Distributed Programming of Smart Systems with Event-Condition-Action Rules (Short Paper)

In recent years, event-driven programming languages, e.g. those based on Event Condition Action (ECA) rules, have emerged as a promising paradigm for implementing smart systems, such as IoT devices. Still, actual implementations are bound to a centralized infrastructure, limiting scalability and security. In this work, we present attribute-based memory updates (AbU), a new interaction mechanism aiming to extend the ECA programming paradigm to distributed systems. It relies on attribute-based communication, that is similar to broadcast, but receivers are selected "on the fly" by means of predicates over their attributes. With AbU, smart devices can be easily programmed via ECA rules and, at the same time, they can be deployed to a distributed network. Hence, a centralized infrastructure is not needed anymore: the computation is moved on the edge, improving reliability, scalability, privacy and security

Software Watermarking: A Semantics-based Approach

Software watermarking is a defence technique used to prevent software piracy by embedding a signature, i.e., an identifier reliably representing the owner, in the code. When an illegal copy is made, the ownership can be claimed by extracting this identifier. The signature has to be hidden inside the program and it has to be difficult for an attacker to detect, tamper or remove it. In this paper we show how the ability of the attacker to identify the signature can be modelled in the framework of abstract interpretation as a completeness property. We view attackers as abstract interpreters that can precisely observe only the properties for which they are complete. In this setting, hiding a signature in the code corresponds to inserting it in terms of a semantic property that can be retrieved only by attackers that are complete for it. Indeed, any abstract interpreter that is not complete for the property specifying the signature cannot detect, tamper or remove it. The goal of this work is to introduce a formal framework for the modelling, at a semantic level, of software watermarking techniques and their quality features

Semantics-based software watermarking by abstract interpretation

Software watermarking is a software protection technique used to defend the intellectual property of proprietary code. In particular, software watermarking aims at preventing software piracy by embedding a signature, i.e. an identier reliably representing the owner, in the code. When an illegal copy is made, the owner can claim his/her identity by extracting the signature. It is important to hide the signature in the program in order to make it dicult for the attacker to detect, tamper or remove it. In this work we present a formal framework for software watermarking, based on program semantics and abstract interpretation, where attackers are modeled as abstract interpreters. In this setting we can prove that the ability to identify signatures can be modeled as a completeness property of the attackers in the abstract interpretation framework. Indeed, hiding a signature in the code corresponds to embed it as a semantic property that can be retrieved only by attackers that are complete for it. Any abstract interpreter that is not complete for the property specifying the signature cannot detect, tamper or remove it. We formalize in the proposed framework the major quality features of a software watermarking technique: secrecy, resilience, transparence and accuracy. This provides an unifying framework for interpreting both watermarking schemes and attacks, and it allows us to formally compare the quality of dierent watermarking techniques. Indeed, a large number of watermarking techniques exist in the literature and they are typically evaluated with respect to their secrecy, resilience, transparence and accuracy to attacks. Formally identifying the attacks for which a watermarking scheme is secret, resilient, transparent or accurate can be a complex and error-prone task, since attacks and watermarking schemes are typically dened in dierent settings and using dierent languages (e.g. program transformation vs. program analysis), complicating the task of comparing one against the others

Hyper Static Analysis of Programs - An Abstract Interpretation-Based Framework for Hyperproperties Verification

In the context of systems security, information flows play a central role. Unhandled information flows potentially leave the door open to very dangerous types of security attacks, such as code injection or sensitive information leakage. Information flows verification is based on a notion of dependency between a system\u2019s objects, which requires specifications expressing relations between different executions of a system. Specifications of this kind, called hyperproperties, go beyond classic trace properties, defined in terms of predicate over single executions. The problem of trace properties verification is well studied, both from a theoretical as well as a practical point of view. Unfortunately, very few works deal with the verification of hyperproperties. Note that hyperproperties are not limited to information flows. Indeed, a lot of other important problems can be modeled through hyperproperties only: processes synchronization, availability requirements, integrity issues, error resistant codes check, just to name a few. The sound verification of hyperproperties is not trivial: it is not easy to adapt classic verification methods, used for trace properties, in order to deal with hyperproperties. The added complexity derives from the fact that hyperproperties are defined over sets of sets of executions, rather than sets of executions, as happens for trace properties. In general, passing to powersets involves many problems, from a computability point of view, and this is the case also for systems verification. In this thesis, it is explored the problem of hyperproperties verification in its theoretical and practical aspects. In particular, the aim is to extend verification methods used for trace properties to the more general case of hyperproperties. The verification is performed exploiting the framework of abstract interpretation, a very general theory for approximating the behavior of discrete dynamic systems. Apart from the general setting, the thesis focuses on sound verification methods, based on static analysis, for computer programs. As a case study \u2013 which is also a leading motivation \u2013 the verification of information flows specifications has been taken into account, in the form of Non-Interference and Abstract Non-Interference. The second is a weakening of the first, useful in the context where Non-Interference is a too restrictive specification. The results of the thesis have been implemented in a prototype analyzer for (Abstract) Non-Interference which is, to the best of the author\u2019s knowledge, the first attempt to implement a sound verifier for that specification(s), based on abstract interpretation and taking into account the expressive power of hyperproperties

