Protected pointers to specify access privileges in distributed systems

With reference to a distributed environment consisting of nodes connected in an arbitrary network topology, we propose the organization of a protection system in which a set of subjects, e.g. processes, generates access attempts to memory segments. One or more primary passwords are associated with each node. An access to a given segment can be accomplished successfully only if the subject attempting the access holds an access privilege, certified by possession of a valid protected pointer (p-pointer) referencing that segment. Each p-pointer includes a local password; the p-pointer is valid if the local password descends from a primary password by application of a universally known, parametric one-way generation function. A set of protection primitives makes it possible to manage the primary passwords, to reduce p-pointers to include less access rights, to allocate new segments, to delete existing segments, to read the segment contents and to overwrite these contents. The resulting protection environment is evaluated from a number of viewpoints, which include p-pointer forging and revocation, the network traffic generated by the execution of the protection primitives, the memory requirements for p-pointer storage, security, and the relation of our work to previous work. An indication of the flexibility of the p-pointer concept is given by applying p-pointers to the solution of a variety of protection problems

Timed Automata for Mobile Ransomware Detection

Considering the plethora of private and sensitive information stored in smartphone and tablets, it is easy to understand the reason why attackers develop everyday more and more aggressive malicious payloads with the aim to exfiltrate our data. One of the last trend in mobile malware landascape is represented by the so-called ransomware, a threat capable to lock the user interface and to cipher the data of the mobile device under attack. In this paper we propose an approach to model an Android application in terms of timed automaton by considering system call traces i.e., performing a dynamic analysis. We obtain encouraging results in the experimental analysis we performed exploiting real-world  (ransomware and legitimate) Android applications

diabetes mellitus affected patients classification and diagnosis through machine learning techniques

Medical studies demonstrated that diabetes pathology is increasing in last decades and the trend do not tends to stop. In order to help and to accelerate the diagnosis of diabetes in this paper we propose a method able to classify patients affected by diabetes using a set of characteristic selected in according to World Health Organization criteria. Evaluating real-world data using state of the art machine learning algorithms, we obtain a precision value equal to 0.770 and a recall equal to 0.775 using the HoeffdingTree algorithm

DELFIN+: An efficient deadlock detection tool for CCS processes

AbstractModel checking is a formal technique for proving the correctness of a system with respect to a desired behavior. However, deadlock detection via model checking is particularly difficult for the following two problems: (i) the state explosion problem, due to the exponential increase in the size of a finite state model as the number of system components grows; and (ii) the output interpretation problem, as often counter-examples are so long that they are hard to understand. The aim of this paper is to solve both problems by using heuristic-based search strategies. We have realized DELFIN+ (DEadLock FINder) a tool supporting efficient deadlock detection in CCS processes. We have used this tool to verify a sample of CCS processes, in order to evaluate the method on them

Using heuristic search for finding deadlocks in concurrent systems

AbstractModel checking is a formal technique for proving the correctness of a system with respect to a desired behavior. This is accomplished by checking whether a structure representing the system (typically a labeled transition system) satisfies a temporal logic formula describing the expected behavior. Model checking has a number of advantages over traditional approaches that are based on simulation and testing: it is completely automatic and when the verification fails it returns a counterexample that can be used to pinpoint the source of the error. Nevertheless, model checking techniques often fail because of the state explosion problem: transition systems grow exponentially with the number of components. The aim of this paper is to attack the state explosion problem that may arise when looking for deadlocks in concurrent systems described through the calculus of communicating systems. We propose to use heuristics-based techniques, namely the A* algorithm, both to guide the search without constructing the complete transition system, and to provide minimal counterexamples. We have realized a prototype tool to evaluate the methodology. Experiments we have conducted on processes of different size show the benefit from using our technique against building the whole state space, or applying some other methods

radiomic features for medical images tamper detection by equivalence checking

Abstract Digital medical images are very easy to be modified for illegal purposes. An attacker may perform this act in order to stop a political candidate, sabotage research, commit insurance fraud, perform an act of terrorism, or even commit murder. Between the machine that performs medical scans and the radiologist monitor, medical images pass through different devices: in this chain an attacker can perform its malicious action. In this paper we propose a method aimed to avoid medical images modifications by means of equivalence checking. Magnetic images are represented as finite state automata and equivalence checking is exploited to check whether the medical resource have been subject to illegal modifications

Exploiting Model Checking for Mobile Botnet Detection

Android malware is increasing from the point of view of the complexity and the harmful actions. As a matter fact, malware writers are developing sophisticated techniques to infect mobile devices very closed to their counterpart for personal computers. One of these threats is represented by the possibility to control the infected devices from the attacker i.e., the so-called botnet. In this paper a method able to identify botnet in Android environment through model checking is proposed. Starting from the malicious payload definition, the proposed method is able to detect and to localize the code related to the malicious botnet. We experiment real-world botnet based Android malware, obtaining encouraging results

formal modeling for magnetic resonance images tamper mitigation

Abstract The picture archiving and communication system is a medical imaging technology used primarily in healthcare organizations to store and digitally transmit electronic images and clinically-relevant reports. As demonstrated, these systems can be exploited by malicious users: in fact, considering that medical images are not digitally encrypted, any medical image modifications would be difficult to detect for a radiologist. To mitigate this aspect, in this paper a formal modelisation for picture archiving and communication system systems is proposed. The main aim is to avoid illegal writing and reading from components that should not do it, by representing the system components in terms of automa

a blockchain based proposal for protecting healthcare systems through formal methods

Abstract Blockchain technology is one of the most important and disruptive technologies in the world. Multiple industries are adopting the blockchain technology to innovate the way they work. One of the industries that are looking to adopt the blockchain is the healthcare industry. In fact, the protection of the private information stored in hospital database is a critical issue. In this paper we propose a method aimed to protect information exchanged in hospital networks, with particular regard to magnetic resonance images. As required from blockchain technology, each host network must validate the transiting data network: we exploit formal equivalence checking to perform this validation, by modeling magnetic resonance images in terms of automata by exploiting radiomic features

energy consumption metrics for mobile device dynamic malware detection

Abstract The ineffectiveness of signature-based malware detection systems prevents the detection of malware, even objects of trivial obfuscation techniques, makes mobile devices vulnerable. In this paper a dynamic technique to detect malware on Android platform is proposed. We exploit a set of energy related features i.e., feature which can be symptomatic of abnormal battery consumption. We built different models exploiting four different supervised machine learning classification algorithms, obtaining for all the evaluated models an accuracy greater than 0.91