Visible to the public Software Security, 2014 (ACM), Part 2

SoS Newsletter- Advanced Book Block

SoS Logo

Software Security, 2014 (ACM), Part 2


This set of bibliographical references about software security research papers is from conference publications posted in the ACM Digital Library. More than 2500 conference papers were presented on this topic in 2014. The set presented here represents those likely to be of most interest to the Science of Security community. They address issues related to measurement, scalability, reliability, and other hard problem issues.  IEEE papers will be presented in a separate series.


David Lazar, Haogang Chen, Xi Wang, Nickolai Zeldovich; Why Does Cryptographic Software Fail?: A Case Study and
Open Problems
; APSys '14 Proceedings of 5th Asia-Pacific Workshop on Systems, June 2014, Article No. 7. Doi: 10.1145/2637166.2637237 Abstract: Mistakes in cryptographic software implementations often undermine the strong security guarantees offered by cryptography. This paper presents a systematic study of cryptographic vulnerabilities in practice, an examination of state-of-the-art techniques to prevent such vulnerabilities, and a discussion of open problems and possible future research directions. Our study covers 269 cryptographic vulnerabilities reported in the CVE database from January 2011 to May 2014. The results show that just 17% of the bugs are in cryptographic libraries (which often have devastating consequences), and the remaining 83% are misuses of cryptographic libraries by individual applications. We observe that preventing bugs in different parts of a system requires different techniques, and that no effective techniques exist to deal with certain classes of mistakes, such as weak key generation.
Keywords:  (not provided) (ID#: 15-4613)


Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrcek, Matthew Smith; Hey, NSA: Stay Away from my Market! Future Proofing App Markets Against Powerful Attackers; CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014,  Pages 1143-1155. Doi: 10.1145/2660267.2660311 Abstract: Mobile devices are evolving as the dominant computing platform and consequently application repositories and app markets are becoming the prevalent paradigm for deploying software. Due to their central and trusted position in the software ecosystem, coerced, hacked or malicious app markets pose a serious threat to user security. Currently, there is little that hinders a nation state adversary (NSA) or other powerful attackers from using such central and trusted points of software distribution to deploy customized (malicious) versions of apps to specific users. Due to intransparencies in the current app installation paradigm, this kind of attack is extremely hard to detect. In this paper, we evaluate the risks and drawbacks of current app deployment in the face of powerful attackers. We assess the app signing practices of 97% of all free Google Play apps and find that the current practices make targeted attacks unnecessarily easy and almost impossible to detect for users and app developers alike. We show that high profile Android apps employ intransparent and unaccountable strategies when they publish apps to (multiple) alternative markets. We then present and evaluate Application Transparency (AT), a new framework that can defend against ``targeted-and-stealthy'' attacks, mount by malicious markets.  We deployed AT in the wild and conducted an extensive field study in which we analyzed app installations on 253,819 real world Android devices that participate in a popular anti-virus app's telemetry program. We find that AT can effectively protect users against malicious targeted attack apps and furthermore adds transparency and accountability to the current intransparent signing and packaging strategies employed by many app developers.
Keywords: android, apps, market, nsa, security, transparency (ID#: 15-4614)


Gábor Pék, Andrea Lanzi, Abhinav Srivastava, Davide Balzarotti, Aurélien Francillon, Christoph Neumann; On the Feasibility of Software Attacks on Commodity Virtual Machine Monitors via Direct Device Assignment;  ASIA CCS '14 Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, June 2014, Pages 305-316. Doi: 10.1145/2590296.2590299 Abstract: The security of virtual machine monitors (VMMs) is a challenging and active field of research. In particular, due to the increasing significance of hardware virtualization in cloud solutions, it is important to clearly understand existing and arising VMM-related threats. Unfortunately, there is still a lot of confusion around this topic as many attacks presented in the past have never been implemented in practice or tested in a realistic scenario. In this paper, we shed light on VM related threats and defences by implementing, testing, and categorizing a wide range of known and unknown attacks based on directly assigned devices. We executed these attacks on an exhaustive set of VMM configurations to determine their potential impact. Our experiments suggest that most of the previously known attacks are ineffective in current VMM setups.  We also developed an automatic tool, called PTFuzz, to discover hardware-level problems that affect current VMMs. By using PTFuzz, we found several cases of unexpected hardware behaviour, and a major vulnerability on Intel platforms that potentially impacts a large set of machines used in the wild. These vulnerabilities affect unprivileged virtual machines that use a directly assigned device (e.g., network card) and have all the existing hardware protection mechanisms enabled. Such vulnerabilities either allow an attacker to generate a host-side interrupt or hardware faults, violating expected isolation properties. These can cause host software (e.g., VMM) halt as well as they might open the door for practical VMM exploitations. We believe that our study can help cloud providers and researchers to better understand the limitations of their current architectures to provide secure hardware virtualization and prepare for future attacks. 
Keywords: DMA attack, I/O virtualization, MMIO, PIO, interrupt attack, passthrough, virtual machine monitor (ID#: 15-4615)


