Quantitative Metrics and Measurement Methodologies for System Security Assurance

Ahmed, Md Salman

11 January 2022

Proactive approaches for preventing attacks through security measurements are crucial for preventing sophisticated attacks. However, proactive measures must employ qualitative security metrics and systemic measurement methodologies to assess security guarantees, as some metrics (e.g., entropy) used for evaluating security guarantees may not capture the capabilities of advanced attackers. Also, many proactive measures (e.g., data pointer protection or data flow integrity) suffer performance bottlenecks. This dissertation identifies and represents attack vectors as metrics using the knowledge from advanced exploits and demonstrates the effectiveness of the metrics by quantifying attack surface and enabling ways to tune performance vs. security of existing defenses by identifying and prioritizing key attack vectors for protection. We measure attack surface by quantifying the impact of fine-grained Address Space Layout Randomization (ASLR) on code reuse attacks under the Just-In-Time Return-Oriented Programming (JITROP) threat model. We conduct a comprehensive measurement study with five fine-grained ASLR tools, 20 applications including six browsers, one browser engine, and 25 dynamic libraries. Experiments show that attackers only need several seconds (1.5-3.5) to find various code reuse gadgets such as the Turing Complete gadget set. Experiments also suggest that some code pointer leaks allow attackers to find gadgets more quickly than others. Besides, the instruction-level single-round randomization can restrict Turing Complete operations by preventing up to 90% of gadgets. This dissertation also identifies and prioritizes critical data pointers for protection to enable the capability to tune between performance vs. security. We apply seven rule-based heuristics to prioritize externally manipulatable sensitive data objects/pointers. Our evaluations using 33 ground truths vulnerable data objects/pointers show the successful detection of 32 ground truths with a 42% performance overhead reduction compared to AddressSanitizer. Our results also suggest that sensitive data objects are as low as 3%, and on average, 82% of data objects do not need protection for real-world applications. / Doctor of Philosophy / Proactive approaches for preventing attacks through security measurements are crucial to prevent advanced attacks because reactive measures can become challenging, especially when attackers enter sophisticated attack phases. A key challenge for the proactive measures is the identification of representative metrics and measurement methodologies to assess security guarantees, as some metrics used for evaluating security guarantees may not capture the capabilities of advanced attackers. Also, many proactive measures suffer performance bottlenecks. This dissertation identifies and represents attack elements as metrics using the knowledge from advanced exploits and demonstrates the effectiveness of the metrics by quantifying attack surface and enabling the capability to tune performance vs. security of existing defenses by identifying and prioritizing key attack elements. We measure the attack surface of various software applications by quantifying the available attack elements of code reuse attacks in the presence of fine-grained Address Space Layout Randomization (ASLR), a defense in modern operating systems. ASLR makes code reuse attacks difficult by making the attack components unavailable. We perform a comprehensive measurement study with five fine-grained ASLR tools, real-world applications, and libraries under an influential code reuse attack model. Experiments show that attackers only need several seconds (1.5-3.5) to find various code reuse elements. Results also show the influence of one attack element over another and one defense strategy over another strategy. This dissertation also applies seven rule-based heuristics to prioritize externally manipulatable sensitive data objects/pointers – a type of attack element – to enable the capability to tune between performance vs. security. Our evaluations using 33 ground truths vulnerable data objects/pointers show the successful identification of 32 ground truths with a 42% performance overhead reduction compared to AddressSanitizer, a memory error detector. Our results also suggest that sensitive data objects are as low as 3% of all objects, and on average, 82% of objects do not need protection for real-world applications.

