Visible to the public Vulnerability Detection (2014 Year in Review), Part 1

SoS Newsletter- Advanced Book Block


SoS Logo

Vulnerability Detection
(2014 Year in Review)
Part 1


Vulnerability detection is a topic for which a great deal of research is being done.  In 2014, more than one hundred major research presentations relevant to the Science of Security were made and published.  To facilitate finding articles, we will present these in four parts. In Part 1, we will cite the first 25.


Antunes, N.; Vieira, M., "Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples," Services Computing, IEEE Transactions on, vol. PP, no.99, pp.1, 1, 11 March 2014. doi: 10.1109/TSC.2014.2310221 Selecting a vulnerability detection tool is a key problem that is frequently faced by developers of security-critical web services. Research and practice shows that state-of-the-art tools present low effectiveness both in terms of vulnerability coverage and false positive rates. The main problem is that such tools are typically limited in the detection approaches implemented, and are designed for being applied in very concrete scenarios. Thus, using the wrong tool may lead to the deployment of services with undetected vulnerabilities. This paper proposes a benchmarking approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This approach was used to define two concrete benchmarks for SQL Injection vulnerability detection tools. The first is based on a predefined set of web services, and the second allows the benchmark user to specify the workload that best portrays the specific characteristics of his environment. The two benchmarks are used to assess and compare several widely used tools, including four penetration testers, three static code analyzers, and one anomaly detector. Results show that the benchmarks accurately portray the effectiveness of vulnerability detection tools (in a relative manner) and suggest that the proposed benchmarking approach can be applied in the field.
Keywords: Benchmark testing; Computer bugs; Measurement; Security; Web services (ID#: 15-4093)


Gupta, M.K.; Govil, M.C.; Singh, G., "An Approach To Minimize False Positive In SQLI Vulnerabilities Detection Techniques Through Data Mining," Signal Propagation and Computer Technology (ICSPCT), 2014 International Conference on, pp.407,410, 12-13 July 2014. doi: 10.1109/ICSPCT.2014.6884962 Dependence on web applications is increasing very rapidly in recent time for social communications, health problem, financial transaction and many other purposes. Unfortunately, the presence of security weaknesses in web applications allows malicious user's to exploit various security vulnerabilities and become the reason of their failure. Currently, SQL Injection (SQLI) attacks exploit most dangerous security vulnerabilities in various popular web applications i.e. eBay, Google, Facebook, Twitter etc. Research on taint based vulnerability detection has been quite intensive in the past decade. However, these techniques are not free from false positive and false negative results. In this paper, we propose an approach to minimize false positive in SQLI vulnerability detection techniques using data mining concepts. We have implemented a prototype tool for PHP, MySQL technologies and evaluated it on six real world applications and NIST Benchmarks. Our evaluation and comparison results show that proposed technique detects SQLI vulnerabilities with low percentage of false positives.
Keywords: Internet; SQL; data mining; security of data; social networking (online); software reliability; Facebook; Google; MySQL technology; PHP; SQL injection attack; SQLI vulnerability detection techniques; Twitter; data mining; eBay; false positive minimization; financial transaction; health problem; social communications; taint based vulnerability detection; Computers; Software; SQLI attack; SQLI vulnerability; false positive; input validation; sanitization; taint analysis (ID#: 15-4094)


Cai, Jun; Yang, Shangfei; Men, Jinquan; He, Jun, "Automatic Software Vulnerability Detection Based On Guided Deep Fuzzing," Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on, pp.231,234, 27-29 June 2014.doi: 10.1109/ICSESS.2014.6933551 Software security has become a very import part of information security in recent years. Fuzzing has proven successful in finding software vulnerabilities which are one major cause of information security incidents. However, the efficiency of traditional fuzz testing tools is usually very poor due to the blindness of test generation. In this paper, we present Sword, an automatic fuzzing system for software vulnerability detection, which combines fuzzing with symbolic execution and taint analysis techniques to tackle the above problem. Sword first uses symbolic execution to collect program execution paths and their corresponding constrains, then uses taint analysis to check these paths, the most dangerous paths which most likely lead to vulnerabilities will be further deep fuzzed. Thus, with the guidance of symbolic execution and taint analysis, Sword generates test cases most likely to trigger potential vulnerabilities lying deep in applications.
Keywords: Databases; Engines; Information security; Monitoring; Software; Software testing; fuzzing; software vulnerability detection; symbolic execution; taint analysis (ID#: 15-4096)


