Security analysis of bytecode interpreters using Alloy

Reynolds, Mark Clifford

January 2012

Thesis (Ph.D.)--Boston University / Security of programming languages, particularly programming languages used for network applications, is a major issue at this time. Despite the best efforts of language designers and implementers, serious security vulnerabilities continue to be discovered at an alarming rate. Thus, development of analysis tools that can be used to uncover insecure or malicious code is an important area of research. This thesis focuses on the use of the lightweight formal method tool Alloy to perform static analysis on binary code, Byte-compiled languages that run on virtual machines are of particular interest because of their relatively small instruction sets, and also because they are well represented on the Internet. This thesis describes a static analysis methodology in which desired security properties of a language are expressed as constraints in Alloy, while the actual bytes being analyzed are expressed as Alloy model initializers. The combination of these two components yields a complete Alloy model in which any model counterexample represents a constraint violation, and hence a security vulnerability. The general method of expressing security requirements as constraints is studied, and results are presented for Java bytecodes running on the Java Virtual Machine, as well as for Adobe Flash SWF files containing ActionScript bytecodes running on the Action Script Virtual Machine. It is demonstrated that many examples of malware are detected by this technique. In addition, analysis of benign software is shown to not produce any counterexamples. This represents a significant departure from standard methods based on signatures or anomaly detection.

Programming languages

Security analysis

Digital security

Warum wir ein Security-Engineering-Informationsmodell brauchen: Motivation, Anwendungsfälle und Konzept für ein neues Domänenmodell für Security-Engineering

Taştan, Emre, Fluchs, Sarah, Drath, Rainer

27 January 2022

Security ist eine der größten Herausforderungen bei der industriellen Digitalisierung und der Einführung von Internettechnologien. Während die funktionale Sicherheit tief in die Entwicklung von Produkten oder Prozessen integriert ist, ist dies bei der Security nicht der Fall. Security-Engineering muss sich also – analog zur funktionalen Sicherheit – in den bestehenden und sich gerade stark verändernden Automation-Engineering-Prozess eingliedern, vor allem muss es aber für Automatisierungsingenieure effizient durchführbar sein. Dieser Beitrag begründet den Bedarf an einem Security-Engineering-Modell und berichtet über die laufenden Arbeiten zu den Anwendungsfällen und einem Modellierungsansatz mit AutomationML.

Automated Vulnerability Assessment of Mobile Device Vulnerabilities

Shambra, Stephen M

06 May 2017

Mobile device security presents a unique challenge in the realm of cyber security, one which is difficult to assess and ultimately defend. Mobile devices, like other computing devices, should possess a secure environment by which a mobile user may operate safely and securely. However, insecure coding when developing applications, incomplete assessment tools to determine platform/application security, and security shortcomings in the Android platform and mobile communications standards result in an insecure environment. This thesis presents an analysis of aspects of a Mobile Station to identify components that contribute to the attack surface. An investigation is conducted to highlight vulnerabilities at the Application, Communications, and Resource Layers. The thesis also identifies current efforts to assess and identify mobile vulnerabilities and weaknesses in application and system settings. Finally, an automated vulnerability assessment solution is developed and introduced in this thesis that can aid in combating potential threats to mobile security.

Vulnerability Assessment

Mobile Security

Cyber Security

An open virtual testbed for industrial control system security research

Reaves, Bradley Galloway

06 August 2011

ICS security has been a topic of scrutiny and research for several years, and many security issues are well known. However, research efforts are impeded by a lack of an open virtual industrial control system testbed for security research. This thesis describes a virtual testbed framework using Python to create discrete testbed components (including virtual devices and process simulators). This testbed is designed such that the testbeds are interoperable with real ICS devices and that the virtual testbeds can provide comparable ICS network behavior to a laboratory testbed. Two testbeds based on laboratory testbeds have been developed and have been shown to be interoperable with real industrial control systemequipment and vulnerable to attacks in the samemanner as a real system. Additionally, these testbeds have been quantitatively shown to produce traffic close to laboratory systems (within 90% similarity on most metrics).

Testbed

SCADA Security

Industrial Control System Security

How is it possible to calculate IT security effectiveness?

