Global ETD Search

61	Malware Behavior = Comportamento de programas maliciosos / Comportamento de programas maliciosos Grégio, André Ricardo Abed 21 August 2018 (has links) Orientadores: Mario Jino, Paulo Licio de Geus / Tese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-21T16:40:48Z (GMT). No. of bitstreams: 1 Gregio_AndreRicardoAbed_D.pdf: 5158672 bytes, checksum: 12a24da95543bac78fd3f047f7415314 (MD5) Previous issue date: 2012 / Resumo: Ataques envolvendo programas maliciosos (malware) s~ao a grande ameaça atual _a segurança de sistemas. Assim, a motivação desta tese _e estudar o comportamento de malware e como este pode ser utilizado para fins de defesa. O principal mecanismo utilizado para defesa contra malware _e o antivírus (AV). Embora seu propósito seja detectar (e remover) programas maliciosos de máquinas infectadas, os resultados desta detecção provêem, para usuários e analistas, informações insuficientes sobre o processo de infecção realizado pelo malware. Além disso, não há um padrão de esquema de nomenclatura para atribuir, de maneira consistente, nomes de identificação para exemplares de malware detectados, tornando difícil a sua classificação. De modo a prover um esquema de nomenclatura para malware e melhorar a qualidade dos resultados produzidos por sistemas de análise dinâmica de malware, propõe-se, nesta tese, uma taxonomia de malware com base nos comportamentos potencialmente perigosos observados durante vários anos de análise de exemplares encontrados em campo. A meta principal desta taxonomia _e ser clara, de simples manutenção e extensão, e englobar tipos gerais de malware (worms, bots, spyware). A taxonomia proposta introduz quatro classes e seus respectivos comportamentos de alto nível, os quais representam atividades potencialmente perigosas. Para avaliá-la, foram utilizados mais de 12 mil exemplares únicos de malware pertencentes a diferentes classes (atribuídas por antivírus). Outras contribuições provenientes desta tese incluem um breve histórico dos programas maliciosos e um levantamento das taxonomias que tratam de tipos específicos de malware; o desenvolvimento de um sistema de análise dinâmica para extrair pefis comportamentais de malware; a especializa- _c~ao da taxonomia para lidar com exemplares de malware que roubam informações (stealers), conhecidos como bankers, a implementação de ferramentas de visualização para interagir com traços de execução de malware e, finalmente, a introdução de uma técnica de agrupamento baseada nos valores escritos por malware na memória e nos registradores / Abstract: Attacks involving malicious software (malware) are the major current threats to systems security. The motivation behind this thesis is to study malware behavior with that purpose. The main mechanism used for defending against malware is the antivirus (AV) tool. Although the purpose of an AV is to detect (and remove) malicious programs from infected machines, this detection usually provides insufficient information for users and analysts regarding the malware infection process. Furthermore, there is no standard naming scheme for consistently labeling detected malware, making the malware classification process harder. To provide a meaningful naming scheme, as well as to improve the quality of results produced by dynamic analysis systems, we propose a malware taxonomy based on potentially dangerous behaviors observed during several years of analysis of malware found in the wild. The main goal of the taxonomy is, in addition to being simple to understand, extend and maintain, to embrace general types of malware (e.g., worms, bots, spyware). Our behavior-centric malware taxonomy introduces four classes and their respective high-level behaviors that represent potentially dangerous activities. We applied our taxonomy to more than 12 thousand unique malware samples from different classes (assigned by AV scanners) to show that it is useful to better understand malware infections and to aid in malware-related incident response procedures. Other contributions of our work are: a brief history of malware and a survey of taxonomies that address specific malware types; a dynamic analysis system to extract behavioral profiles from malware; specialization of our taxonomy to handle information stealers known as bankers; proposal of visualization tools to interact with malware execution traces and, finally, a clustering technique based on values that malware writes into memory or registers / Doutorado / Engenharia de Computação / Doutor em Engenharia Elétrica Software - Segurança Virus de computador Classificação Computer networks - Security measures Software - Security Computer virus Taxonomy