Li, Hui; Zhang, Weishi; Zhou, Weifu; Su, Bo, "A Novel Vulnerability Detection Method for ZigBee MAC Layer," Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on, pp.121,124, 24-27 Aug. 2014. doi: 10.1109/DASC.2014.30 Due to the limitation, such as low computation, low calculation and limited energy, wireless sensor networks (WSN) usually have some vulnerabilities, such as data overflow, 0-divides etc. This paper designed a MAC Layer Tester (called MLT) based on fuzz and border conditions algorithm to detect vulnerabilities according to IEEE 802.15.4. MLT can test protocols stack for IEEE 802.15.4, such as ZigBee. MLT builds testing architecture and simulation environment in MAC layer and can test the performance and functions of it if adopted some representative data.
Keywords: Computer crashes; IEEE 802.15 Standards; Network topology; Testing; Topology; Wireless sensor networks; Zigbee; IoT; MAC; MLT; PAN; WSN; vulnerability (ID#: 15-4097)


Kulenovic, M.; Donko, D., "A Survey Of Static Code Analysis Methods For Security Vulnerabilities Detection," Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on, pp. 1381, 1386, 26-30 May 2014. doi: 10.1109/MIPRO.2014.6859783 Software security is becoming highly important for universal acceptance of applications for many kinds of transactions. Automated code analyzers can be utilized to detect security vulnerabilities during the development phase. This paper is aimed to provide a survey on Static code analysis and how it can be used to detect security vulnerabilities. The most recent findings and publications are summarized and presented in this paper. This paper provides an overview of the gains, flows and algorithms of static code analyzers. It can be considered a stepping stone for further research in this domain.
Keywords: program diagnostics; security of data; software engineering; development phase; software security vulnerabilities detection; static code analysis methods; Access control; Analytical models; Java; Privacy; Software; security; static code analysis; survey; vulnerability(ID#: 15-4098)


Bo Wu; Mengjun Li; Bin Zhang; Quan Zhang; Chaojing Tang, "Directed Symbolic Execution For Binary Vulnerability Mining," Electronics, Computer and Applications, 2014 IEEE Workshop on, pp. 614, 617, 8-9 May 2014. doi: 10.1109/IWECA.2014.6845694 Despite more than two decades of independent, academic, and industry-related research, software vulnerabilities remain the main reason that undermine the security of our systems. Taint analysis and symbolic execution are among the most promising approaches for vulnerability detection, but either one can't remit the problem separately. In this paper, we try to combine taint analysis and symbolic execution for binary vulnerability mining and proposed a method named directed symbolic execution. Our three-step approach firstly adopts dynamic taint analysis technology to identify the safety-related data, and then uses symbolic execution system to execute the binary software while marks those safety-related data as symbols, and finally discovers vulnerabilities with our check-model. The evaluation shows that our method can be used to detect vulnerabilities in binary software more efficiently.
Keywords: data mining; program diagnostics; security of data; software reliability; binary software; binary vulnerability mining; check-model; directed symbolic execution method; dynamic taint analysis technology; safety-related data identification; software vulnerability detection; Context; Protocols; Software; Symbolic Execution; Vulnerability detection; Vulnerability model (ID#: 15-4099)


Yuan-Hsin Tung; Chen-Chiu Lin; Hwai-Ling Shan, "Test as a Service: A Framework for Web Security TaaS Service in Cloud Environment," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.212,217, 7-11 April 2014. doi: 10.1109/SOSE.2014.36 As its name suggests, cloud testing is a form of software testing which uses cloud infrastructure. Its effective unlimited storage, quick availability of the infrastructure with scalability, flexibility and availability of distributed testing environment translate to reducing the execution time of testing of large applications and hence lead to cost-effective solutions. In cloud testing, Testing-as-a-Service (TaaS) is a new model to effectively provide testing capabilities and on-demand testing to end users. There are many studies and solutions to support TaaS service. And security testing is the most suitable form for TaaS service. To leverage the features of TaaS, we propose a framework of TaaS for security testing. We implement the prototype system, Security TaaS (abbrev. S-TaaS), based on our proposed framework. The experiments are conducted to evaluate the performance of our framework and prototype system. The experiment results indicate that our prototype system can provide quality and stable service.
Keywords: cloud computing; program testing; security of data; TaaS service; Web security; cloud environment; cloud infrastructure; cloud testing; distributed testing environment; on-demand testing; software testing; testing capabilities; testing-as-a-service; Cloud computing; Computational modeling; Monitoring; Prototypes; Security; Software testing; TaaS; Test as a Service; cloud computing; security test; vulnerability detection; web vulnerability (ID#: 15-4100)