Marco Balduzzi, Alessandro Pasta, Kyle Wilhoit; A Security Evaluation of AIS Automated Identification System; ACSAC '14 Proceedings of the 30th Annual Computer Security Applications Conference, December 2014, Pages 436-445. Doi: 10.1145/2664243.2664257 Abstract: AIS, Automatic Identification System, is an application of cyber-physical systems (CPS) to smart transportation at sea. Being primarily used for collision avoidance and traffic monitoring by ship captains and maritime authorities, AIS is a mandatory installation for over 300,000 vessels worldwide since 2002. Other promoted benefits are accident investigation, aids to navigation and search and rescue (SAR) operations. In this paper, we present a unique security evaluation of AIS, by introducing threats affecting both the implementation in online providers and the protocol specification. Using a novel software-based AIS transmitter that we designed, we show that our findings affect all transponders deployed globally on vessels and other maritime stations like lighthouses, buoys, AIS gateways, vessel traffic services and aircraft involved in SAR operations. Our concerns have been acknowledged by online providers and international standards organizations, and we are currently and actively working together to improve the overall security.
Keywords:  (not provided) (ID#: 15-4616)


Arto Juhola, Titta Ahola, Kimmo Ahola; Adaptive Risk Management with Ontology Linked Evidential Statistics and SDN; ECSAW '14 Proceedings of the 2014 European Conference on Software Architecture Workshops, August 2014, Article No. 2. Doi: 10.1145/2642803.2642805 Abstract: New technologies have increased the dynamism of distributed systems; advances such as Software Defined Networking (SDN) and cloud computing enable unprecedented service flexibility and scalability. By their nature, they are in a constant state of flux, presenting tough challenges for system security. Here an adaptive -- in real time - risk management system capable of keeping abreast of these developments is considered. This paper presents an on-going work on combining a hierarchical threat ontology, real-time risk analysis, and SDN to an efficient whole. The main contribution of this paper is on finding the suitable architectures, components, necessary requirements, and favorable modifications on the systems and system modelling (including the models involving the security analysis) to reach this goal.  
Keywords: Adaptive security, Dempster-Schafer, Dezert-Smarandache, Neural Network inspired Fuzzy C-means, SDN, Threat ontology (ID#: 15-4617)


Abdullah Khalili, Ashkan Sami, Mahboobeh Ghiasi, Sara Moshtari, Zahra Salehi, Mahdi Azimi; Software Engineering Issues Regarding Securing ICS: An Industrial Case Study; MoSEMInA 2014 Proceedings of the 1st International Workshop on Modern Software Engineering Methods for Industrial Automation, May 2014, Pages 1-6. Doi: 10.1145/2593783.2593789 Abstract: Industrial Control Systems (ICS) are the vital part of modern critical infrastructures. Recent attacks to ICS indicate that these systems have various types of vulnerabilities. A large number of vulnerabilities are due to secure coding problem in industrial applications. Several international and national organizations like: NIST, DHS, and US-CERT have provided extensive documentation on securing ICS; however proper details on securing software application for industrial setting is not presented. The notable point that makes securing a difficult task is the contradictions between security priorities in ICS and IT systems. In addition, none of the guidelines highlights the implications on modification of general IT security solutions to industrial settings. Moreover based on the best of our knowledge, steps to develop a successful real-world secure industrial application have not been reported. In this paper, the first attempts to employ secure coding best practices into a real world industrial application (Supervisory Control and Data Acquisition) called OpenSCADA is presented. Experiments indicate that resolving the vulnerabilities of OpenSCADA in addition to improve its availability, does not jeopardize other dimensions of security
Keywords: Availability, Industrial Control System, Memory Leak, Secure coding, Time critical process (ID#: 15-4618)