62	Mathematical security models for multi-agent distributed systems Ma, Chunyan 01 January 2004 (has links) This thesis presents the developed taxonomy of the security threats in agent-based distributed systems. Based on this taxonomy, a set of theories is developed to facilitate analyzng the security threats of the mobile-agent systems. We propose the idea of using the developed security risk graph to model the system's vulnerabilties. Computer security -- Mathematical models Computer networks -- Security measures Information Security
63	Feature Set Selection for Improved Classification of Static Analysis Alerts Goeschel, Kathleen 01 January 2019 (has links) With the extreme growth in third party cloud applications, increased exposure of applications to the internet, and the impact of successful breaches, improving the security of software being produced is imperative. Static analysis tools can alert to quality and security vulnerabilities of an application; however, they present developers and analysts with a high rate of false positives and unactionable alerts. This problem may lead to the loss of confidence in the scanning tools, possibly resulting in the tools not being used. The discontinued use of these tools may increase the likelihood of insecure software being released into production. Insecure software can be successfully attacked resulting in the compromise of one or several information security principles such as confidentiality, availability, and integrity. Feature selection methods have the potential to improve the classification of static analysis alerts and thereby reduce the false positive rates. Thus, the goal of this research effort was to improve the classification of static analysis alerts by proposing and testing a novel method leveraging feature selection. The proposed model was developed and subsequently tested on three open source PHP applications spanning several years. The results were compared to a classification model utilizing all features to gauge the classification improvement of the feature selection model. The model presented did result in the improved classification accuracy and reduction of the false positive rate on a reduced feature set. This work contributes a real-world static analysis dataset based upon three open source PHP applications. It also enhanced an existing data set generation framework to include additional predictive software features. However, the main contribution is a feature selection methodology that may be used to discover optimal feature sets that increase the classification accuracy of static analysis alerts. feature selection information security SAST software security software testing static analysis Artificial Intelligence and Robotics Computer Sciences Databases and Information Systems Physical Sciences and Mathematics
64	Integration of Software Security Design Analysis to the Agile Development Process / Integracija bezbednosne analize dizajna softverau proces agilnog razvoja Luburić Nikola 18 January 2020 (has links) <p>This thesis presents research in the field of secure<br />software engineering. Two methods are<br />developed that, when combined, facilitate the<br />integration of software security design analysis<br />into the agile development workflow. The first<br />method is a training framework for creating<br />workshops aimed at teaching software engineers<br />on how to perform security design analysis. The<br />second method is a process that expands on the<br />security design analysis method to facilitate better<br />integration with the needs of the organization. The<br />first method is evaluated through a controlled<br />experiment, while the second method is evaluated<br />through comparative analysis and case study<br />analysis, where the process is tailored and<br />implemented for two different software vendors.</p> / <p>U sklopu disertacije izvr&scaron;eno je istraživanje u<br />oblasti razvoja bezbednog softvera. Razvijene su<br />dve metode koje zajedno omogućuju integraciju<br />bezbednosne analize dizajna softvera u proces<br />agilnog razvoja. Prvi metod predstavlja radni okvir<br />za konstruisanje radionica čija svrha je obuka<br />inženjera softvera kako da sprovode bezbednosnu<br />analizu dizajna. Drugi metod je proces koji<br />pro&scaron;iruje metod bezbednosne analize dizajna<br />kako bi podržao bolju integraciju spram potreba<br />organizacije. Prvi metod je evaluiran kroz<br />kontrolisan eksperiment, dok je drugi metod<br />evaluiran upotrebom komparativne analize i<br />analize studija slučaja, gde je proces<br />implementiran u kontekstu dve organizacije koje<br />se bave razvojem softvera.</p>