Kivimaa, Kristjan

January 2022

In IT Security world, there is lack of available, reliable systems for measuring securitylevels/posture. They lack the range of quantitative measurements and easy and fast deployment,and potentially affects companies of all sizes.Readily available security standards provide qualitative security levels, but not quantitative results– that would be easily comparable. This deficiency makes it hard for companies to evaluate theirsecurity posture accurately. Absence of security metrics makes it complicated for customers toselect the appropriate measures for particular security level needed.The research question for this research project is – “How is it possible to calculate IT securityeffectiveness?”.The aim of this research is to use this reference model to calculate and to optimize majoruniversity’s and a small CSP-s (Cloud Service Provider) security posture and their spending’s onsecurity measures. Aim is to develop a reference model to support IT Security team and businessside to make reasoned and optimal decisions about IT security and all that with a reasonablenumber of manhours.In this Graded Security Expert System (GSES) aka Graded Security Reference Model (GSRM) thequantitative metrics of the graded security approach are used to express the relations betweensecurity goals, security confidence and security costs.What makes this model unique, is the option to use previous customers security templates/models– cutting the implementation time from 500+ manhours to as low as 50 manhours. The firstcustomers 500+ manhours will also be cut down to 50+ manhours on the second yearimplementing the expert system.The Graded Security Reference Model (GSRM) was developed using a combination oftheoretical method and design science research. The model is based on InfoSec (info security)activities and InfoSec spendings from previous year – cost and effectiveness – gathered fromexpert opinionsBy implementing GSRM, user can gather quantitative security levels as no other model, or astandard provides those.GSRM delivers very detailed and accurate (according to university’s IT Security Team)effectiveness levels per spendings brackets.GSRM was created as a graded security reference model on CoCoViLa platform, which is unique asit provides quantitative results corresponding to company’s security posture.Freely available models and standards either provide vague quantitative security postureinformation or are extremely complicated to use – BIS/ISKE (not supported any more).This Graded Security Reference Model has turned theories presented in literature review into afunctional, graphical model.The GSRM was used with detailed data from the 15+k users university and their IT security team(all members have 10+ years of IT security experience) concluded that the model is reasonablysimple to implement/modify, and results are precise and easily understandable. It was alsoobserved that the business side had no problems understanding the results and very fewexplanatory remarks were needed.

Security effectiveness

IT security

Computer Systems

Datorsystem

European Security Development: From Maastricht to Bosnia

Thompson, Beth A.

11 September 2012

No description available.

International Relations

European security

security cooperation

CFSP

PRIMA - Privilege Management and Authorization in Grid Computing Environments

Lorch, Markus

28 April 2004

Computational grids and other heterogeneous, large-scale distributed systems require more powerful and more flexible authorization mechanisms to realize fine-grained access-control of resources. Computational grids are increasingly used for collaborative problem-solving and advanced science and engineering applications. Usage scenarios for advanced grids require support for small, dynamic working groups, direct delegation of access privileges among users, procedures for establishing trust relationships without requiring organizational level agreements, precise management by individuals of their privileges, and retention of authority by resource providers. Existing systems fail to provide the necessary flexibility and granularity to support these scenarios. The reasons include the overhead imposed by required administrator intervention, coarse granularity that only allows for all-or-nothing access control decisions, and the inability to implement finer-grained access control without requiring trusted application code. PRIMA, the model and system developed in this research, focuses on management and enforcement of fine-grained privileges. The PRIMA model introduces novel approaches that can be used in place of, or in combination with existing access control mechanisms. PRIMA enables the users of a system to manage access to their own assets directly without the need for, and costs of intervention by technical personnel. System administrators benefit from more flexible and fine-grained definition of access privileges and policies. A novel access control decision and enforcement model with support for legacy applications has been developed. The model uses on-demand account leasing and implements expressive enforcement mechanisms built on existing low-overhead security primitives of the operating systems. The combination of the PRIMA components constitutes a comprehensive security model that facilitates highly dynamic authorization scenarios and increases security through least privilege access to resources. In summary, PRIMA mechanisms enable the use of fine-grained access rights, reduce administrative costs to resource providers, enable ad-hoc and dynamic collaboration scenarios, and provide improved security service to long-lived grid communities. / Ph. D.

Distributed Systems

Grid Security

Computer Security

Improving Water Security with Innovation and Transition in Water Infrastructure: From Emergence to Stabilization of Rainwater Harvesting in the U.S.

Reams, Gary A.