Timothy Vidas, Nicolas Christin; Evading Android Runtime Analysis via Sandbox Detection; ASIA CCS '14 Proceedings of the 9th ACM Symposium On Information, Computer And Communications Security, June 2014, Pages 447-458. Doi: 10.1145/2590296.2590325 Abstract: The large amounts of malware, and its diversity, have made it necessary for the security community to use automated dynamic analysis systems. These systems often rely on virtualization or emulation, and have recently started to be available to process mobile malware. Conversely, malware authors seek to detect such systems and evade analysis. In this paper, we present techniques for detecting Android runtime analysis systems. Our techniques are classified into four broad classes showing the ability to detect systems based on differences in behavior, performance, hardware and software components, and those resulting from analysis system design choices. We also evaluate our techniques against current publicly accessible systems, all of which are easily identified and can therefore be hindered by a motivated adversary. Our results show some fundamental limitations in the viability of dynamic mobile malware analysis platforms purely based on virtualization. 
Keywords: android, evasion, malware, sandbox (ID#: 15-4619)


Jeff Wilson, Judith M. Brown, Robert Biddle; ACH Walkthrough: A Distributed Multi-Device Tool for Collaborative Security Analysis; SIW '14 Proceedings of the 2014 ACM Workshop on Security Information Workers, November 2014, Pages 9-16. Doi: 10.1145/2663887.2663902  Abstract: This paper presents ACH Walkthrough, a prototype software client server application to demonstrate the potential benefits of surface technologies in collaborative security intelligence analysis. The basis is the ACH (Analysis of Competing Hypotheses) technique, which requests factors relating to evidence and hypotheses, and builds a model that reduces cognitive bias, thereby helping decision-making. Our application supports development of this model using visualization techniques that allow collaboration and reflection. The technology we use is surface computing, where analysts work around a large multi-touch display, but also multi-device technology, where the model is consistent across various large and small displays. The software runs in standard web-browsers, leveraging HTML5 and JavaScript libraries on both client and server. This allows deployment without installation, and thus security and flexibility.
Keywords: security intelligence analysis, surface computing, visual analytics (ID#: 15-4620)


Hassan Eldib, Chao Wang, Mostafa Taha, Patrick Schaumont; QMS: Evaluating the Side-Channel Resistance of Masked Software from Source Code;  DAC '14 Proceedings of the 51st Annual Design Automation Conference, June 2014, Article 209, pages 1-6. Doi: 10.1145/2593069.2593193 Abstract: Many commercial systems in the embedded space have shown weakness against power analysis based side-channel attacks in recent years. Designing countermeasures to defend against such attacks is both labor intensive and error prone. Furthermore, there is a lack of formal methods for quantifying the actual strength of a countermeasure implementation. Security design errors may therefore go undetected until the side-channel leakage is physically measured and evaluated. We show a better solution based on static analysis of C source code. We introduce the new notion of Quantitative Masking Strength (QMS) to estimate the amount of information leakage from software through side channels. The QMS can be automatically computed from the source code of a countermeasure implementation. Our experiments, based on side-channel measurement on real devices, show that the QMS accurately quantifies the side-channel resistance of the software implementation.
Keywords: SMT solver, Side channel attack, countermeasure, differential power analysis, quantitative masking strength (ID#: 15-4621)