65	A framework to unify application security testing in DevOps environment / Ett ramverk för enhetlig testning av applikationssäkerhet i DevOps-miljöer Le, Duc Quang January 2021 (has links) In recent years, companies and organizations have increasingly integrated software security testing into the software development life cycle using DevOps practices. The current integration approach introduces multiple challenges in an information technology environment that consists of a large number of software development projects and multiple software security testing tools. This thesis aims to address these challenges by proposing a microservice-based framework to unify application security testing. The thesis first identifies the challenges, then proposes a design for a framework based on relevant literature and common characteristics of application security testing tools. The main components of the proposed framework are implemented and evaluated. The evaluation result shows that the framework offers many benefits: more secure credential management process, reduced execution time for Continuous Integration (CI) pipelines, and more efficient project onboarding and management. Furthermore, the integration of the proposed framework does not introduce major security threats to the current environment. / Under de senaste åren har företag och organisationer i allt högre grad integrerat testning av programvarusäkerhet i livscykeln för programvaruutveckling med hjälp av DevOps-metoder. Den nuvarande integrationsmetoden medför flera utmaningar i en informationsteknisk miljö som består av ett stort antal programvaruutvecklingsprojekt och flera verktyg för testning av programvarusäkerhet. Detta examensarbete syftar till att ta itu med dessa utmaningar genom att föreslå en mikrotjänstbaserat ramverk för enhetlig testning av programsäkerhet. I arbetet identifieras först utmaningarna och därefter föreslås en konstruktion baserad på relevant litteratur och gemensamma egenskaper hos verktyg för testning av applikationssäkerhet. De viktigaste komponenterna i det föreslagna ramverket implementeras och utvärderas. Utvärderingsresultatet visar att ramverket erbjuder många fördelar: säkrare process för hantering av autentiseringsuppgifter, kortare genomförandetid för Continuous Integration (CI)-pipelines och effektivare projektstart och -hantering. Dessutom medför integrationen av det föreslagna ramverket inga större säkerhetshot i den nuvarande miljön. Application security testing software security security in DevOps (DevSec- Ops) microservice framework Testning applikationssäkerhet programvarusäkerhet DevOps mikrotjänst -arkitektur Computer and Information Sciences Data- och informationsvetenskap
66	A software development methodology for solo software developers: leveraging the product quality of independent developers Moyo, Sibonile 02 1900 (has links) Software security for agile methods, particularly for those designed for individual developers, is still a major concern. With most software products deployed over the Internet, security as a key component of software quality has become a major problem. In addressing this problem, this research proposes a solo software development methodology (SSDM) that uses as minimum resources as possible, at the same time conforming to the best practice for delivering secure and high-quality software products. Agile methods have excelled on delivering timely and quality software. At the same time research also shows that most agile methods do not address the problem of security in the developed software. A metasynthesis of SSDMs conducted in this thesis confirmed the lack practices that promote security in the developed software product. On the other hand, some researchers have demonstrated the feasibility of incorporating existing lightweight security practices into agile methods. This research uses Design Science Research (DSR) to build, demonstrate and evaluate a lightweight SSDM. Using an algorithm adapted for the purpose, the research systematically integrates lightweight security and quality practices to produce an agile secure-solo software development methodology (Secure-SSDM). A multiple-case study in an academic and industry setting is conducted to demonstrate and evaluate the utility of the methodology. This demonstration and evaluation thereof, indicates the applicability of the methodology in building high-quality and secure software products. Theoretical evaluation of the agility of the Secure-SSDM using the four-dimensional analytical tool (4-DAT) shows satisfactory compliance of the methodology with agile principles. The main contributions in this thesis are: the Secure-SSDM, which entails description of the concepts, modelling languages, stages, tasks, tools and techniques; generation of a quality theory on practices that promote quality in a solo software development environment; adaptation of Keramati and Mirian-Hosseinabadi’s algorithm for the purposes of integrating quality and security practices. This research would be of value to researchers as it introduces the security component of software quality into a solo software development environment, probing more research in the area. To software developers the research has provided a lightweight methodology that builds quality and security into the product using minimum resources. / School of Computing / D. Phil. (Computer Science) Agile methods Agility degree Design science research Industry developers Software development methodology Software product quality Software quality Software security Solo software development