Security Measurement

Attack Surface Quantification

Metrics

Methodologies

Attack Vectors

Data Pointers

Taint Analysis

LLVM

ROP

JITROP

Data-Oriented Attacks

Gadgets

ASLR

Pointer Authentication

Memory Tagging

KVANTIFIERING AV FÖRETAGENS ANVÄNDNING AV DISKONTERING : EN STUDIE AV FÖRETAGEN PÅ NASDAQ STOCKHOLM / QUANTIFICATION OF COMPANIES USE OF DISCOUNTING : A STUDY OF THE COMPANIES LISTED ON NASDAQ STOCKHOLM

Svensson, Dennis, Bajraktari, Ilir

January 2017

Diskontering och nuvärdesberäkning som värderingsmetod har ökat i användning. Acceptansen för värdering till verkliga värden har också ökat och IFRS tillåter i flertalet standarder användning av denna värderingsmetod som, beroende på användning är förknippad med subjektiva inslag. Tidigare forskning uppmärksammar problematiken med diskontering i de avseende att det öppnar upp för subjektivitet och möjligheter för företagsledningen att manipulera resultat och balansräkning. Även om det råder konsensus kring risker med värderingstekniker som innefattar nuvärdesberäkning saknas det, oss veterligen, studier som kartlägger omfattningen av denna värderingsteknik.Mot bakgrund av teorin om informationsasymmetri, earnings management, agentteorin samt de kvalitativa egenskaperna jämförbarhet och tillförlitlighet är studiens syfte att kartlägga användningen av diskontering hos bolag registrerade på NASDAQ Stockholm. Genom att undersöka 268 av 299 företag upptagna på börsen kan vi visa på användningen och utmärkande skillnader mellan företag tillhörande olika storlek och sektorer. Resultatet är att betraktas som vägledande för framtida studier.Slutsatsen är att diskontering förekommer hos merparten av bolagen på NASDAQ Stockholm. Ytterligare slutsats utifrån studien är att företagen avsätter olika stor yta till information om diskontering och nuvärdesberäkning. Konsekvent genom analysen förs resonemanget att om företagen avsätter en liten yta i relation till andra företag kan detta ha en negativ inverkan på den finansiella rapportens kvalité utifrån resonemang om agentteorin, informationsasymmetrin och earnings management, samt den kvalitativa egenskapen tillförlitlighet. I resonemanget kring den kvalitativa egenskapen, jämförbarhet, är det istället en nackdel att företagen avsätter olika stor yta. / Discounting and present value calculation as a valuation method has increased in use. Acceptance for fair value valuation has also increased and IFRS allows in most standards the use of this valuation method which, depending on use, is associated with subjective elements. Previous researches draws attention to the problem of discounting and present value calculations in terms of opening up for subjectivity and opportunities for management to manipulate earnings and balance sheets. Although there is a consensus about risks with valuation techniques that include discounting and present value calculations, we find that there is lacking studies that map the scope of this valuation technique.In view of Information Asymmetry, Earnings management, Agent Theory and the qualitative characteristics of comparability and reliability the purpose of the study is to map the use of discounting and present value calculation by companies listed on NASDAQ Stockholm. By examining 268 of 299 companies listed on the Stockholm stock exchange, we can demonstrate the use and distinctive differences between companies of different sizes and sectors. The result is to be considered as guidance for future studies.The conclusion is that discounting occurs at most of the companies on NASDAQ Stockholm. A further conclusion from the study is that companies allocate different amount of areas to information about discounting and present value calculation. Consistently through the analysis, the reasoning is that, if the companies allocate a small area of information in relation to other companies, this may have a negative impact on the quality of the financial report. This is based on the reasoning of the agency theory, information asymmetry and earnings management, as well as the qualitative characteristics faithful representation. In the reasoning about the qualitative characteristics, comparability, it is rather a disadvantage that companies allocate different large areas.(This thesis is written in Swedish)

Discounting

Present value calculation

Fair value

surface quantification

Information asymmetry

Earnings management

Agency theory

comparability

faithful representation

Diskontering

nuvärdesberäkning

verkliga värden

kvantifiering av yta

Informationsasymmetri

Earnings management

Agentteorin

jämförbarhet

tillförlitlighet

Business Administration

Företagsekonomi