A Scalable and Accurate Hybrid Vulnerability Analysis Framework

As the Internet has become an integral part of our everyday life for activities such as e-mail, online-banking, shopping, entertainment, etc., vulnerabilities in Web software arguably have greater impact than vulnerabilities in other types of software. Vulnerabilities in Web applications may lead to serious issues such as disclosure of confidential data, integrity violation, denial of service, loss of commercial confidence/customer trust, and threats to the continuity of business operations. For companies these issues can result in significant financial losses. The most common and serious threats for Web applications include injection vulnerabilities, where malicious input can be “injected” into the program to alter its intended behavior or the one of another system. These vulnerabilities can cause serious damage to a system and its users. For example, an attacker could compromise the systems underlying the application or gain access to a database containing sensitive information. The goal of this thesis is to provide a scalable approach, based on symbolic execution and constraint solving, which aims to effectively find injection vulnerabilities in the server-side code of Java Web applications and which generates no or few false alarms, minimizes false negatives, overcomes the path explosion problem and enables the solving of complex constraints

A Scalable and Accurate Hybrid Vulnerability Analysis Framework

Software security assurance is an important process in software development that protects the sensitive data and resources contained in and controlled by the software. Addressing security vulnerabilities at an early phase could decrease the cost of addressing them in later stages by two orders of magnitude. In order to detect vulnerabilities in Web services and Web applications in a scalable and accurate manner, we aim at developing a hybrid vulnerability analysis framework which combines program analysis, symbolic execution and machine learning. We use program analysis to identify potential vulnerable execution branches within the source code for the purpose of guiding the symbolic execution along the potentially vulnerable execution paths. We also propose scalable constraint solving techniques for vulnerability analysis. To further enhance scalability and accuracy, we also apply machine learning by incorporating predictors for identifying potentially vulnerable paths of the program based on known vulnerable cases

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities

XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the implemented code is, to the extent pos- sible, free from these vulnerabilities before deployment. Although existing taint analysis approaches could automatically detect potential vulnerabilities in source code, they tend to generate many false warnings. Furthermore, the produced traces, i.e. data- flow paths from input sources to security-sensitive operations, tend to be incomplete or to contain a great deal of irrelevant infor- mation. Therefore, it is difficult to identify real vulnerabilities and determine their causes. One suitable approach to support security auditing is to compute a program slice for each security-sensitive operation, since it would contain all the information required for performing security audits (Soundness). A limitation, however, is that such slices may also contain information that is irrelevant to security (Precision), thus raising scalability issues for security audits. In this paper, we propose an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what we refer to as security slices, which contain sound and precise information. To evaluate the proposed pruning mechanism by using a number of open source benchmarks, we compared our security slices with the slices generated by a state-of-the-art program slicing tool. On average, our security slices are 80% smaller than the original slices, thus suggesting significant reduction in auditing costs

Security slicing for auditing common injection vulnerabilities

Cross-site scripting and injection vulnerabilities are among the most common and serious security issues for Web applications. Although existing static analysis approaches can detect potential vulnerabilities in source code, they generate many false warnings and source-sink traces with irrelevant information, making their adoption impractical for security auditing. One suitable approach to support security auditing is to compute a program slice for each sink, which contains all the information required for security auditing. However, such slices are likely to contain a large amount of information that is irrelevant to security, thus raising scalability issues for security audits. In this paper, we propose an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what we refer to as security slices, which contain sound and precise information. To evaluate the proposed approach, we compared our security slices to the slices generated by a state-of-the-art program slicing tool, based on a number of open-source benchmarks. On average, our security slices are 76% smaller than the original slices. More importantly, with security slicing, one needs to audit approximately 1% of the total code to fix all the vulnerabilities, thus suggesting significant reduction in auditing costs

JoanAudit: A tool for auditing common injection vulnerabilities

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code — cases where inputs are directly used in sinks without any form of sanitization — by using standard sanitization procedures. Our evaluation shows that by using JoanAudit, security auditors are required to inspect only 1% of the total code for auditing common injection vulnerabilities. The screen-cast demo is available at https://github.com/julianthome/joanaudit

Search-driven string constraint solving for vulnerability detection

Constraint solving is an essential technique for detecting vulnerabilities in programs, since it can reason about input sanitization and validation operations performed on user inputs. However, real-world programs typically contain complex string operations that challenge vulnerability detection. State-of-the-art string constraint solvers support only a limited set of string operations and fail when they encounter an unsupported one; this leads to limited effectiveness in finding vulnerabilities. In this paper we propose a search-driven constraint solving technique that complements the support for complex string operations provided by any existing string constraint solver. Our technique uses a hybrid constraint solving procedure based on the Ant Colony Optimization meta-heuristic. The idea is to execute it as a fallback mechanism, only when a solver encounters a constraint containing an operation that it does not support. We have implemented the proposed search-driven constraint solving technique in the ACO-Solver tool, which we have evaluated in the context of injection and XSS vulnerability detection for Java Web applications. We have assessed the benefits and costs of combining the proposed technique with two state-of-the-art constraint solvers (Z3-str2 and CVC4). The experimental results, based on a benchmark with 104 constraints derived from nine realistic Web applications, show that our approach, when combined in a state-of-the-art solver, significantly improves the number of detected vulnerabilities (from 4.7% to 71.9% for Z3-str2, from 85.9% to 100.0% for CVC4), and solves several cases on which the solver fails when used stand-alone (46 more solved cases for Z3-str2, and 11 more for CVC4), while still keeping the execution time affordable in practice

