vulnerability detection on various-size software

Analizando el nivel de seguridad del entorno de Android

En este trabajo se realizó una investigación de la seguridad en los dispositivos móviles. Primero, se realizó un estudio de los dispositivos móviles, buscando las causas por las cuales se volvieron protagonistas en esta época, canalizando el foco en los smartphones. Luego se continuó con un análisis de la seguridad en smartphones, presentando varias vulnerabilidades y amenazas; esto sirve para justificar el estudio en esta área y para plantear la definición del problema. El trabajo continúa con una muestra de lo que es el sistema operativo Android, presentando: un panorama general del proyecto, su arquitectura dividida en capas (describiendo cada una) y la descripción de su entorno de desarrollo. Luego, se exponen las medidas de seguridad que provee Android para contrarrestar las amenazas junto con la mención de algunas vulnerabilidades. Luego, se prosigue presentando pruebas concretas y prácticas de algunas vulnerabilidades presentes, con la finalidad de demostrar que existen motivos para mejorar. En la última parte se proponen mejoras, presentando sugerencias, aplicaciones de terceros que pueden contribuir en la seguridad y la aplicación de conceptos de seguridad en un desarrollo simple a modo de demostración.Facultad de Informátic

Model-Driven Aspect-Oriented Software Security Hardening

Security is of paramount importance in software engineering. Nevertheless, security solutions are generally fitted into existing software as an afterthought phase of the development process. However, given the complexity and the pervasiveness of today's software systems, adding security as an afterthought leads to huge cost in retrofitting security into the software and further can introduce additional vulnerabilities. Furthermore, security is a crosscutting concern that pervades the entire software. Consequently, the manual addition of security solutions may result in the scattering and the tangling of security features throughout the entire software design. Additionally, adding security manually is tedious and generally may lead to other security flaws. In this context, the need for a systematic approach to integrate security practices into the early phases of the software development process becomes crucial. In this thesis, we elaborate an aspect-oriented modeling framework for software security hardening at the UML design level. More precisely, the main contributions of our research are the following: (i) We define a UML profile for the specification of security hardening mechanisms as aspects. (ii) We design and implement a weaving framework for the systematic injection of security aspects into UML design models. (iii) We explore the theoretical foundations for aspect matching and weaving. (iv) We conduct real-life case studies to demonstrate the viability and the scalability of the proposed framework