Lee W. Lerner, Zane R. Franklin, William T. Baumann, Cameron D. Patterson; Using High-Level Synthesis and Formal Analysis to Predict and Preempt Attacks on Industrial Control Systems; FPGA '14 Proceedings of the 2014 ACM/SIGDA International Symposium On Field-Programmable Gate Arrays, February 2014, Pages 209-212. Doi: 10.1145/2554688.2554759 Abstract: Industrial control systems (ICSes) have the conflicting requirements of security and network access. In the event of large-scale hostilities, factories and infrastructure would more likely be targeted by computer viruses than the bomber squadrons used in WWII. ICS zero-day exploits are now a commodity sold on brokerages to interested parties including nations. We mitigate these threats not by bolstering perimeter security, but rather by assuming that potentially all layers of ICS software have already been compromised and are capable of launching a latent attack while reporting normal system status to human operators. In our approach, application-specific configurable hardware is the final authority for scrutinizing controller commands and process sensors, and can monitor and override operations at the lowest (I/O pin) level of a configurable system-on-chip platform. The process specifications, stability-preserving backup controller, and switchover logic are specified and formally verified as C code, and synthesized into hardware to resist software reconfiguration attacks. To provide greater assurance that the backup controller can be invoked before the physical process becomes unstable, copies of the production controller task and plant model are accelerated to preview the controller's behavior in the near future.
Keywords: formal analysis, high-level synthesis, industrial control systems, reconfigurable platform, security (ID#: 15-4622)


Sandra R. Murillo, J. Alfredo Sánchez; Empowering Interfaces for System Administrators: Keeping the Command Line in Mind when Designing GUIs; Interacción '14 Proceedings of the XV International Conference on Human Computer Interaction, September 2014, Article No. 47. Doi: 10.1145/2662253.2662300 Abstract: In terms of usability, network management software based on command line interfaces (CLI) is efficient but error prone. With GUIs, a new generation of security tools emerged and were adopted by young system administrators. Though usability has improved, it has been argued that CLI-based software tends to support better user performance. Incorporating CLI advantages into graphical versions (or vice versa) remains a challenge. This paper presents a quantitative study regarding system administrators' practices and preferences regarding GUIs and CLIs and reports on initial results of a usability evaluation performed on proposed interfaces that are informed by our study. Personalization features are particularly appreciated by network administrators, which suggests possible strategies for graphical interface designs that improve user experience while maintaining the positive aspects of CLI-based software.
Keywords: GUIs, Human factors, Security, Usability, command line interfaces (ID#: 15-4623)


Wolfgang Raschke, Massimiliano Zilli, Johannes Loinig, Reinhold Weiss, Christian Steger, Christian Kreiner; Embedding Research in the Industrial Field: A Case of a Transition to a Software Product Line; WISE '14 Proceedings of the 2014 International Workshop on Long-Term Industrial Collaboration on Software Engineering, September 2014, Pages 3-8. Doi: 10.1145/2647648.2647649 Abstract: Java Cards [4, 5] are small resource-constrained embedded systems that have to fulfill rigorous security requirements. Multiple application scenarios demand diverse product performance profiles which are targeted towards markets such as banking applications and mobile applications. In order to tailor the products to the customer's needs we implemented a Software Product Line (SPL). This paper reports on the industrial case of an adoption to a SPL during the development of a highly-secure software system. In order to provide a scientific method which allows the description of research in the field, we apply Action Research (AR). The rationale of AR is to foster the transition of knowledge from a mature research field to practical problems encountered in the daily routine. Thus, AR is capable of providing insights which might be overlooked in a traditional research approach. In this paper we follow the iterative AR process, and report on the successful transfer of knowledge from a research project to a real industrial application.
Keywords: action research, knowledge transfer, software reuse (ID#: 15-4624)


Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, Ziming Zhao; FLOWGUARD: Building Robust Firewalls for Software-Defined Networks; HotSDN '14 Proceedings of the Third Workshop On Hot Topics In Software Defined Networking, August 2014, Pages 97-102. Doi: 10.1145/2620728.2620749 Abstract: Software-Defined Networking (SDN) introduces significant granularity, visibility and flexibility to networking, but at the same time brings forth new security challenges. One of the fundamental challenges is to build robust firewalls for protecting OpenFlow-based networks where network states and traffic are frequently changed. To address this challenge, we introduce FlowGuard, a comprehensive framework, to facilitate not only accurate detection but also effective resolution of firewall policy violations in dynamic OpenFlow-based networks. FlowGuard checks network flow path spaces to detect firewall policy violations when network states are updated. In addition, FlowGuard conducts automatic and real-time violation resolutions with the help of several innovative resolution strategies designed for diverse network update situations. We also implement our framework and demonstrate the efficacy and efficiency of the proposed detection and resolution approaches in FlowGuard through experiments with a real-world network topology.
Keywords: firewalls, openflow, security, software-defined networking (ID#: 15-4625)