Guowei Dong; Yan Zhang; Xin Wang; Peng Wang; Liangkun Liu, "Detecting Cross Site Scripting Vulnerabilities Introduced by HTML5," Computer Science and Software Engineering (JCSSE), 2014 11th International Joint Conference on, pp.319, 323, 14-16 May 2014. doi: 10.1109/JCSSE.2014.6841888 Recent years, HTML5 is widely adopted in popular browsers. Unfortunately, as a new Web standard, HTML5 may expand the Cross Site Scripting (XSS) attack surface as well as improve the interactivity of the page. In this paper, we identified 14 XSS attack vectors related to HTML5 by a systematic analysis about new tags and attributes. Based on these vectors, a XSS test vector repository is constructed and a dynamic XSS vulnerability detection tool focusing on Webmail systems is implemented. By applying the tool to some popular Webmail systems, seven exploitable XSS vulnerabilities are found. The evaluation result shows that our tool can efficiently detect XSS vulnerabilities introduced by HTML5.
Keywords: Internet; Web sites; hypermedia markup languages; security of data;HTML5;Web standard; Webmail system; XSS attack surface; XSS attack vectors; XSS test vector repository; cross site scripting vulnerability detection; dynamic XSS vulnerability detection tool; systematic analysis;HTML5;attack surface; dynamic detection (ID#: 15-4101)


Gupta, M.K.; Govil, M.C.; Singh, G., "Static Analysis Approaches To Detect SQL Injection And Cross Site Scripting Vulnerabilities In Web Applications: A Survey," Recent Advances and Innovations in Engineering (ICRAIE), 2014, pp. 1, 5, 9-11 May 2014. doi: 10.1109/ICRAIE.2014.6909173 Dependence on web applications is increasing very rapidly in recent time for social communications, health problem, financial transaction and many other purposes. Unfortunately, presence of security weaknesses in web applications allows malicious user's to exploit various security vulnerabilities and become the reason of their failure. Currently, SQL Injection (SQLI) and Cross-Site Scripting (XSS) vulnerabilities are most dangerous security vulnerabilities exploited in various popular web applications i.e. eBay, Google, Facebook, Twitter etc. Research on defensive programming, vulnerability detection and attack prevention techniques has been quite intensive in the past decade. Defensive programming is a set of coding guidelines to develop secure applications. But, mostly developers do not follow security guidelines and repeat same type of programming mistakes in their code. Attack prevention techniques protect the applications from attack during their execution in actual environment. The difficulties associated with accurate detection of SQLI and XSS vulnerabilities in coding phase of software development life cycle. This paper proposes a classification of software security approaches used to develop secure software in various phase of software development life cycle. It also presents a survey of static analysis based approaches to detect SQL Injection and cross-site scripting vulnerabilities in source code of web applications. The aim of these approaches is to identify the weaknesses in source code before their exploitation in actual environment. This paper would help researchers to note down future direction for securing legacy web applications in early phases of software development life cycle.
Keywords: Internet; SQL; program diagnostics; security of data; software maintenance; software reliability; source code (software);SQL injection; SQLI; Web applications; XSS; attack prevention; cross site scripting vulnerabilities; defensive programming; financial transaction; health problem; legacy Web applications; malicious users; programming mistakes; security vulnerabilities; security weaknesses; social communications; software development life cycle; source code; static analysis; vulnerability detection; Analytical models; Guidelines; Manuals; Programming; Servers; Software; Testing; SQL injection; cross site scripting; static analysis; vulnerabilities; web application (ID#: 15-4102)


Alqahtani, S.M.; Al Balushi, M.; John, R., "An Intelligent Intrusion Prevention System for Cloud Computing (SIPSCC)," Computational Science and Computational Intelligence (CSCI), 2014 International Conference on, vol. 2, no., pp. 152, 158, 10-13 March 2014. doi: 10.1109/CSCI.2014.161 Cloud computing is a fast growing IT model for the exchange and delivery of different services through the Internet. However there is a plethora of security concerns in cloud computing which still need to be tackled (e.g. confidentiality, auditability and Privileged User Access). To detect and prevent such issues, the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are effective mechanism against attacks such as SQL Injection. This study proposes a new service of IPS that prevents SQL injections when it comes over cloud computing website(CCW) using signature-based devices approach. A model has been implemented on three virtual machines. Through this implementation, a service-based intrusion prevention system in cloud computing (SIPSCC) is proposed, investigated and evaluated from three perspectives the vulnerability detection, average time, and false positives.
Keywords: SQL; Web sites; cloud computing; digital signatures; security of data; virtual machines; CCW;IDS; IPS; Internet; SIPSCC; SQL injections; cloud computing Web site; intelligent intrusion prevention system; intrusion detection system; service-based intrusion prevention system in cloud computing; signature-based device approach; virtual machines; vulnerability detection; Cloud computing; Databases; Educational institutions; Intrusion detection; Servers; SIPSCC; CCW; IDS; IPS; Open Source Hostbased Intrusion Detection System (OSSEC) (ID#: 15-4103)


