On building a dynamic security vulnerability detection system using program monitoring technique

This thesis presents a dynamic security vulnerability detection framework that sets up an infrastructure for automatic security testing of Free and Open Source Software (FOSS) projects. It makes three contributions to the design and implementation of a dynamic vulnerability detection system. Firstly, a mathematical model called Team Edit Automata is defined and implemented for security property specification. Secondly, an automatic code instrumentation tool is designed and implemented by extending the GNU Compiler Collection (GCC). The extension facilitates seamless integration of code instrumentation into FOSS projects' existing build system. Thirdly, a dynamic vulnerability detection system is prototyped to integrate the aforementioned two techniques. Experiments with the system are elaborated to automatically build, execute, and detect vulnerabilities of FOSS projects. Overall, this research demonstrates that monitoring program with Team Edit Automata can effectively detect security property violation

A Hybrid Framework for the Systematic Detection of Software Security Vulnerabilities in Source Code

In this thesis, we address the problem of detecting vulnerabilities in software where the source code is available, such as free-and-open-source software. In this, we rely on the use of security testing. Either static or dynamic analysis can be used for security testing approaches, yet both analyses have their advantages and drawbacks. In fact, while these analyses are different, they are complementary to each other in many ways. Consequently, approaches that would combine these analyses have the potential of becoming very advantageous to security testing and vulnerability detection. This has motivated the work presented in this thesis. For the purpose of security testing, security analysts need to specify the security properties that they wish to test software against for security violations. Accordingly, we firstly propose a security model called Team Edit Automata (TEA), which extends security automata. Using TEA, security analysts are capable of precisely specifying the security properties under concerns. Since various code instrumentations are needed at different program points for the purpose of profiling the software behavior at run-time, we secondly propose a code instrumentation profiler. Furthermore, we provide an extension to the GCC compiler to enable such instrumentations. The profiler is based on the pointcut model of Aspect-Oriented Programming (AOP) languages and accordingly it is capable of providing a large set of instrumentation capabilities to the analysts. We particularly explore the capabilities and the current limitations of AOP languages as tools for security testing code instrumentation, and propose extensions to these languages to allow them to be used for such purposes. Thirdly, we explore the potential of static analysis for vulnerability detection and illustrate its applicability and limitations. Fourthly, we propose a framework that reduces security vulnerability detection to a reachability problem. The framework combines three main techniques: static analysis, program slicing, and reachability analysis. This framework mainly targets software applications that are generally categorized as being safety/security critical, and are of relatively small sizes, such as embedded software. Finally, we propose a more comprehensive security testing and test-data generation framework that provides further advantages over the proposed reachability model. This framework combines the power of static and dynamic analyses, and is used to generate concrete data, with which the existence of a vulnerability is proven beyond doubt, hence mitigating major drawbacks of static analysis, namely false positives. We also illustrate the feasibility of the elaborated frameworks by developing case studies for test-data generation and vulnerability detection on various-size software

A Hybrid Framework for the Systematic Detection of Software Security Vulnerabilities in Source Code

In this thesis, we address the problem of detecting vulnerabilities in software where the source code is available, such as free-and-open-source software. In this, we rely on the use of security testing. Either static or dynamic analysis can be used for security testing approaches, yet both analyses have their advantages and drawbacks. In fact, while these analyses are different, they are complementary to each other in many ways. Consequently, approaches that would combine these analyses have the potential of becoming very advantageous to security testing and vulnerability detection. This has motivated the work presented in this thesis. For the purpose of security testing, security analysts need to specify the security properties that they wish to test software against for security violations. Accordingly, we firstly propose a security model called Team Edit Automata (TEA), which extends security automata. Using TEA, security analysts are capable of precisely specifying the security properties under concerns. Since various code instrumentations are needed at different program points for the purpose of profiling the software behavior at run-time, we secondly propose a code instrumentation profiler. Furthermore, we provide an extension to the GCC compiler to enable such instrumentations. The profiler is based on the pointcut model of Aspect-Oriented Programming (AOP) languages and accordingly it is capable of providing a large set of instrumentation capabilities to the analysts. We particularly explore the capabilities and the current limitations of AOP languages as tools for security testing code instrumentation, and propose extensions to these languages to allow them to be used for such purposes. Thirdly, we explore the potential of static analysis for vulnerability detection and illustrate its applicability and limitations. Fourthly, we propose a framework that reduces security vulnerability detection to a reachability problem. The framework combines three main techniques: static analysis, program slicing, and reachability analysis. This framework mainly targets software applications that are generally categorized as being safety/security critical, and are of relatively small sizes, such as embedded software. Finally, we propose a more comprehensive security testing and test-data generation framework that provides further advantages over the proposed reachability model. This framework combines the power of static and dynamic analyses, and is used to generate concrete data, with which the existence of a vulnerability is proven beyond doubt, hence mitigating major drawbacks of static analysis, namely false positives. We also illustrate the feasibility of the elaborated frameworks by developing case studies for test-data generation and vulnerability detection on various-size software

Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective

Rapid advances in human genomics are enabling researchers to gain a better understanding of the role of the genome in our health and well-being, stimulating hope for more effective and cost efficient healthcare. However, this also prompts a number of security and privacy concerns stemming from the distinctive characteristics of genomic data. To address them, a new research community has emerged and produced a large number of publications and initiatives. In this paper, we rely on a structured methodology to contextualize and provide a critical analysis of the current knowledge on privacy-enhancing technologies used for testing, storing, and sharing genomic data, using a representative sample of the work published in the past decade. We identify and discuss limitations, technical challenges, and issues faced by the community, focusing in particular on those that are inherently tied to the nature of the problem and are harder for the community alone to address. Finally, we report on the importance and difficulty of the identified challenges based on an online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies (PoPETs), Vol. 2019, Issue

Protection against overflow attacks

Buffer overflow happens when the runtime process loads more data into the buffer than its design capacity. Bad programming style and lack of security concern cause overflow vulnerabilities in almost all applications on all the platforms;Buffer overflow attack can target any data in stack or heap. The current solutions ignore the overflowed targets other than return address. Function pointer, for example, is a possible target of overflow attack. By overflowing the function pointer in stack or heap, the attacker could redirect the program control flow when the function pointer is dereferenced to make a function call. To address this problem we implemented protection against overflow attacks targeting function pointers. During compiling phase, our patch collects the set of the variables that might change the value of function pointers at runtime. During running phase, the set is protected by encryption before the value is saved in memory and decryption before the value is used. The function pointer protection will cover all the overflow attacks targeting function pointers;To further extend the protection to cover all possible overflowing targets, we implemented an anomaly detection which checks the program runtime behavior against control flow checking automata. The control flow checking automata are derived from the source codes of the application. A trust value is introduced to indicate how well the runtime program matches the automata. The attacks modifying the program behavior within the source codes could be detected;Both function pointer protection and control flow checking are compiler patches which require the access to source codes. To cover buffer overflow attack and enforce security policies regardless of source codes, we implemented a runtime monitor with stream automata. Stream automata extend the concept of security automata and edit automata. The monitor works on the interactions between two virtual entities: system and program. The security policies are expressed in stream automata which perform Truncation, Suppression, Insertion, Metamorphosis, Forcing, and Two-Way Forcing on the interactions. We implement a program/operating system monitor to detect overflow attack and a local network/Internet monitor to enforce honeywall policies

Understanding Flaws in the Deployment and Implementation of Web Encryption

In recent years, the web has switched from using the unencrypted HTTP protocol to using encrypted communications. Primarily, this resulted in increasing deployment of TLS to mitigate information leakage over the network. This development has led many web service operators to mistakenly think that migrating from HTTP to HTTPS will magically protect them from information leakage without any additional effort on their end to guar- antee the desired security properties. In reality, despite the fact that there exists enough infrastructure in place and the protocols have been “tested” (by virtue of being in wide, but not ubiquitous, use for many years), deploying HTTPS is a highly challenging task due to the technical complexity of its underlying protocols (i.e., HTTP, TLS) as well as the complexity of the TLS certificate ecosystem and this of popular client applications such as web browsers. For example, we found that many websites still avoid ubiquitous encryption and force only critical functionality and sensitive data access over encrypted connections while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality to third parties. Thus, it is crucial for developers to verify the correctness of their deployments and implementations. In this dissertation, in an effort to improve users’ privacy, we highlight semantic flaws in the implementations of both web servers and clients, caused by the improper deployment of web encryption protocols. First, we conduct an in-depth assessment of major websites and explore what functionality and information is exposed to attackers that have hijacked a user’s HTTP cookies. We identify a recurring pattern across websites with partially de- ployed HTTPS, namely, that service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-secure cookies. Our cookie hijacking study reveals a number of severe flaws; for example, attackers can obtain the user’s saved address and visited websites from e.g., Google, Bing, and Yahoo allow attackers to extract the contact list and send emails from the user’s account. To estimate the extent of the threat, we run measurements on a university public wireless network for a period of 30 days and detect over 282K accounts exposing the cookies required for our hijacking attacks. Next, we explore and study security mechanisms purposed to eliminate this problem by enforcing encryption such as HSTS and HTTPS Everywhere. We evaluate each mechanism in terms of its adoption and effectiveness. We find that all mechanisms suffer from implementation flaws or deployment issues and argue that, as long as servers continue to not support ubiquitous encryption across their entire domain, no mechanism can effectively protect users from cookie hijacking and information leakage. Finally, as the security guarantees of TLS (in turn HTTPS), are critically dependent on the correct validation of X.509 server certificates, we study hostname verification, a critical component in the certificate validation process. We develop HVLearn, a novel testing framework to verify the correctness of hostname verification implementations and use HVLearn to analyze a number of popular TLS libraries and applications. To this end, we found 8 unique violations of the RFC specifications. Several of these violations are critical and can render the affected implementations vulnerable to man-in-the-middle attacks

UI Construction for a Web-Based IDE on an Industrial IoT System

ABB as one of the leading power and automation company is connecting millions of electrical devices and systems to industrial internet of things called ABB Ability(TM). ABB Ability(TM) is refining the measured real-time data with calculations to additional soft sensors signals and Key Performance Indicators (KPIs) at the various levels from the system edges to central cloud. The engineering of the calculations requires web based Integrated Development Environment (IDE) that provides good developer experience for the subject matter experts to be productive in their work. This thesis aims to construct a user interface for ABB calculation engine that will help subject matter expert to work on the calculation engine more efficiently. As the output of this thesis work, a web-based IDE is developed on top of ABB's internal front end dashboard framework. The developed user interface lets user to operate the calculation engine more efficiently and follows their natural work flow

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India