Yu Liang, Zhiqiao Li, Xiang Cui; POSTER: Study of Software Plugin-based Malware; CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 1463-1465. Doi: 10.1145/2660267.2662381 Abstract: Security issues of software plugins are seldom studied in existing researches. The plugin mechanism provides a convenient way to extend an application's functionality. However, it may also introduce susceptibility to new security issues. For example, attackers can create a malicious plugin to accomplish intended goals stealthily. In this poster, we propose a Software Plugin-based Malware (SPM) model and implement SPM prototypes for Microsoft Office, Adobe Reader and mainstream browsers, with the aim to study the development feasibility of such malware and illustrate their potential threats.
Keywords: SPM, malware, software plugin (ID#: 15-4626)


Stefano Bianchi Mazzone, Mattia Pagnozzi, Aristide Fattori, Alessandro Reina, Andrea Lanzi, Danilo Bruschi; Improving Mac OS X Security Through Gray Box Fuzzing Technique; EuroSec '14 Proceedings of the Seventh European Workshop on System Security, April 2014, Article No. 2. Doi: 10.1145/2592791.2592793 Abstract: The kernel is the core of any operating system, and its security is of vital importance. A vulnerability, in any of its parts, compromises the whole system security model. Unprivileged users that find such vulnerabilities can easily crash the attacked system, or obtain administration privileges. In this paper we propose LynxFuzzer, a framework to test kernel extensions, i.e., the dynamically loadable components of Mac OS X kernel. To overcome the challenges posed by interacting with kernel-level software, LynxFuzzer includes a bare-metal hardware-assisted hypervisor, that allows to seamlessly inspect the state of a running kernel and its components. We implemented and evaluated LynxFuzzer on Mac OS X Mountain Lion and we obtained unexpected results: we indivuated 6 bugs in 17 kernel extensions we tested, thus proving the usefulness and effectiveness of our framework.
Keywords: (not provided) (ID#: 15-4627)


Ahmad-Reza Sadeghi, Lucas Davi; Beasty Memories: The Quest for Practical Defense Against Code Reuse Attacks; TrustED '14 Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, November 2014, Pages 23-23. Doi: 10.1145/2666141.2668386  Abstract: Code reuse attacks such as return-oriented programming (ROP) are predominant attack techniques that are extensively used to exploit vulnerabilities in modern software programs. ROP maliciously combines short instruction sequences (gadgets) residing in shared libraries and the application's executable to bypass data execution prevention (DEP) and launch targeted exploits. ROP attacks apply to many processor architectures from Intel x86 [1] to tiny embedded systems [2]. As a consequence, a variety of defenses have been proposed over the last few years - most prominently code randomization (ASLR) and control-flow integrity (CFI). Particularly, constructing practical CFI schemes has become a hot topic of research recently. In this talk, we present the evolution of return-oriented programming (ROP) attacks and defenses. We first give an overview of ROP attacks and techniques. Second, we investigate the security of software diversity based approaches such as finegrained code randomization [3]. Third, we dive deeper and focus on control-flow integrity (CFI) and show how to bypass all recent (coarse-grained) CFI solutions, including Microsoft's defense tool EMET [4]. Finally, we discuss new research directions to mitigate code reuse attacks, including our current work on hardware-assisted fine-grained control-flow integrity [5]. Part of this research [3-5] was conducted in collaboration with A. Dmitrienko, D. Lehmann, C. Liebchen, P. Koeberl, F. Monrose, and K. Z. Snow
Keywords: aslr, control-flow integrity, embedded systems security, return-oriented programming, runtime attacks, software/hardware co-design (ID#: 15-4628)