12 November 2021

Globally, two-thirds of the population face significant water shortages and eighty percent of the U.S. states' water managers predict water shortages in the near future. Additionally, the current centralized system in the United States is facing significant problems of scarcity, groundwater depletion, high energy consumption and needs a trillion dollars investment in repairs, replacement, and expansion. Furthermore, due to increased urban/suburban development, runoff (stormwater) pollutes our waterways and is causing increased flooding. The status quo is unsustainable in its present form and the water security of the nation is at risk. Fortunately, in recent decades there has been a resurgence in the use of a millenniums old approach, rainwater harvesting (RWH), that if deployed broadly, will mitigate those issues created by the current centralized municipal water system and the expanding development of our cities, suburbs, and towns reducing permeable surface area and lower water security vulnerabilities. This study enlists Multi-Level Perspective (MLP) to examine the transitioning that is occurring from the current centralized municipal water system to one in which it is significantly complemented by an alternative water source, RWH. MLP posits that pressures originating in the broader landscape exerts pressures on the existing regime, as well as the community as a whole, creating an opportunity for the niche to emerge and either replace or change the regime. In the case of RWH, the myriad of pressures are only partially placed on the current centralized water supply regime providing them less pressure to change. Alongside water shortages another significant pressure being placed on the public and governing authorities is increased flooding and pollution resulting in the RWH niche emerging in the construction industry. In response to these pressures a RWH niche formed, largely outside of the existing water supply regime, and grew until it was joined by actors within the regime (e.g., plumbers, plumbing engineers, standards development organizations). This research is framed using MLP's three phases Start-up (niche), Acceleration, and Stabilization. This dissertation does three things. First it shows the internal processes occurring between the MLP levels (landscape, sociotechnical regime, and niche) and mechanisms created that foster the broader adoption of RWH. Secondly, it reveals that while the incumbent regime is not being significantly influenced by the RWH niche, the construction industry is embracing RWH (especially the commercial sector) and following the MLP pathway of Reconfiguration. Third, it looks at RWH in a phase of stabilization. / Doctor of Philosophy / Today the world, as well as the United States, faces significant water problems. These problems include scarcity, groundwater depletion, high energy consumption, and is in need of a trillion dollars to repair or replace US water infrastructure. Additionally, due to urban sprawl and diminishment of permeable surfaces, runoff is a problem causing flooding and pollution. One mitigation is the use of a millennium old technology, rainwater harvesting (RWH). This research uses Multi-Level Perspective (MLP) framework to examine the transition occurring today in the construction industry to build sustainable RWH into new construction, especially commercial buildings. This research examines the dynamic processes and the mechanisms used to grow the RWH niche and then accelerate its adoption. Those mechanisms include building demonstration projects, manuals, standards, and incentive programs. This research also looks at RWH in the U.S. Virgin Islands where RWH has been mandated since 1964. The practical value of this research is to provide policy makers insight into the useful mechanisms aiding a transition to sustainable infrastructure. The theoretical value is that it reveals a transition occurring outside of the dominate regime, the centralized water suppliers, in the construction industry. Additionally, it shows that the creation of RWH standards and the administration of building code has created a new form of water governance.

rainwater harvesting

Sustainability

water security

national security

Nuclear weapons in global security

Christoph, Bluth,

03 December 2020

no / Published 2017, © 2018.

Nuclear weapons

Global security

International security

Learning-based Cyber Security Analysis and Binary Customization for Security

Tian, Ke

13 September 2018

This thesis presents machine-learning based malware detection and post-detection rewriting techniques for mobile and web security problems. In mobile malware detection, we focus on detecting repackaged mobile malware. We design and demonstrate an Android repackaged malware detection technique based on code heterogeneity analysis. In post-detection rewriting, we aim at enhancing app security with bytecode rewriting. We describe how flow- and sink-based risk prioritization improves the rewriting scalability. We build an interface prototype with natural language processing, in order to customize apps according to natural language inputs. In web malware detection for Iframe injection, we present a tag-level detection system that aims to detect the injection of malicious Iframes for both online and offline cases. Our system detects malicious iframe by combining selective multi-execution and machine learning algorithms. We design multiple contextual features, considering Iframe style, destination and context properties. / Ph. D. / Our computing systems are vulnerable to different kinds of attacks. Cyber security analysis has been a problem ever since the appearance of telecommunication and electronic computers. In the recent years, researchers have developed various tools to protect the confidentiality, integrity, and availability of data and programs. However, new challenges are emerging as for the mobile security and web security. Mobile malware is on the rise and threatens both data and system integrity in Android. Furthermore, web-based iframe attack is also extensively used by web hackers to distribute malicious content after compromising vulnerable sites. This thesis presents on malware detection and post-detection rewriting for both mobile and web security. In mobile malware detection, we focus on detecting repackaged mobile malware. We propose a new Android repackaged malware detection technique based on code heterogeneity analysis. In post-detection rewriting, we aim at enhancing app security with bytecode rewriting. Our rewriting is based on the flow and sink risk prioritization. To increase the feasibility of rewriting, our work showcases a new application of app customization with a more friendly user interface. In web malware detection for Iframe injection, we developed a tag-level detection system which aims to detect injection of malicious Iframes for both online and offline cases. Our system detects malicious iframe by combining selective multi-execution and machine learning. We design multiple contextual features, considering Iframe style, destination and context properties.

mobile security

web security

Machine learning