Global ETD Search

21	Novel System Compartmentalization and Reverse Engineering Methods Derrick P Mckee (12868367) 14 June 2022 (has links) <p>The need to secure software systems is more important than ever. However, while a lot of work exists to design and implement secure systems, a fundamental weakness remains. Instead of implementing software with least privilege policies, developers create monolithic systems that allow any instruction near universal memory access. This dissertation attempts to rectify this fundamental weakness to software design through three different contributions.</p> <p>First, I address the monolithic software design problem by proposing and evaluating a novel compartmentalization enforcement mechanism called Hardware-Assisted Kernel Compartmentalization (HAKC). HAKC is capable of enforcing an arbitrary compartmentalization policy using features of the ARMv9 ISA, without the need of any extra virtualization or trusted software layer. I then introduce a method of determining an optimal compartmentalization policy based on user performance and security constraints called FlexC, which is tested using HAKC as the enforcement mechanism. The end result is a hardened, com-partmentalized kernel, customized to a user’s needs, which enforces a least privilege policy that minimizes overhead. Finally, as an avenue for further compartmentalization policy generation, I introduce a novel program analysis framework called IOVec Function Identifier (IOVFI), which foregoes the use of language processing and model learning, but instead uses program state changes as a unique function fingerprint. I show that IOVFI is a more stable and accurate function identifier than the state-of-the-art, even in the presence of differing compilation environments, purposeful obfuscations, and even architecture changes.</p> Software and application security System and network security Compartmentalization Reverse engineering Computer security
22	APEX-ICS: Automated Protocol Exploration And Fuzzing For Closed Source ICS Protocols Parvin Kumar (15354694) 28 April 2023 (has links) <p>A closed-source ICS communication is a fundamental component of supervisory software and PLCs operating critical infrastructure or configuring devices. As this is a vital communication, a compromised protocol can allow attackers to take over the entire critical infrastructure network and maliciously manipulate field device values. Thus, it is crucial to conduct security assessments of these closed-source protocol communications before deploy?ing them in a production environment to ensure the safety of critical infrastructure. However, Fuzzing closed-source communication without understanding the protocol structure or state is ineffective, making testing such closed-source communications a challenging task. </p> <p><br></p> <p>This research study introduces the APEX-ICS framework, which consists of two significant components: Automatic closed-source ICS protocol reverse-engineering and stateful black-box fuzzing. The former aims to reverse-engineer the protocol communication, which is critical to effectively performing the fuzzing technique. The latter component leverages the generated grammar to detect vulnerabilities in communication between supervisory software and PLCs. The framework prototype was implemented using the Codesys v3.0 closed-source protocol communication to conduct reverse engineering and fuzzing and successfully identified 4 previously unknown vulnerabilities, which were found to impact more than 400 manufacturer’s devices. </p> Hardware security Software and application security System and network security Fuzzng reverse engineering concept Codesys ICS
23	APEX-ICS: Automated Protocol Exploration and Fuzzing For Closed-Source ICS Protocols Parvin Kumar (15354694) 28 April 2023 (has links) <p> A closed-source ICS communication is a fundamental component of supervisory software and PLCs operating critical infrastructure or configuring devices. As this is a vital communication, a compromised protocol can allow attackers to take over the entire critical infrastructure network and maliciously manipulate field device values. Thus, it is crucial to conduct security assessments of these closed-source protocol communications before deploying them in a production environment to ensure the safety of critical infrastructure. However, Fuzzing closed-source communication without understanding the protocol structure or state is ineffective, making testing such closed-source communications a challenging task.</p> <p><br> This research study introduces the APEX-ICS framework, which consists of two significant components: Automatic closed-source ICS protocol reverse-engineering and stateful black-box fuzzing. The former aims to reverse-engineer the protocol communication, which is critical to effectively performing the fuzzing technique. The latter component leverages the generated grammar to detect vulnerabilities in communication between supervisory software and PLCs. The framework prototype was implemented using the Codesys v3.0 closed-source protocol communication to conduct reverse engineering and fuzzing and successfully identified 4 previously unknown vulnerabilities, which were found to impact more than 400 manufacturer’s devices. </p> Hardware security Software and application security System and network security Fuzzing Reverse Engineering ICS