Giovanni Toso, Daniele Munaretto, Mauro Conti, Michele Zorzi; Attack Resilient Underwater Networks Through Software Defined Networking; WUWNET '14 Proceedings of the International Conference on Underwater Networks & Systems, November 2014, Article No. 44. Doi: 10.1145/2671490.2674589 Abstract: In this paper we discuss how security of Underwater Acoustic Networks (UANs) could be improved by leveraging the concept of Software Defined Networking (SDN). In particular, we consider a set of realistic network deployment scenarios and security threats. We propose possible approaches towards security countermeasures that employ the SDN paradigm, and that could significantly mitigate the impact of attacks. Furthermore, we discuss those approaches with respect to deployment issues such as routing configuration, nodes trajectory optimization, and management of the node buffers. We believe that the proposed approaches could pave the way to further research in the design of UANs that are more resilient to both attacks and failures.
Keywords: Software Defined Networking, Underwater Acoustic Networks (ID#: 15-4629)


Lisa J. K. Durbeck, Peter M. Athanas, Nicholas J. Macias; Secure-by-Construction Composable Componentry for Network Processing; HotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, April 2014, Article No. 27. Doi: 10.1145/2600176.2600203 Abstract: Techniques commonly used for analyzing streaming video, audio, SIGINT, and network transmissions, at less-than-streaming rates, such as data decimation and ad-hoc sampling, can miss underlying structure, trends and specific events held in the data [3]. This work presents a secure-by-construction approach [7] for the upper-end data streams with rates from 10- to 100 Gigabits per second. The secure-by-construction approach strives to produce system security through the composition of individually secure hardware and software components. The proposed network processor can be used not only at data centers but also within networks and onboard embedded systems at the network periphery for a wide range of tasks, including preprocessing and data cleansing, signal encoding and compression, complex event processing, flow analysis, and other tasks related to collecting and analyzing streaming data. Our design employs a four-layer scalable hardware/software stack that can lead to inherently secure, easily constructed specialized high-speed stream processing.  This work addresses the following contemporary problems: (1) There is a lack of hardware/software systems providing stream processing and data stream analysis operating at the target data rates; for high-rate streams the implementation options are limited: all-software solutions can't attain the target rates [1]. GPUs and GPGPUs are also infeasible: they were not designed for I/O at 10-100 Gbps; they also have asymmetric resources for input and output and thus cannot be pipelined [4, 2], whereas custom chip-based solutions are costly and inflexible to changes, and FPGA-based solutions are historically hard to program[6];  (2) There is a distinct advantage to utilizing high-bandwidth or line-speed analytics to reduce time-to-discovery of information, particularly ones that can be pipelined together to conduct a series of processing tasks or data tests without impeding data rates; (3) There is potentially significant network infrastructure cost savings possible from compact and power-efficient analytic support deployed at the network periphery on the data source or one hop away; (4) There is a need for agile deployment in response to changing objectives; (5) There is an opportunity to constrain designs to use only secure components to achieve their specific objectives. We address these five problems in our stream processor design to provide secure, easily specified processing for low-latency, low-power 10-100 Gbps in-line processing on top of a commodity high-end FPGA-based hardware accelerator network processor. With a standard interface a user can snap together various filter blocks, like Legos™, to form a custom processing chain. The overall design is a four-layer solution in which the structurally lowest layer provides the vast computational power to process line-speed streaming packets, and the uppermost layer provides the agility to easily shape the system to the properties of a given application. Current work has focused on design of the two lowest layers, highlighted in the design detail in Figure 1. The two layers shown in Figure 1 are the embeddable portion of the design; these layers, operating at up to 100 Gbps, capture both the low- and high frequency components of a signal or stream, analyze them directly, and pass the lower frequency components, residues to the all-software upper layers, Layers 3 and 4; they also optionally supply the data-reduced output up to Layers 3 and 4 for additional processing.  Layer 1 is analogous to a systolic array of processors on which simple low-level functions or actions are chained in series[5]. Examples of tasks accomplished at the lowest layer are: (a) check to see if Field 3 of the packet is greater than 5, or (b) count the number of X.75 packets, or (c) select individual fields from data packets. Layer 1 provides the lowest latency, highest throughput processing, analysis and data reduction, formulating raw facts from the stream; Layer 2, also accelerated in hardware and running at full network line rate, combines selected facts from Layer 1, forming a first level of information kernels. Layer 2 is comprised of a number of combiners intended to integrate facts extracted from Layer 1 for presentation to Layer 3. Still resident in FPGA hardware and hardware-accelerated, a Layer 2 combiner is comprised of state logic and soft-core microprocessors. Layer 3 runs in software on a host machine, and is essentially the bridge to the embeddable hardware; this layer exposes an API for the consumption of information kernels to create events and manage state. The generated events and state are also made available to an additional software Layer 4, supplying an interface to traditional software-based systems. As shown in the design detail, network data transitions systolically through Layer 1, through a series of light-weight processing filters that extract and/or modify packet contents. All filters have a similar interface: streams enter from the left, exit the right, and relevant facts are passed upward to Layer 2. The output of the end of the chain in Layer 1 shown in the Figure 1 can be (a) left unconnected (for purely monitoring activities), (b) redirected into the network (for bent pipe operations), or (c) passed to another identical processor, for extended processing on a given stream (scalability).
Keywords: 100 Gbps, embedded hardware, hardware-software co-design, line-speed processor, network processor, secure-by-construction, stream processing (ID#: 15-4630)