An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving

Malicious users can attack Web applications by exploiting injection vulnerabilities in the source code. This work addresses the challenge of detecting injection vulnerabilities in the server-side code of Java Web applications in a scalable and effective way. We propose an integrated approach that seamlessly combines security slicing with hybrid constraint solving; the latter orchestrates automata-based solving with meta-heuristic search. We use static analysis to extract minimal program slices relevant to security from Web programs and to generate attack conditions. We then apply hybrid constraint solving to determine the satisfiability of attack conditions and thus detect vulnerabilities. The experimental results, using a benchmark comprising a set of diverse and representative Web applications/services as well as security benchmark applications, show that our approach (implemented in the JOACO tool) is significantly more effective at detecting injection vulnerabilities than state-of-the-art approaches, achieving 98% recall, without producing any false alarm. We also compared the constraint solving module of our approach with state-of-the-art constraint solvers, using six different benchmark suites; our approach correctly solved the highest number of constraints (665 out of 672), without producing any incorrect result, and was the one with the least number of time-out/failing cases. In both scenarios, the execution time was practically acceptable, given the offline nature of vulnerability detection

Prospective Multicenter Trial of Cervical Arthroplasty with the ROTAIO® Cervical Disc Prosthesis.

STUDY DESIGN Clinical observational study. OBJECTIVE The ROTAIO® cervical disc prosthesis is a novel unconstrained implant with a variable center of rotation aiming at physiological motion. The objective of this multicenter prospective trial was to evaluate clinical outcome and complications within 2 years. MATERIAL AND METHODS 120 patients (72 females and 48 males with median age of 43.0 years [23-60 yrs] underwent ACDA (ROTAIO®, SIGNUS Medical, Alzenau, Germany) and were prospectively followed for 24 months. Preoperative complaints were mainly associated with radiculopathy (n = 104) or myelopathy (n=16). There were 108 monosegmental and 12 bisegmental procedures including 6 hybrid constructs. Clinical outcome was evaluated at 3, 12 and 24 months in 100%, 96% and 77% of the cohort by VAS, NDI, WL-26, Patient`s Satisfaction Index (PSI), SF-36, Nurick Score, mJOA, Composite Success Rate, complications, patient`s overall satisfaction and analgesics use. RESULTS Highly significant clinical improvements were observed according to NDI and VAS (P < .0001 (arm); P < .001 (neck); P = .002 (head)) at all time points. Analgetic use could be reduced in 87.1 to 95.2%. Doctor`s visits have been reduced in 93.8% after 24 months. Patient`s overall satisfaction was high with 78.4 to 83.5% of patients. The composite success rate was 77.5% after 12 months and 76.9% after 24 months. There were no major complications in this series. Slight subsidence of the prosthesis was observed in 2 patients and 3 patients demonstrated fusion after 24 months. 2 patients developed symptomatic foraminal stenosis, so that implant removal and fusion was performed resulting in a revision rate of 1.7% in 2 years. CONCLUSION The ROTAIO® cervical disc prosthesis is a safe and efficient treatment option for symptomatic degenerative disc disease demonstrating highly significant clinical improvement and high patient`s overall satisfaction with very low revision rates at 2 years

The compassionate vagus: A meta-analysis on the connection between compassion and heart rate variability

In recent years, increasing interest has been devoted to the physiological basis of self and other-oriented compassion. Heart rate variability (HRV) represents a promising candidate for such a role, given its association with soothing emotions and context appropriate prefrontal inhibitory control over threat-defensive responses. The aim of this study was to meta-analyze available studies on the association between compassion and HRV. Random-effect models were used. The analysis performed on sixteen studies that met inclusion criteria, yielded a significant association with a medium effect size (g = .54 95% CI [.24, .84], p < .0001). Results were not influenced by publication bias. After an extreme outlier’s exclusion, the size of the association was still larger in studies that used time or frequency-domain indices of vagally-mediated HRV compared to those that used peak to trough estimates of respiratory sinus arrhythmia. Results are limited by the small number of studies included in the meta-analysis (n = 16) and are discussed in terms of indications for future research, given that existing data are highly heterogeneous and of poor methodological rigor.N/