67	Automated Vulnerability Management / Automatiserad sårbarhetshantering Ma, Yuhan January 2023 (has links) The field of software security is constantly evolving, and security must be taken into consideration throughout the entire product life cycle. This is particularly important in today’s dynamic security landscape, where threats and vulnerabilities constantly change. One of the organizations’ biggest challenges is identifying and managing vulnerabilities in their software systems. This is where automating aspects of vulnerability management can play a crucial role. This thesis aims to investigate the feasibility of using natural language processing to automate vulnerability management. The main objective of the work is to develop a proof-of-concept system that simplifies the work of developers and testers by automatically filtering and categorizing vulnerabilities. The system will use natural language processing to distinguish and classify vulnerabilities based on the details of the vulnerability description. This helps organizations to identify and manage vulnerabilities conveniently, meanwhile saving time and resources. In addition, the system will be integrated with the defect-tracking tool, becoming part of the software development process. Therefore, the vulnerabilities can be identified and managed as early as possible in the development cycle, making resolving them easier and more cost-effective. Integrating the defect-tracking tool will also make it easier for organizations to track and resolve vulnerabilities promptly. In conclusion, this work aims to demonstrate that an automated vulnerability management system using natural language processing is feasible and effective. By simplifying the work of developers and testers, organizations can improve their overall software security posture and reduce their risk of security incidents. The expected outcome of this work is a proof-of-concept system that can be used as a model for organizations which aim to improve their vulnerability management processes. / Området mjukvarusäkerhet utvecklas ständigt och säkerhet måste beaktas under hela produktens livscykel. Detta är särskilt viktigt i dagens dynamiska säkerhetslandskap, där hot och sårbarheter ständigt förändras. En av organisationernas största utmaningar är att identifiera och hantera sårbarheter i sina mjukvarusystem. Det är här automatisering av sårbarhetshantering kan spela en avgörande roll. Denna avhandling syftar till att undersöka möjligheten att använda bearbetning av naturligt språk för att automatisera sårbarhetshantering. Huvudsyftet med forskningen är att utveckla prototyp som förenklar arbetet för utvecklare och testare genom att automatiskt filtrera och kategorisera sårbarheter. Systemet kommer att använda naturlig språkbehandling för att särskilja och klassificera sårbarheter baserat på detaljerna i sårbarhetsbeskrivningen. Detta hjälper organisationer att identifiera och hantera sårbarheter, samtidigt som det sparar tid och resurser. Dessutom kommer systemet att integreras i ett automatiserat flöde och blir då en del av mjukvaruutvecklingsprocessen. Detta säkerställer att sårbarheter identifieras och hanteras så tidigt som möjligt i utvecklingscykeln, vilket gör det enklare och mer kostnadseffektivt att lösa dem. Integrationen med defektspårningsverktyg kommer också att göra det lättare för organisationer att följa sårbarheter och lösa dem snabbt. Sammanfattningsvis syftar detta arbete till att visa att ett automatiserat sårbarhetshanteringssystem som använder naturligt språkbehandling är genomförbart och effektivt. Genom att förenkla arbetet för utvecklare och testare kan organisationer förbättra sin övergripande mjukvarusäkerhet och minska risken för säkerhetsincidenter. Det förväntade resultatet av detta arbete är ett proof-of-concept-system som kan användas som en modell för organisationer som strävar efter att förbättra sina processer för sårbarhetshantering. Software security Machine learning Automation Vulnerability management Natural language processing Programvarusäkerhet Maskininlärning Automation Sårbarhetshantering Bearbetning av naturligt språk Computer and Information Sciences Data- och informationsvetenskap