Komminist Weldemariam, Hossain Shahriar, VamsheeKrishna Devendran; Dynamic Analysis of Web Objects; SIN '14 Proceedings of the 7th International Conference on Security of Information and Networks, September 2014, Pages 423. Doi: 10.1145/2659651.2659671 Abstract: Various reports show that web browsers are known for being insecure, with growing amount of flaws that make them vulnerable to various attacks. Such attacks can be used to execute arbitrary procedures on the victims' computer and silently install malicious software, turning them into bots. In addition, browsers are complex and typically incorporate third-party libraries installed on-demand. This makes it very difficult for security experts to analyze the causes of such flaws or devise countermeasures. In this paper, we present an approach to detect and prevent attacks against a browser by intercepting the interactions between its core libraries and the underlying operating system. We then build mathematical models that capture the behavior of the browser during the rendering of web objects. Finally, we show that such models can be leveraged to automatically classify web objects as malicious or benign using real-world malicious websites.  
Keywords: Analysis, Browser, Detection, HMM, Malicious Webpages (ID#: 15-4631)


SungGyeong Bae, Hyunghun Cho, Inho Lim, Sukyoung Ryu; SAFEWAPI: Web API Misuse Detector for Web Applications; FSE 2014 Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, November 2014, Pages 507-517. Doi: 10.1145/2635868.2635916 Abstract: The evolution of Web 2.0 technologies makes web applications prevalent in various platforms including mobile devices and smart TVs. While one of the driving technologies of web applications is JavaScript, the extremely dynamic features of JavaScript make it very difficult to define and detect errors in JavaScript applications. The problem becomes more important and complicated for JavaScript web applications which may lead to severe security vulnerabilities. To help developers write safe JavaScript web applications using vendor-specific Web APIs, vendors specify their APIs often in Web IDL, which enables both API writers and users to communicate better by understanding the expected behaviors of the Web APIs. In this paper, we present SAFEWAPI, a tool to analyze Web APIs and JavaScript web applications that use the Web APIs and to detect possible misuses of Web APIs by the web applications. Even though the JavaScript language semantics allows to call a function defined with some parameters without any arguments, platform developers may require application writers to provide the exact number of arguments. Because the library functions in Web APIs expose their intended semantics clearly to web application developers unlike pure JavaScript functions, we can detect wrong uses of Web APIs precisely. For representative misuses of Web APIs defined by software quality assurance engineers, our SAFEWAPI detects such misuses in real-world JavaScript web applications.
Keywords: JavaScript, bug detection, static analysis, web application (ID#: 15-4632)