Automated Black-box Testing of Mass Assignment Vulnerabilities in RESTful APIs

Mass assignment is one of the most prominent vulnerabilities in RESTful APIs that originates from a misconfiguration in common web frameworks. This allows attackers to exploit naming convention and automatic binding to craft malicious requests that (massively) override data supposed to be read-only.In this paper, we adopt a black-box testing perspective to automatically detect mass assignment vulnerabilities in RESTful APIs. Indeed, execution scenarios are generated purely based on the OpenAPI specification, that lists the available operations and their message format. Clustering is used to group similar operations and reveal read-only fields, the latter are candidates for mass assignment. Then, test interaction sequences are automatically generated by instantiating abstract testing templates, with the aim of trying to use the found read-only fields to carry out a mass assignment attack. Test interactions are run, and their execution is assessed by a specific oracle, in order to reveal whether the vulnerability could be successfully exploited.The proposed novel approach has been implemented and evaluated on a set of case studies written in different programming languages. The evaluation highlights that the approach is quite effective in detecting seeded vulnerabilities, with a remarkably high accuracy

Securing Cross-App Interactions in IoT Platforms

IoT platforms enable users connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored. This paper proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The frame- work generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies in the context security and safety of IoT apps. To demonstrate the usefulness of our framework, we define static mechanisms for enforcing cross- app security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benefits of our policy framework

A semantics-based approach to software watermarking by abstract interpretation

Software watermarking is a defence technique used to prevent software piracy by embedding a signature in the code. When an illegal copy is made, the ownership can be claimed by extracting the signature. The signature has to be hidden inside the code and it has to be difficult for an attacker to detect, tamper or remove it. In this paper we show how the ability of the attacker to identify the signature can be modelled in the framework of abstract interpretation as a completeness property. We view attackers as abstract interpreters that can precisely observe only the properties for which they are complete. In this setting, hiding a signature in the code corresponds to insert it in terms of a semantic property that can be retrieved only by attackers that are complete for it. Indeed, any abstract interpreter that is not complete for the property specifying the signature cannot detect, tamper or remove it

Protective effect of procyanidin-rich grape seed extract against Gram-negative virulence factors

Biofilm formation and lipopolysaccharide (LPS) are implicated in the pathogenesis of gastrointestinal (GI) diseases caused by Gram-negative bacteria. Grape seeds, wine industry by-products, have antioxidant and antimicrobial activity. In the present study, the protective effect of procyanidin-rich grape seed extract (prGSE), from unfermented pomace of Vitis vinifera L. cv Bellone, on bacterial LPS-induced oxidative stress and epithelial barrier integrity damage has been studied in a model of Caco-2 cells. The prGSE was characterized at the molecular level using HPLC and NMR. The in vitro activity of prGSE against formation of biofilm of Salmonella enterica subsp. enterica serovar Typhimurium and Escherichia coli was investigated. In vivo, prGSE activity using infected Galleria mellonella larvae has been evaluated. The results show that the prGSE, if administered with LPS, can significantly reduce the LPS-induced permeability alteration. Moreover, the ability of the extract to prevent Reactive Oxygen Species (ROS) production induced by the LPS treatment of Caco-2 cells was demonstrated. prGSE inhibited the biofilm formation of E. coli and S. Typhimurium. In terms of in vivo activity, an increase in survival of infected G. mellonella larvae after treatment with prGSE was demonstrated. In conclusion, grape seed extracts could be used to reduce GI damage caused by bacterial endotoxin and biofilms of Gram-negative bacteria

Exposure to Gastric Acid Inhibitors Increases the Risk of Infection in Preterm Very Low Birth Weight Infants but Concomitant Administration of Lactoferrin Counteracts This Effect

Objective: To investigate whether exposure to inhibitors of gastric acidity, such as H2 blockers or proton pump inhibitors, can independently increase the risk of infections in very low birth weight (VLBW) preterm infants in the neonatal intensive care unit. Study design: This is a secondary analysis of prospectively collected data from a multicenter, randomized controlled trial of bovine lactoferrin (BLF) supplementation (with or without the probiotic Lactobacillus rhamnosus GG) vs placebo in prevention of late-onset sepsis (LOS) and necrotizing enterocolitis (NEC) in preterm infants. Inhibitors of gastric acidity were used at the recommended dosages/schedules based on the clinical judgment of attending physicians. The distribution of days of inhibitors of gastric acidity exposure between infants with and without LOS/NEC was assessed. The mutually adjusted effects of birth weight, gestational age, duration of inhibitors of gastric acidity treatment, and exposure to BLF were controlled through multivariable logistic regression. Interaction between inhibitors of gastric acidity and BLF was tested; the effects of any day of inhibitors of gastric acidity exposure were then computed for BLF-treated vs -untreated infants. Results: Two hundred thirty-five of 743 infants underwent treatment with inhibitors of gastric acidity, and 86 LOS episodes occurred. After multivariate analysis, exposure to inhibitors of gastric acidity remained significantly and independently associated with LOS (OR, 1.03; 95% CI, 1.008-1.067; P = .01); each day of inhibitors of gastric acidity exposure conferred an additional 3.7% odds of developing LOS. Risk was significant for Gram-negative (P < .001) and fungal (P = .001) pathogens, but not for Gram-positive pathogens (P = .97). On the test for interaction, 1 additional day of exposure to inhibitors of gastric acidity conferred an additional 7.7% risk for LOS (P = .003) in BLF-untreated infants, compared with 1.2% (P = .58) in BLF-treated infants. Conclusion: Exposure to inhibitors of gastric acidity is significantly associated with the occurrence of LOS in preterm VLBW infants. Concomitant administration of BLF counteracts this selective disadvantage. Trial registration: isrctn.org: ISRCTN53107700