24	Towards Secure and Safe AI-enabled Systems Through Optimizations Guanhong Tao (18542383) 15 May 2024 (has links) <p dir="ltr">Artificial intelligence (AI) is increasingly integrated into critical systems across various sectors, including public surveillance, autonomous driving, and malware detection. Despite their impressive performance and promise, the security and safety of AI-enabled systems remain significant concerns. Like conventional systems that have software bugs or vulnerabilities, applications leveraging AI are also susceptible to such issues. Malicious behaviors can be intentionally injected into AI models by adversaries, creating a backdoor. These models operate normally with benign inputs but consistently misclassify samples containing an attacker-inserted trigger, known as a <i>backdoor attack</i>.</p><p dir="ltr">However, backdoors can not only be injected by an attacker but may also naturally exist in normally trained models. One can find backdoor triggers in benign models that cause any inputs with the trigger to be misclassified, a phenomenon termed <i>natural backdoors</i>. Regardless of whether they are injected or natural, backdoors can take various forms, which increases the difficulty of identifying such vulnerabilities. This challenge is exacerbated when access to AI models is limited.</p><p dir="ltr">This dissertation introduces an optimization-based technique that reverse-engineers trigger patterns exploited by backdoors, whether injected or natural. It formulates how backdoor triggers modify inputs down to the pixel level to approximate their potential forms. The intended changes in output predictions guide the reverse-engineering process, which involves computing the input gradient or sampling possible perturbations when model access is limited. Although various types of backdoors exist, this dissertation demonstrates that they can be effectively clustered into two categories based on their methods of input manipulation. The development of practical reverse-engineering approaches is based on this fundamental classification, leading to the successful identification of backdoor vulnerabilities in AI models.</p><p dir="ltr">To alleviate such security threats, this dissertation introduces a novel hardening technique that enhances the robustness of models against adversary exploitation. It sheds light on the existence of backdoors, which can often be attributed to the small distance between two classes. Based on this analysis, a class distance hardening method is proposed to proactively enlarge the distance between every pair of classes in a model. This method is effective in eliminating both injected and natural backdoors in a variety of forms.</p><p dir="ltr">This dissertation aims to highlight both existing and newly identified security and safety challenges in AI systems. It introduces novel formulations of backdoor trigger patterns and provides a fundamental understanding of backdoor vulnerabilities, paving the way for the development of safer and more secure AI systems.</p> Software and application security Adversarial machine learning AI Security Backdoor Attack Trigger Reverse Engineering Model Hardening
25	Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners Shelly, David Andrew 17 September 2010 (has links) The threat of cyber attacks due to improper security is a real and evolving danger. Corporate and personal data is breached and lost because of web application vulnerabilities thousands of times every year. The large number of cyber attacks can partially be attributed to the fact that web application vulnerability scanners are not used by web site administrators to scan for flaws. Web application vulnerability scanners are tools that can be used by network administrators and security experts to help prevent and detect vulnerabilities such as SQL injection, buffer overflows, cross-site scripting, malicious file execution, and session hijacking. However, these tools have been found to have flaws and limitations as well. Research has shown that web application vulnerability scanners are not capable of always detecting vulnerabilities and attack vectors, and do not give effective measurements of web application security. This research presents a method to analyze the flaws and limitations of several of the most popular commercial and free/open-source web application scanners by using a secure and insecure version of a custom-built web application. Using this described method, key improvements that should be made to web application scanner techniques to reduce the number of false-positive and false-negative results are proposed. / Master of Science Vulnerability Detection Web Application Scanners Web Application Security Black Box Testing