Bernhard Grill, Christian Platzer, Jürgen Eckel; A Practical Approach for Generic Bootkit Detection and Prevention; EuroSec '14 Proceedings of the Seventh European Workshop on System Security, April 2014, Article No. 4. Doi: 10.1145/2592791.2592795 Abstract: Bootkits are still the most powerful tool for attackers to stealthily infiltrate computer systems. In this paper we present a novel approach to detect and prevent bootkit attacks during the infection phase. Our approach relies on emulation and monitoring of the system's boot process. We present results of a preliminary evaluation on our approach using a Windows system and the leaked Carberp bootkit.
Keywords: bootkit detection and prevention, dynamic malware analysis, x86 emulation (ID#: 15-4633)


Amiangshu Bosu, Jeffrey C. Carver, Munawar Hafiz, Patrick Hilley, Derek Janni; Identifying the Characteristics of Vulnerable Code Changes: An Empirical Study; FSE 2014 Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, November 2014, Pages 257-268. Doi: 10.1145/2635868.2635880 Abstract: To focus the efforts of security experts, the goals of this empirical study are to analyze which security vulnerabilities can be discovered by code review, identify characteristics of vulnerable code changes, and identify characteristics of developers likely to introduce vulnerabilities. Using a three-stage manual and automated process, we analyzed 267,046 code review requests from 10 open source projects and identified 413 Vulnerable Code Changes (VCC). Some key results include: (1) code review can identify common types of vulnerabilities; (2) while more experienced contributors authored the majority of the VCCs, the less experienced contributors' changes were 1.8 to 24 times more likely to be vulnerable; (3) the likelihood of a vulnerability increases with the number of lines changed, and (4) modified files are more likely to contain vulnerabilities than new files. Knowing which code changes are more prone to contain vulnerabilities may allow a security expert to concentrate on a smaller subset of submitted code changes. Moreover, we recommend that projects should: (a) create or adapt secure coding guidelines, (b) create a dedicated security review team, (c) ensure detailed comments during review to help knowledge dissemination, and (d) encourage developers to make small, incremental changes rather than large changes.
Keywords: code review, inspection, open source, security defects, vulnerability (ID#: 15-4634)


Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk, Douglas Stebila; Multi-Ciphersuite Security of the Secure Shell (SSH) Protocol; CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 369-381. Doi: 10.1145/2660267.2660286 Abstract: The Secure Shell (SSH) protocol is widely used to provide secure remote access to servers, making it among the most important security protocols on the Internet. We show that the signed-Diffie--Hellman SSH ciphersuites of the SSH protocol are secure: each is a secure authenticated and confidential channel establishment (ACCE) protocol, the same security definition now used to describe the security of Transport Layer Security (TLS) ciphersuites. While the ACCE definition suffices to describe the security of individual ciphersuites, it does not cover the case where parties use the same long-term key with many different ciphersuites: it is common in practice for the server to use the same signing key with both finite field and elliptic curve Diffie--Hellman, for example. While TLS is vulnerable to attack in this case, we show that SSH is secure even when the same signing key is used across multiple ciphersuites. We introduce a new generic multi-ciphersuite composition framework to achieve this result in a black-box way. 
Keywords: authenticated and confidential channel establishment, cross-protocol security, key agility, multi-ciphersuite, secure shell (SSH) (ID#: 15-4635)


Bob Duncan, Mark Whittington; Compliance with Standards, Assurance and Audit: Does this Equal Security?;  SIN '14 Proceedings of the 7th International Conference on Security of Information and Networks, September 2014, Pages 77ff. Doi: 10.1145/2659651.2659711  Abstract: Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assurance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly managed by recognising the implications of the self-interest of each party involved. We show how tensions between these parties can lead to a misalignment of the goals of security and what needs to be done to ensure this does not happen.
Keywords: Standards, assurance, audit, checklists, compliance, security (ID#: 15-4636)


Shweta Subramani, Mladen Vouk, Laurie Williams; An Analysis of Fedora Security Profile; HotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, April 2014, Article No. 35. Doi: 10.1145/2600176.2600211  Abstract: This paper examines security faults/vulnerabilities reported for Fedora. Results indicate that, at least in some situations, fault roughly constant may be used to guide estimation of residual vulnerabilities in an already released product, as well as possibly guide testing of the next version of the product.
Keywords: Fedora, detection, non-operational testing, prediction, security faults, vulnerabilities (ID#: 15-4637)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.