Fang Yu; Yi-Yang Tung, "Patcher: An Online Service for Detecting, Viewing and Patching Web Application Vulnerabilities," System Sciences (HICSS), 2014 47th Hawaii International Conference on, pp.4878,4886, 6-9 Jan. 2014. doi: 10.1109/HICSS.2014.598 Web application security becomes a critical issue as more and more web applications appear and serve common life and business routines in recent years. It is known that web applications are vulnerable due to software defects. Open to public users, vulnerable websites may encounter lots of malicious attacks from the Internet. We present a new web service platform where system developers can detect, view and patch potential vulnerabilities of their web applications online. Taking advantage of static string analysis techniques, our analysis ensures that the patched programs are free from vulnerabilities with respect to given attack patterns. Specifically, we integrate the service front end with program visualization techniques, developing a 3D interface/presentation for users to access and view the analysis result under visualization environment with the aim of improving users' comprehension on programs, especially how vulnerabilities get exploited and patched. We report our analysis result on several open source applications, finding and patching various unknown/known vulnerabilities.
Keywords: Web services; Web sites; program diagnostics; program visualisation; public domain software; security of data; software maintenance;3D interface development;3D presentation development; Internet; Patcher; Web application security; Web application vulnerability detection; Web application vulnerability patching; Web application vulnerability viewing; Web service platform; Web sites; malicious attacks; online service; open source applications; program comprehension; program visualization techniques; service front end integration; software defects; static string analysis techniques; Automata; Mobile handsets; Reachability analysis; Security; Three-dimensional displays; Visualization; Web services; program comprehension; string analysis; visualization; web security (ID#: 15-4104)


Zhou Lin; Liu Fei; Gan Shuitao; Qin Xiaojun; Han Wenbao, "Symbolic Execution of Network Software Based on Unit Testing," Networking, Architecture, and Storage (NAS), 2014 9th IEEE International Conference on, pp.128,132, 6-8 Aug. 2014. doi: 10.1109/NAS.2014.28 Complex interactions and the distributed nature of network software make automated testing and debugging before deployment a necessity. Symbolic execution is a systematic program analysis technique that has become increasingly popular in network software testing, due to algorithmic advances and availability of computational power and constraint solving technology. However, A main challenge is to detect determining symbolic values for program variables related to library, loops and cryptograph algorithms which are widely used in network software. In this paper, we propose a unit symbolic analysis, a hybrid technique that enables fully automatic symbolic analysis even for the traditionally challenging code. The novelties of this work are threefold: 1) we flexibly employs static symbolic execution to amplify the effect of dynamic symbolic execution on demand, 2) dynamic executions and regression analysis are performed on the unit tests constructed from the code segments to infer program semantics needed by static analysis, and 3) symbolic analysis is utilized to tackle loop structure and cryptograph algorithm module. We developed the Net Sym framework, consisting of a static component that performs symbolic analysis and partitions a program, a dynamic analysis that synthesizes unit tests and automatically infers symbolic values for program variables, and a protocol that enables static and dynamic analyses to be run interactively and concurrently. Our experimental results show that by handling cryptograph algorithms, loops and library calls that a traditional symbolic analysis cannot process, unit symbolic analysis detects more vulnerabilities in less time. The technique is scalable for real-world programs such as GHttpd, SQL Server and GDI.
Keywords: cryptography; distributed processing; program control structures; program debugging; program slicing; program testing; regression analysis; software libraries; GDI; GHttpd; Net Sym framework; SQL Server; algorithmic advances; automated debugging; automated testing; code segments; computational power; concurrent analysis; constraint solving technology; cryptograph algorithm module; cryptograph algorithms; dynamic executions; dynamic symbolic execution; fully automatic symbolic analysis; library; loop structure; network software symbolic execution; network software testing; program partitioning; program semantics inference; program variables; protocol; regression analysis; software deployment; static analysis; static component; static symbolic execution; symbolic value inference; systematic program analysis technique; unit symbolic analysis; unit test synthesis; unit testing; vulnerability detection; Algorithm design and analysis; Cryptography; Heuristic algorithms; Libraries; Performance analysis; Software; Testing (ID#: 15-4105)