68	Minimator: A Serious Game on Zero-Day Markets Cseresnyes, Ehud, Sharma, Hans January 2022 (has links) Zero-days are vulnerabilities that the software vendor does not know about and thus cannot provide a patch for. Their value has caused markets to develop, divided by the purchase intention. This thesis focuses on the white and grey markets, that is those buying to patch and those buying to exploit. While states generally have an interest in both, they currently spend money to exploit zerodays, keeping software insecure. The lack of knowledge and awareness surrounding this practice is the problem targeted in this thesis. Serious games, aiming to be both entertaining and educational, represent one opportunity to create awareness. They fit our circumstances particularly well because understanding the problem space requires adversarial thinking and lots of different concepts. Our research goal has thus been to create a serious game that accurately illuminates the dilemma experienced by states. Design science was the research strategy employed to reach the stated goal. Our main contribution is Minimator, a multiplayer, web-based game in which players, acting as states, have to protect their infrastructure and deal with zero-day markets. Additionally, we present a formal model of states’ treatment of zero-day markets developed using game theory and shown to resemble the n-players prisoners’ dilemma. An expert evaluation was conducted, delivering promising results in terms of gameplay appeal, and accuracy. A naturalistic evaluation remains, but is suggested in detail for future endeavours. Minimator is original as, to our knowledge, no similar artefact exists. It provides value by potentially creating a starting point for and encouraging an informed, public debate about the trade-off between national and infrastructure security, which is inherently political. serious games zero-days zero-day markets exploits vulnerabilities game theory design science cyber warfare cyber conflict national security software security Computer Sciences Datavetenskap (datalogi)
69	Uso de técnicas e ferramentas para detecção de vulnerabilidades: um survey com membros de equipes de desenvolvimento ágil de software / Use of techniques and tools for vulnerability detection: a survey with members of agile software development teams Santos, Ligia Cassia Moreno de Castro 05 April 2018 (has links) Métodos ágeis foram criados para sanar fraquezas reais e perceptíveis dos métodos tradicionais de desenvolvimento de software. Devido à pressão na entrega de produtos de software dentro do prazo, muitas vezes requisitos de segurança são pouco mensurados ou até deixados de lado. Durante o desenvolvimento ágil de software é importante detectar possíveis vulnerabilidades. Esta dissertação descreve um survey aplicado a membros de equipes de desenvolvimento de software que aplicam métodos ágeis. Para tanto, foram identificados por meio da rede de profissionais LinkedIn 110 membros de equipes ágeis que implantaram, estão em processo de implantação ou ainda irão implantar técnicas e ferramentas para detecção de vulnerabilidades. Além disso, foram entrevistados nove gerentes de equipes ágeis. O questionário e o roteiro da entrevista foram baseados em três conhecidos processos de desenvolvimento de software seguro, a saber, Processo de McGraw, OWASP CLASP e as atividades de Howard e Lipner. A coleta de dados se deu por meio de questionários e entrevistas. A análise dos resultados utilizou técnicas de estatística descritiva e análise de conteúdo. Elas indicaram os métodos ágeis mais utilizados, o uso atual das técnicas e ferramentas, as aptidões, os interesses e as necessidades em treinamento em técnicas e ferramenta para detecção de vulnerabilidades. Além disso, os benefícios obtidos com a implantação das técnicas e ferramentas, as motivações, as estratégias, as dificuldades, as limitações e as lições aprendidas foram identificadas. Os resultados indicam que existe motivação para a implantação de segurança, mas ainda não se dá atenção especial à detecção de vulnerabilidades nas equipes ágeis cujos membros participaram do survey / Agile methods were created to address real and perceived weaknesses of traditional software development methods. Due to the pressure to delivery software products on time, security requirements are often poorly addressed or even neglected. During agile software development it is important to detect possible vulnerabilities. This dissertation describes a survey applied to members of software development teams who apply agile methods. Thus, 110 members of agile teams were identified through LinkedIns network of professionals who deployed, are in the process of being deployed or will still implement techniques and tools for vulnerability detection techniques and tools were identified. The questionnaire was based on three known safe