26	A Comparative Analysis of Open Source Dynamic Application Security Testing Tools / En jämförelseanalys av dynamiska testverktyg för applikationssäkerhet med öppen källkod Chorell, Isak, Ekberg, Christoffer January 2024 (has links) In today’s digital era, the increase of internet usage presents a growing challenge in cyber security. An increase in cyber attacks underscore the need for robust software systems to protect them. One way of detecting vulnerabilities is by using Dynamic Application Security Testing (DAST) tools, which simulate cyber attacks without knowledge of the internal structure of its target. This thesis investigates the four open source DAST tools Black Widow, Nuclei, Wapiti and ZAP in their ability to identify security vulnerabilities in web applications. A comparative analysis was performed, focusing on the tools vulnerability detection capabilities, how different web applications affect their results as well as their practical applicability. Each DAST tool was run against web applications, both with and without intentional vulnerabilities, where measures such as scan time and reported vulnerabilities were collected. The tools were also run against a benchmark to be able to calculate the metrics accuracy, precision, recall and F-measure. The results show that ZAP reported the most vulnerabilities, where Cross Site Scripting and SQL injection are the most common types, but also had the largest number of false positives. However, on the benchmark, none of the DAST tools had any false positives. It was also found that the architecture of the web application highly influenced the tools' attack capabilities. Conclusively, DAST tools can help to improve the security of web applications but come with some drawbacks and limitations. To achieve a more comprehensive scan, one can use more than one DAST tool, but it comes with a cost of longer scan times and an increase in manual effort to review the reported vulnerabilities. Web security DAST Dynamic Application Security Testing Black Widow Nuclei Wapiti ZAP Computer Sciences Datavetenskap (datalogi)
27	Evaluating and comparing the web application security testing tools: Identifying and Applying Key Metrics Thota, Sanmay Bhavanish, Vemula, Sai Ajit Jayasimha January 2024 (has links) Background: Web application security (WAS) testing is crucial for protecting web applications from cyber threats. However, organizations often struggle to select effective WAS testing tools due to the lack of a well-defined set of evaluation criteria. This research aims to address this need by identifying the key metrics for evaluating and comparing WAS testing tools. Objectives: The primary objectives of this research are to identify the key metrics for comparing WAS testing tools, validate the significance of these metrics through semi-structured interviews, and perform a comparison between WAS testing tools using the validated metrics. This research aims to find a set of validated metrics for evaluating and comparing WAS testing tools. Methods: The research methodology consisted of three main phases: a literature review to compile a comprehensive set of technical and non-technical metrics commonly used for assessing and comparing WAS testing tools, semi-structured interviews with security experts to validate the significance of the identified metrics, and an experiment to compare three WAS testing tools - ZAP, Burp Suite, and Acunetix - using the OWASP Benchmark project. These three tools were selected based on the author’s recommendations in the literature. Results: The initial literature review found 37 evaluation metrics for WAS testing tools. Through interviews, experts confirmed some of these were important, but also said some were not very useful. The experts additionally suggested some new metrics that were not in the literature. Incorporating this feedback, the final list was refined down to 35 metrics for evaluating WAS testing tools. An experiment was then conducted to compare three WAS testing tools - ZAP, Burp Suite, and Acunetix with the test subject as the OWASP Benchmark Project and by using the validated set of metrics. The results of this experiment revealed differences in the performance of the tools, with Burp Suite emerging as the best performer. Conclusions: This research has provided a valid set of metrics for comparing and evaluating WAS testing tools, empowering organizations to make more informed decisions. Security professionals can optimise their WAS testing tool selection by understanding the key metrics and their relative significance, as established through the literature and interviews. Based on the experimental analysis, Burp Suite performed better than other tools. Therefore, for organizations initiating the selection process of the WAS testing tool, Burp Suite stands out as a good choice. Web application security Web app security testing tool vulnerability Evaluation metrics Software Engineering Programvaruteknik
28	TECHNIQUES TO SECURE AND MONITOR CLIENT DATABASE APPLICATIONS Daren Khaled Fadolalkarim (19200958) 23 July 2024 (has links) <p dir="ltr">In this thesis, we aim at securing database applications in different ways. We have designed, implemented and experimentally evaluated two systems, AD-PROM and DCAFixer. AD-PROM has the goal to monitor database application while running to detect changes in applications’ behaviors at run time. DCAFixer, focus on securing database applications at the early development stages, i.e., coding and testing.</p> Data security and protection Software and application security Database security Program Analysis software security Automated Program Repair