Busby Earle, C.C.R.; France, R.B.; Ray, I., "Analysing Requirements to Detect Latent Security Vulnerabilities," Software Security and Reliability-Companion (SERE-C), 2014 IEEE Eighth International Conference on, pp.168,175, June 30 2014-July 2 2014. doi: 10.1109/SERE-C.2014.35 To fully embrace the challenge of securing software, security concerns must be considered at the earliest stages of software development. Studies have shown that this reduces the time, cost and effort required to integrate security features into software during development. In this paper we describe a technique for uncovering potential vulnerabilities through an analysis of software requirements and describe its use using a small, motivating example.
Keywords: security of data; software engineering; latent security vulnerabilities detection; security features; software development; software requirements; software security; Context; Educational institutions; Natural languages; Object recognition; Ontologies; Security; Software; Loophole Analysis; Requirements; Security; Vulnerabilities (ID#: 15-4106)


Hong, Junho; Liu, Chen-Ching; Govindarasu, Manimaran, "Integrated Anomaly Detection for cyber security of the substations," PES General Meeting | Conference & Exposition, 2014 IEEE, pp.1, 1, 27-31 July 2014. doi: 10.1109/PESGM.2014.6939779 Cyber intrusions to substations of a power grid are a source of vulnerability since most substations are unmanned and with limited protection of the physical security. In the worst case, simultaneous intrusions into multiple substations can lead to severe cascading events, causing catastrophic power outages. In this paper, an integrated Anomaly Detection System (ADS) is proposed which contains host- and network-based anomaly detection systems for the substations, and simultaneous anomaly detection for multiple substations. Potential scenarios of simultaneous intrusions into the substations have been simulated using a substation automation testbed. The host-based anomaly detection considers temporal anomalies in the substation facilities, e.g., user interfaces, Intelligent Electronic Devices (IEDs) and circuit breakers. The malicious behaviors of substation automation based on multicast messages, e.g., Generic Object Oriented Substation Event (GOOSE) and Sampled Measured Value (SMV), are incorporated in the proposed network-based anomaly detection. The proposed simultaneous intrusion detection method is able to identify the same type of attacks at multiple substations and their locations. The result is a new integrated tool for detection and mitigation of cyber intrusions at a single substation or multiple substations of a power grid.
Keywords: Computer science Computer security; Educational institutions; Electrical engineering; Power grids; Substation automation (ID#: 15-4107)


Junho Hong; Chen-Ching Liu; Govindarasu, M., "Integrated Anomaly Detection for Cyber Security of the Substations," Smart Grid, IEEE Transactions on, vol.5, no.4, pp.1643, 1653, July 2014. doi: 10.1109/TSG.2013.2294473 Cyber intrusions to substations of a power grid are a source of vulnerability since most substations are unmanned and with limited protection of the physical security. In the worst case, simultaneous intrusions into multiple substations can lead to severe cascading events, causing catastrophic power outages. In this paper, an integrated Anomaly Detection System (ADS) is proposed which contains host- and network-based anomaly detection systems for the substations, and simultaneous anomaly detection for multiple substations. Potential scenarios of simultaneous intrusions into the substations have been simulated using a substation automation testbed. The host-based anomaly detection considers temporal anomalies in the substation facilities, e.g., user-interfaces, Intelligent Electronic Devices (IEDs) and circuit breakers. The malicious behaviors of substation automation based on multicast messages, e.g., Generic Object Oriented Substation Event (GOOSE) and Sampled Measured Value (SMV), are incorporated in the proposed network-based anomaly detection. The proposed simultaneous intrusion detection method is able to identify the same type of attacks at multiple substations and their locations. The result is a new integrated tool for detection and mitigation of cyber intrusions at a single substation or multiple substations of a power grid.
Keywords: computer network security; power engineering computing; power grids; power system reliability; substation automation; ADS; GOOSE; IED; SMV; catastrophic power outages; circuit breakers; cyber intrusions; generic object oriented substation event; host-based anomaly detection systems; integrated anomaly detection system; intelligent electronic devices; malicious behaviors; multicast messages; network-based anomaly detection systems; physical security; power grid; sampled measured value; severe cascading events; simultaneous anomaly detection; simultaneous intrusion detection method; substation automation testbed; substation facilities; substations; temporal anomalies; user-interfaces; Circuit breakers; Computer security; Intrusion detection; Power grids; Substation automation; Anomaly detection; GOOSE anomaly detection; SMV anomaly detection and intrusion detection; cyber security of substations (ID#: 15-4108)


