Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets

Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to identify authorship style. Our survey explores malicious author style and the adversarial techniques used by them to remain anonymous. We examine the adversarial impact on the state-of-the-art methods. We identify key findings and explore the open research challenges. To mitigate the lack of ground truth datasets in this domain, we publish alongside this survey the largest and most diverse meta-information dataset of 15,660 malware labeled to 164 threat actor groups

Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection

Recent statistics show that in 2015 more than 140 millions new malware samples have been found. Among these, a large portion is due to ransomware, the class of malware whose specific goal is to render the victim's system unusable, in particular by encrypting important files, and then ask the user to pay a ransom to revert the damage. Several ransomware include sophisticated packing techniques, and are hence difficult to statically analyse. We present EldeRan, a machine learning approach for dynamically analysing and classifying ransomware. EldeRan monitors a set of actions performed by applications in their first phases of installation checking for characteristics signs of ransomware. Our tests over a dataset of 582 ransomware belonging to 11 families, and with 942 goodware applications, show that EldeRan achieves an area under the ROC curve of 0.995. Furthermore, EldeRan works without requiring that an entire ransomware family is available beforehand. These results suggest that dynamic analysis can support ransomware detection, since ransomware samples exhibit a set of characteristic features at run-time that are common across families, and that helps the early detection of new variants. We also outline some limitations of dynamic analysis for ransomware and propose possible solutions

Formalizing Threat Models for Virtualized Systems

We propose a framework, called FATHoM (FormAlizing THreat Models), to define threat models for virtualized systems. For each component of a virtualized system, we specify a set of security properties that defines its control responsibility, its vulnerability and protection states. Relations are used to represent how assumptions made about a component’s security state restrict the assumptions that can be made on the other components. FATHoM includes a set of rules to compute the derived security states from the assumptions and the components’ relations. A further set of relations and rules is used to define how to protect the derived vulnerable components. The resulting system is then analysed, among others, for consistency of the threat model. We have developed a tool that implements FATHoM, and have validated it with use-cases adapted from the literature

Sharing data through confidential clouds: an architectural perspective

© 2015 IEEE.Cloud and mobile are two major computing paradigms that are rapidly converging. However, these models still lack a way to manage the dissemination and control of personal and business-related data. To this end, we propose a framework to control the sharing, dissemination and usage of data based on mutually agreed Data Sharing Agreements (DSAs). These agreements are enforced uniformly, and end-to-end, both on Cloud and mobile platforms, and may reflect legal, contractual or user-defined preferences. We introduce an abstraction layer that makes available the enforcement functionality across different types of nodes whilst hiding the distribution of components and platform specifics. We also discuss a set of different types of nodes that may run such a layer

A logic-based reasoner for discovering authentication vulnerabilities between interconnected accounts

With users being more reliant on online services for their daily activities, there is an increasing risk for them to be threatened by cyber-attacks harvesting their personal information or banking details. These attacks are often facilitated by the strong interconnectivity that exists between online accounts, in particular due to the presence of shared (e.g., replicated) pieces of user information across different accounts. In addition, a significant proportion of users employs pieces of information, e.g. used to recover access to an account, that are easily obtainable from their social networks accounts, and hence are vulnerable to correlation attacks, where a malicious attacker is either able to perform password reset attacks or take full control of user accounts. This paper proposes the use of verification techniques to analyse the possible vulnerabilities that arises from shared pieces of information among interconnected online accounts. Our primary contributions include a logic-based reasoner that is able to discover vulnerable online accounts, and a corresponding tool that provides modelling of user ac- counts, their interconnections, and vulnerabilities. Finally, the tool allows users to perform security checks of their online accounts and suggests possible countermeasures to reduce the risk of compromise

A collaborative framework for generating probabilistic contracts

n/

Remote policy enforcement for trusted application execution in mobile environments

n/

Covid-19 in children with down syndrome: Data from the trisomy 21 research society survey

Adults with Down Syndrome (DS) are at higher risk for severe outcomes of coronavirus disease 2019 (COVID-19) than the general population, but evidence is required to understand the risks for children with DS, which is necessary to inform COVID-19 shielding advice and vaccination priorities. We aimed to determine the epidemiological and clinical characteristics of COVID-19 in children with DS. Using data from an international survey obtained from a range of countries and control data from the United States, we compared the prevalence of symptoms and medical complications and risk factors for severe outcomes between DS and non-DS paediatric populations with COVID-19. Hospitalised COVID-19 patients <18 years with DS had a higher incidence of respiratory symptoms, fever, and several medical complications from COVID-19 than control patients without DS <18 years. Older age, obesity, and epilepsy were significant risk factors for hospitalisation among paediatric COVID-19 patients with DS, and age and thyroid disorder were significant risk factors for acute respiratory distress syndrome. Mortality rates were low in all paediatric COVID-19 patients (with and without DS), contrasting with previous findings in adults with DS (who exhibit higher mortality than those without DS). Children with DS are at increased risk for more severe presentations of COVID-19. Efforts should be made to ensure the comprehensive and early detection of COVID-19 in this population and to identify children with DS who present comorbidities that pose a risk for a severe course of COVID-19. Our results emphasize the importance of vaccinating children with DS as soon as they become eligible