software development processes, namely, the McGraw Process, OWASP CLASP, and the activities of Howard and Lipner. Data were collected through questionnaires and interviews. The analysis of the results used techniques of descriptive statistics and content analysis. They indicated the most widely used agile methods, the current use of techniques and tools, the skills, interests and training needs of agile teams in vulnerability detection techniques and tools. In addition, the benefits of implementing the techniques and tools, the motivations, the strategies, the difficulties, the limitations and the lessons learned were identified. The results suggest that special attention is still not given to detection of vulnerabilities in the agile teams whose members participated in the survey Agile Methods Desenvolvimento de software Engenharia de Software Métodos Ágeis Segurança de Software Software Development Software Engineering Software Security Survey Survey Vulnerabilidades Vulnerabilities
70	Uso de técnicas e ferramentas para detecção de vulnerabilidades: um survey com membros de equipes de desenvolvimento ágil de software / Use of techniques and tools for vulnerability detection: a survey with members of agile software development teams Ligia Cassia Moreno de Castro Santos 05 April 2018 (has links) Métodos ágeis foram criados para sanar fraquezas reais e perceptíveis dos métodos tradicionais de desenvolvimento de software. Devido à pressão na entrega de produtos de software dentro do prazo, muitas vezes requisitos de segurança são pouco mensurados ou até deixados de lado. Durante o desenvolvimento ágil de software é importante detectar possíveis vulnerabilidades. Esta dissertação descreve um survey aplicado a membros de equipes de desenvolvimento de software que aplicam métodos ágeis. Para tanto, foram identificados por meio da rede de profissionais LinkedIn 110 membros de equipes ágeis que implantaram, estão em processo de implantação ou ainda irão implantar técnicas e ferramentas para detecção de vulnerabilidades. Além disso, foram entrevistados nove gerentes de equipes ágeis. O questionário e o roteiro da entrevista foram baseados em três conhecidos processos de desenvolvimento de software seguro, a saber, Processo de McGraw, OWASP CLASP e as atividades de Howard e Lipner. A coleta de dados se deu por meio de questionários e entrevistas. A análise dos resultados utilizou técnicas de estatística descritiva e análise de conteúdo. Elas indicaram os métodos ágeis mais utilizados, o uso atual das técnicas e ferramentas, as aptidões, os interesses e as necessidades em treinamento em técnicas e ferramenta para detecção de vulnerabilidades. Além disso, os benefícios obtidos com a implantação das técnicas e ferramentas, as motivações, as estratégias, as dificuldades, as limitações e as lições aprendidas foram identificadas. Os resultados indicam que existe motivação para a implantação de segurança, mas ainda não se dá atenção especial à detecção de vulnerabilidades nas equipes ágeis cujos membros participaram do survey / Agile methods were created to address real and perceived weaknesses of traditional software development methods. Due to the pressure to delivery software products on time, security requirements are often poorly addressed or even neglected. During agile software development it is important to detect possible vulnerabilities. This dissertation describes a survey applied to members of software development teams who apply agile methods. Thus, 110 members of agile teams were identified through LinkedIns network of professionals who deployed, are in the process of being deployed or will still implement techniques and tools for vulnerability detection techniques and tools were identified. The questionnaire was based on three known safe software development processes, namely, the McGraw Process, OWASP CLASP, and the activities of Howard and Lipner. Data were collected through questionnaires and interviews. The analysis of the results used techniques of descriptive statistics and content analysis. They indicated the most widely used agile methods, the current use of techniques and tools, the skills, interests and training needs of agile teams in vulnerability detection techniques and tools. In addition, the benefits of implementing the techniques and tools, the motivations, the strategies, the difficulties, the limitations and the lessons learned were identified. The results suggest that special attention is still not given to detection of vulnerabilities in the agile teams whose members participated in the survey Desenvolvimento de software Engenharia de Software Métodos Ágeis Segurança de Software Survey Vulnerabilidades Agile Methods Software Development Software Engineering Software Security Survey Vulnerabilities

Search results