Park, Seongwook; Kim, Gyeonghoon; Park, Junyoung; Yoo, Hoi-Jun, "A 1.5nJ/Pixel Super-Resolution Enhanced FAST Corner Detection Processor For High Accuracy AR," European Solid State Circuits Conference (ESSCIRC), ESSCIRC 2014 - 40th , vol., no., pp.191,194, 22-26 Sept. 2014. doi: 10.1109/ESSCIRC.2014.6942054 Most vision applications such as object recognition and augmented reality require a high resolution image because their performance is heavily dependent on a local feature point like an edge and a corner. Unfortunately, the vulnerability of correct feature detection always exists in vision applications. Moreover, it is hard to increase image resolution because there is the trade-off between the image resolution and the system power consumption in a wearable device. To resolve this, we present an energy-efficient Features from Accelerated Segment Test (FAST) corner detection processor with a high-throughput super-resolution 4-core cluster for low-power and high accuracy AR applications. To perform high throughput super-resolution, the hardware is proposed with an adaptive multi-issue multiply-accumulate (AMMAC) unit and a shift register (SHR) based angle integrator. Finally, a proposed super-resolution enhanced FAST corner detection processor performs 13.51% detection accuracy enhanced FAST corner detection on up to a 16× super-resolution image with only 1.5nJ/pixel energy efficiency.
Keywords: Accuracy; Augmented reality; Energy resolution; Feature extraction; Image resolution; Real-time systems; Signal resolution (ID#: 15-4109)


Maniatakos, M.; Michael, M.K.; Makris, Y., "Multiple-Bit Upset Protection in Microprocessor Memory Arrays Using Vulnerability-Based Parity Optimization and Interleaving," Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol. PP, no.99, pp.1, 1, 11 November 2014. doi: 10.1109/TVLSI.2014.2365032 We propose a technology-independent vulnerability-driven parity selection method for protecting modern microprocessor in-core memory arrays against multiple-bit upsets (MBUs). As MBUs constitute over 50% of the upsets in recent technologies, error correcting codes or physical interleaving are typically employed to effectively protect out-of-core memory structures, such as caches. Such methods, however, are not applicable to high performance in-core arrays, due to computational complexity, high delay, and area overhead. Therefore, we investigate vulnerability-based parity forest formation as an effective mechanism for detecting errors. Checkpointing and pipeline flushing can subsequently be used for correction. As the optimal parity tree construction for MBU detection is a computationally complex problem, an integer linear program formulation is introduced. In addition, vulnerability-based interleaving (VBI) is explored as a mechanism for further enhancing in-core array resiliency in constrained, single parity tree cases. VBI first physically disperses bitlines based on their vulnerability factor and then applies selective parity to these lines. Experimental results on Alpha 21264 and Intel P6 in-core memory arrays demonstrate that the proposed parity tree selection and VBI methods can achieve vulnerability reduction up to 86%, even when a small number of bits are added to the parity trees.
Keywords: Cost function; Delays; Equations; Error correction codes; Microprocessors; Random access memory; Architectural vulnerability factor (AVF);interleaving; memory array; modern microprocessor; optimization; parity (ID#: 15-4110)


Shila, D.M.; Venugopal, V., "Design, Implementation And Security Analysis of Hardware Trojan Threats in FPGA," Communications (ICC), 2014 IEEE International Conference on, pp.719, 724, 10-14 June 2014. doi: 10.1109/ICC.2014.6883404 Hardware Trojan Threats (HTTs) are stealthy components embedded inside integrated circuits (ICs) with an intention to attack and cripple the IC similar to viruses infecting the human body. Previous efforts have focused essentially on systems being compromised using HTTs and the effectiveness of physical parameters including power consumption, timing variation and utilization for detecting HTTs. We propose a novel metric for hardware Trojan detection coined as HTT detectability metric (HDM) that uses a weighted combination of normalized physical parameters. HTTs are identified by comparing the HDM with an optimal detection threshold; if the monitored HDM exceeds the estimated optimal detection threshold, the IC will be tagged as malicious. As opposed to existing efforts, this work investigates a system model from a designer perspective in increasing the security of the device and an adversary model from an attacker perspective exposing and exploiting the vulnerabilities in the device. Using existing Trojan implementations and Trojan taxonomy as a baseline, seven HTTs were designed and implemented on a FPGA testbed; these Trojans perform a variety of threats ranging from sensitive information leak, denial of service to beat the Root of Trust (RoT). Security analysis on the implemented Trojans showed that existing detection techniques based on physical characteristics such as power consumption, timing variation or utilization alone does not necessarily capture the existence of HTTs and only a maximum of 57% of designed HTTs were detected. On the other hand, 86% of the implemented Trojans were detected with HDM. We further carry out analytical studies to determine the optimal detection threshold that minimizes the summation of false alarm and missed detection probabilities.
Keywords: field programmable gate arrays; integrated logic circuits; invasive software; FPGA testbed; HDM; HTT detectability metric; HTT detection; ICs; RoT; Trojan taxonomy; denial of service; hardware Trojan detection technique; hardware Trojan threats; integrated circuits; missed detection probability; normalized physical parameters; optimal detection threshold; power consumption; root of trust; security analysis; sensitive information leak; summation of false alarm; timing variation; Encryption; Field programmable gate arrays; Hardware; Power demand; Timing; Trojan horses; Design; Hardware Trojans; Resiliency; Security (ID#: 15-4111)


