Towards a Type System for Security APIs

Abstract. Security API analysis typically only considers a subset of an API’s functions, with results bounded by the number of function calls. Furthermore, attacks involving partial leakage of sensitive information are usually not covered. Type-based static analysis has the potential to alleviate these shortcomings. To that end, we present a type system for secure information flow based upon the one of Volpano, Smith and Irvine [1], extended with types for cryptographic keys and ciphertext similar to those in Sumii and Pierce [2]. In contrast to some other type systems, the encryption and decryption of keys does not require special treatment. We show that a well-typed sequence of commands is non-interferent, based upon a definition of indistinguishability where, in certain circumstances, the adversary can distinguish between ciphertexts that correspond to encrypted public data.

Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers

In this paper, we present a black-box attack against API call based machine learning malware classifiers, focusing on generating adversarial sequences combining API calls and static features (e.g., printable strings) that will be misclassified by the classifier without affecting the malware functionality. We show that this attack is effective against many classifiers due to the transferability principle between RNN variants, feed forward DNNs, and traditional machine learning classifiers such as SVM. We also implement GADGET, a software framework to convert any malware binary to a binary undetected by malware classifiers, using the proposed attack, without access to the malware source code.Comment: Accepted as a conference paper at RAID 201

A cloud robotics architecture for an emergency management and monitoring service in a smart cityenvironment

Cloud robotics is revolutionizing not only the robotics industry but also the ICT world, giving robots more storage and computing capacity, opening new scenarios that blend the physical to the digital world. In this vision new IT architectures are required to manage robots, retrieve data from them and create services to interact with users. In this paper a possible implementation of a cloud robotics architecture for the interaction between users and UAVs is described. Using the latter as monitoring agents, a service for fighting crime in urban environment is proposed, making one step forward towards the idea of smart cit