29	Empirically Driven Investigation of Dependability and Security Issues in Internet-Centric Systems Huynh, Toan Nguyen Duc 06 1900 (has links) The Web, being the most popular component of the Internet, has been transformed from a static information-serving medium into a fully interactive platform. This platform has been used by developers to create web applications rivaling traditional desktop systems. Designing, developing and evaluating these applications require new or modified methodologies, techniques and tools because of the different characteristics they exhibit. This dissertation discusses two important areas for developing and evaluating these applications: security and data mining. In the security area, a survey using a process similar to the Goal Question Metric approach examines the properties of web application vulnerabilities. Using results from the survey, a white-box approach to identify web applications vulnerabilities is proposed. Although the approach eliminates vulnerabilities during the development process, it does not protect existing web applications that have not utilized the approach. Hence, an Anomaly-based Network Intrusion Detection System, called AIWAS, is introduced. AIWAS protects web applications through the analysis of interactions between the users and the web applications. These interactions are classified as either benign or malicious; malicious interactions are prevented from reaching the web applications under protection. In the data mining area, the method of reliability estimation from server logs is examined in detail. This examination reveals the fact that the session workload is currently obtained using a constant Session Timeout Threshold (STT) value. However, each website is unique and should have its own STT value. Hence, an initial model for estimating the STT is introduced to encourage future research on sessions to use a customized STT value per website. This research on the STT leads to a deeper investigation of the actual session workload unit. More specifically, the distributional properties of the session workload are re-examined to determine whether the session workload can be described as a heavy-tailed distribution. / Software Engineering and Intelligent Systems web application security data mining web application vulnerabilities network intrusion detection system web system reliability session timeout threshold session workload
30	Apsaugos nuo SQL injekcijų el.verslo svetainėse metodikos sudarymas ir tyrimas / Development and research of method of protection against SQL injections in e-commerce websites Ramoška, Aidas 04 November 2013 (has links) SQL injekcijos atakos taikinys – interaktyvios interneto programos, kurios naudoja duomenų bazės serverius. Šios programos leidžia vartotojams įvesti informaciją ir ją įvedus formuojamos SQL užklausos, kurios siunčiamos į duomenų bazės serverį. Darydamas SQL injekcijos ataką, atakuotojas per įvesties laukus suformuoja kenksmingą SQL užklausos segmentą, kuris modifikuoja buvusią užklausą. Naudodamas SQL injekcijos ataką, atakuotojas gali prieiti prie konfidencialios informacijos, ją modifikuoti ar, apeidamas autorizacijos scenarijų, prisijungti prie sistemos nežinodamas slaptažodžio. Šiame darbe pasiūlytas saugos modulis perima visą vartotojo įvedamą informaciją, pritaiko saugumo taisykles ir taip padidina saugumą apsisaugant nuo SQL injekcijų el. verslo žiniatinklio programose bei registruoja potencialius bandymus sutrikdyti normalų sistemos darbą. Norint įdiegti pasiūlytą saugos modulį, nereikia konfigūruoti serverio ar jo programinės įrangos – modulio diegimo metu keičiasi tik žiniatinklio programos failai. Darbui atlikti pasirinkta PHP programavimo kalba ir MySQL duomenų bazė. Tyrimo metu atlikti testavimo rezultatai parodo, kokius saugos modulio konfigūravimo parametrus reikia taikyti norint užtikrinti maksimalų saugumo lygį. / The target of SQL injection attack – interactive web programs, which use database servers. Those programs allow users to input information and as it is imputed, it forms SQL queries, which are sent into database server. With SQL injection help, the attacker using input fields forms harmful section of SQL query, which modifies previous query. Exploiting attack of SQL injection, the attacker may learn confidential information, modify it or connect to system without knowing the password by authorisation bypass. In this research-paper the proposed security model takes over all information inputted by user, adjusts the safety rules and that way it improves the safety in order to guard from SQL injections at electronic business web systems as well as it register potential attempts to disrupt normal work of the system. In order to install the proposed safety model there is no need to configure the server or its software because in the moment of installation it changes only files of website programs. For purpose of executing this work, we use PHP programming language and MySQL database. During the analysis, the received test results show what configuration parameters of safety model we need to use in order to guarantee the maximum level of safety. Informatics Engineering SQL injekcijos Duomenų bazės saugumas El. verslas Žiniatinklio programų sauga SQL injections Database security E-business Web application security

Search results