Badawy, M.A.; El-Fishawy, N.A.; Elshakankiry, O., "Using Patch Management Tools to Enhance the Signature Customization for IDS Based on Vulnerability Scanner," Information Technology: New Generations (ITNG), 2014 11th International Conference on, pp.529, 533, 7-9 April 2014. doi: 10.1109/ITNG.2014.78 Signature customization is a technique to help the misuse network based IDS to select an appropriate signature for the protected hosts. Additionally, it eliminates unnecessary signature matching in order to enhance the detection capabilities for the NIDS. This paper assesses the effectiveness of depending only on vulnerability scanners to perform signature customization. In addition, it introduces the integration of vulnerability scanners with patch management tools to limit the number of false positive and false negative customizations. The results show that adding the patch management tools to the integration between the NIDS and vulnerability scanners can reduce the false signature customization. The proposed system will insure tuning accuracy for average of 30% of all shielded rules in the original signature customization system, accordingly improving the overall detection efficiency for the IDS.
Keywords: computer network security; digital signatures; NIDS; false negative customizations; false positive customizations; intrusion detection system; network based IDS; patch management tools; signature customization system; signature matching; vulnerability scanners; Accuracy; Computer architecture; Computers; Intrusion detection; NIST; Software; NIDS; Snort; Vulnerability assessment; WSUS; risk assessment (ID#: 15-4112)


Jovanovic, A.; Botteron, C.; Farine, P.-A., "Multi-test Detection And Protection Algorithm Against Spoofing Attacks On GNSS Receivers," Position, Location and Navigation Symposium - PLANS 2014, 2014 IEEE/ION, pp.1258,1271, 5-8 May 2014. doi: 10.1109/PLANS.2014.6851501 The vulnerability against interference, spoofing, and jamming of GNSS receivers is considered nowadays a major security concern. This security threat is exacerbated with the existing market availability of GPS jamming and spoofing equipment sold at reasonable prices. If jamming is the main issue faced at present, spoofing, which allows hijacking someone from the expected path, may lead to even worse consequences. Even with the latest security measures that are going to be deployed on the Galileo PRS signals, GNSS receivers are prone to attacks that are relatively easy to implement. In this paper, we identify different countermeasures and security schemes that can be used against spoofing attacks. These countermeasures include some modifications on the GNSS receiver's side, rather than requiring modifications of the whole existing GNSS infrastructure. More specifically, we propose a detection and protection scheme consisting of several statistical tests, based on the computations of moving variances of Doppler offset and C/No estimates, together with a consistency test of the PVT computation. We evaluate the performance of the proposed scheme through simulations and using a measurement setup consisting of a Spirent GSS8000 full constellation simulator whose output is combined with the one from a rooftop GPS antenna before being fed to a receiver front-end. Finally, we compute the probability of detection and false alarm in spoofing detection using the proposed scheme.
Keywords: Doppler effect; Global Positioning System; antenna feeds; jamming; radio receivers; statistical testing; telecommunication security; C/No estimates; Doppler offset; GNSS receivers; GPS jamming equipment; GPS spoofing equipment; Galileo PRS signals; PVT computation; Spirent GSS8000 full constellation simulator; consistency test; detection probability computation; false alarm probability computation; interference; measurement setup; multitest detection algorithm; multitest protection algorithm; receiver front-end; rooftop GPS antenna; security measures; security threat; spoofing attacks; statistical tests; Cryptography; Global Positioning System; Monitoring; Receivers; Satellite broadcasting; Satellites; GPS; Galileo; Vulnerability; countermeasures; detection; protection; security; spoofing attacks; statistical tests (ID#: 15-4113)


Gupta, A.; Pandey, O.J.; Shukla, M.; Dadhich, A.; Ingle, A.; Ambhore, V., "Intelligent Perpetual Echo Attack Detection on User Datagram Protocol Port 7 Using Ant Colony Optimization," Electronic Systems, Signal Processing and Computing Technologies (ICESC), 2014 International Conference on, pp.419,424, 9-11 Jan. 2014. doi: 10.1109/ICESC.2014.82 The escalating complexity of computer networks on a daily basis has increased the probability of malicious exploitation. Even a rare vulnerability in a single computer might compromise the network security of an entire organisation. Intrusion Detection Systems form an integral component of the mechanisms designed to prevent internet and data communication systems from such attacks. The attacks on the network comprise of information gathering and modification through unauthorized access to resources and denial of service to legitimate users. IDS play a key role in detecting the patterns of behaviour on the network that might be indicative of impending attacks. Majority of groundbreaking research on IDS is carried out on KDD'99 dataset and focuses on either all the attacks in the network or the attacks corresponding to TCP/IP protocol. This paper presents a step forward in this direction where the IDS model addresses a specific part of the network attacks commonly detected at port 7 in UDP. Port scans in UDP account for a sizable portion of the Internet traffic and comparatively little research characterizes security in UDP port scan activity. To meet the growing trend of attacks and other security challenges in the constantly evolving internet arena, this is paper presents a computationally intelligent intrusion detection mechanism using swarm intelligence paradigm, particularly ant colony optimisation, to analyze sample network traces in UDP port scans. This work aims at generating customised and efficient network intrusion detection systems using soft computing to increase general network security through specific network security.
Keywords: ant colony optimisation; computer network security; transport protocols; Internet traffic; TCP/IP protocol; ant colony optimization; computer network security; computer networks escalating complexity; denial of service; intelligent intrusion detection mechanism; intelligent perpetual echo attack detection; malicious exploitation probability; unauthorized access; user datagram protocol port 7; Computers; Internet; Intrusion detection; Ports (Computers); Protocols; Real-time systems; Ant Colony Optimisation (ACO);Intrusion Detection Systems (IDS); User Datagram Protocol (UDP);attacks; network security; perpetual echo; port scans (ID#: 15-4114)


Fonseca, J.; Vieira, M.; Madeira, H., "Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection," Dependable and Secure Computing, IEEE Transactions on, vol. 11, no. 5, pp.440, 453, Sept.-Oct. 2014. doi: 10.1109/TDSC.2013.45 In this paper we propose a methodology and a prototype tool to evaluate web application security mechanisms. The methodology is based on the idea that injecting realistic vulnerabilities in a web application and attacking them automatically can be used to support the assessment of existing security mechanisms and tools in custom setup scenarios. To provide true to life results, the proposed vulnerability and attack injection methodology relies on the study of a large number of vulnerabilities in real web applications. In addition to the generic methodology, the paper describes the implementation of the Vulnerability & Attack Injector Tool (VAIT) that allows the automation of the entire process. We used this tool to run a set of experiments that demonstrate the feasibility and the effectiveness of the proposed methodology. The experiments include the evaluation of coverage and false positives of an intrusion detection system for SQL Injection attacks and the assessment of the effectiveness of two top commercial web application vulnerability scanners. Results show that the injection of vulnerabilities and attacks is indeed an effective way to evaluate security mechanisms and to point out not only their weaknesses but also ways for their improvement.
Keywords: Internet; SQL; fault diagnosis; security of data; software fault tolerance; SQL Injection attacks; VAIT; Web application security mechanism evaluation; attack injection methodology; fault injection; intrusion detection system; vulnerability injection methodology; vulnerability-&-attack injector tool; Databases; Educational institutions; Input variables; Probes; Security; Software; TV; Security; fault injection; internet applications; review and evaluation (ID#: 15-4115)


Fonseca, J.; Seixas, N.; Vieira, M.; Madeira, H., "Analysis of Field Data on Web Security Vulnerabilities," Dependable and Secure Computing, IEEE Transactions on, vol. 11, no.2, pp. 89, 100, March-April 2014. doi: 10.1109/TDSC.2013.37 Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance to understand the typical software faults. This paper contributes to this body of knowledge by presenting a field study on two of the most widely spread and critical web application vulnerabilities: SQL Injection and XSS. It analyzes the source code of security patches of widely used Web applications written in weak and strong typed languages. Results show that only a small subset of software fault types, affecting a restricted collection of statements, is related to security. To understand how these vulnerabilities are really exploited by hackers, this paper also presents an analysis of the source code of the scripts used to attack them. The outcomes of this study can be used to train software developers and code inspectors in the detection of such faults and are also the foundation for the research of realistic vulnerability and attack injectors that can be used to assess security mechanisms, such as intrusion detection systems, vulnerability scanners, and static code analyzers.
Keywords: Internet; SQL; security of data; software fault tolerance; source code (software); SQL injection; Web application vulnerabilities; Web security vulnerabilities; XSS; attack injectors; code inspectors; field data analysis; intrusion detection systems; realistic vulnerability; security mechanisms; security patches; software faults; source code; static code analyzers; vulnerability scanners; Awards activities; Blogs; Internet; Java; Security; Software; Internet applications; Security; languages; review and evaluation (ID#: 15-4116)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.