Shumian Yang,Lianhai Wang,Dawei Zhao,Xiaohui Han,Shuhui Zhang

DOI: https://doi.org/10.22323/1.300.0033

2018-01-01

Abstract:Software definition networking is a revolutionary network architecture, which realizes the separation of the control plane and data plane of a network. While providing the centralized controllability and the software programmability, the network itself is encountering many security problems. In order to solve the problem of security threats in SDN networks, there are different layers of unique security challenges and the relevant research on SDN security problems. This paper introduces the depth learning technology into the field of security threat detection in SDN, and propose a security threat detection framework based on depth learning.The framework is based on the research on model establishment, abnormal behavior recognition and decision algorithm design. The software system based on physical memory analysis is under development in SDN. The system verifies the feasibility of this framework, and to finally generate the work plan on SDN infrastructure.

Shengyi Pan,Lingfeng Bao,Xin Xia,David Lo,Shanping Li

DOI: https://doi.org/10.1109/icse48619.2023.00088

2023-01-01

Abstract:Identifying security patches via code commits to allow early warnings and timely fixes for Open Source Software (OSS) has received increasing attention. However, the existing detection methods can only identify the presence of a patch (i.e., a binary classification) but fail to pinpoint the vulnerability type. In this work, we take the first step to categorize the security patches into fine-grained vulnerability types. Specifically, we use the Common Weakness Enumeration (CWE) as the label and perform fine-grained classification using categories at the third level of the CWE tree. We first formulate the task as a Hierarchical Multi-label Classification (HMC) problem, i.e., inferring a path (a sequence of CWE nodes) from the root of the CWE tree to the node at the target depth. We then propose an approach named TREEVUL with a hierarchical and chained architecture, which manages to utilize the structure information of the CWE tree as prior knowledge of the classification task. We further propose a tree structure aware and beam search based inference algorithm for retrieving the optimal path with the highest merged probability. We collect a large security patch dataset from NVD, consisting of 6,541 commits from 1,560 GitHub OSS repositories. Experimental results show that TREEVUL significantly outperforms the best performing baselines, with improvements of 5.9%, 25.0%, and 7.7% in terms of weighted F1-score, macro F1-score, and MCC, respectively. We further conduct a user study and a case study to verify the practical value of TREEVUL in enriching the binary patch detection results and improving the data quality of NVD, respectively.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Yidan Ren,Zhengzhou Zhu,Xiangzhou Chen,Huixia Ding,Geng Zhang

DOI: https://doi.org/10.1145/3177457.3191709

2018-01-01

Abstract:With the rapid development of information technology, software systems' scales and complexity are showing a trend of expansion. The users' needs for the software security, software security reliability and software stability are growing increasingly. At present, the industry has applied machine learning methods to the fields of defect detection to repair and improve software defects through the massive data intelligent semantic analysis or code scanning. The model in machine learning is faced with big difficulty of model building, understanding, and the poor visualization in the field of traditional software defect detection. In view of the above problems, we present a point of view that intelligent semantic analysis technology based on massive data, and using the trusted behavior decision tree model to analyze the soft behavior by layered detection technology. At the same time, it is equipped related test environment to compare the tested software. The result shows that the defect detection technology based on intelligent semantic analysis of massive data is superior to other techniques at the cost of building time and error reported ratio.

Linzhang Wang,Eric Wong,Dianxiang Xu

DOI: https://doi.org/10.1109/SESS.2007.2

2007-01-01

Abstract:In this paper, we propose a novel threat model-driven security testing approach for detecting undesirable threat behavior at runtime. Threats to security policies are modelled with UML (Unified Modeling Language) sequence diagrams. From a design-level threat model we extract a set of threat traces, each of which is an event sequence that should not occur during the system execution. The same threat model is also used to decide what kind of information should be collected at runtime and to guide the code instrumentation. The instrumented code is recompiled and executed using test cases randomly generated. The execution traces are collected and analyzed to verify whether the aforementioned undesirable threat traces are matched. If an execution trace is an instance of a threat trace, security violations are reported and actions should be taken to mitigate the threat in the system. Thus the linkage between models, code implementations, and security testing are extended to form a systematic methodology that can test certain security policies.

Ming Huang,Yisha Lu,Qingkai Zeng

2010-01-01

Abstract:As the core of various security problems, software vulnerability is the main challenge in the information security field. Particularly, software vulnerability modeling is an actively defensive measure for software security, aiming to detect and eliminate the potential vulnerabilities before they have been exploited. In this paper, a structured and graphic method for modeling vulnerability is proposed. The method combines the advantages of existing methods to depict and reason about security vulnerabilities, which would be useful for a better understanding of the nature of vulnerabilities, and become an effective way to detect and prevent the software vulnerabilities. The practical application result shows that GSM could reveal some related information and properties that existing methods cannot find in the vulnerability databases in public.

Lian Yu,Jun Zhou,Yue Yi,Jianchu Fan,Qianxiang Wang

DOI: https://doi.org/10.1109/qsic.2009.10

2009-01-01

Abstract:Static analysis works well at checking defects that clearly map to source code constructs. Model checking can find defects of deadlocks and routing loops that are not easily detected by static analysis, but faces the problem of state explosion. This paper proposes a hybrid approach to detecting security defects in programs. Fuzzy Inference System is used to infer selection among the two detection approaches. A cluster algorithm is developed to divide a large system into several clusters in order to apply model checking. Ontology based static analysis employs logic reasoning to intelligently detect the defects. We also put forwards strategies to improve performance of the static analysis. At last, we perform experiments to evaluate the accuracy and performance of the hybrid approach.

Jiaxin Yu,Liming Fu,Peng Liang,Amjed Tahir,Mojtaba Shahin

2023-07-05

Abstract:Background: Despite the widespread use of automated security defect detection tools, software projects still contain many security defects that could result in serious damage. Such tools are largely context-insensitive and may not cover all possible scenarios in testing potential issues, which makes them susceptible to missing complex security defects. Hence, thorough detection entails a synergistic cooperation between these tools and human-intensive detection techniques, including code review. Code review is widely recognized as a crucial and effective practice for identifying security defects. Aim: This work aims to empirically investigate security defect detection through code review. Method: To this end, we conducted an empirical study by analyzing code review comments derived from four projects in the OpenStack and Qt communities. Through manually checking 20,995 review comments obtained by keyword-based search, we identified 614 comments as security-related. Results: Our results show that (1) security defects are not prevalently discussed in code review, (2) more than half of the reviewers provided explicit fixing strategies/solutions to help developers fix security defects, (3) developers tend to follow reviewers' suggestions and action the changes, (4) Not worth fixing the defect now and Disagreement between the developer and the reviewer are the main causes for not resolving security defects. Conclusions: Our research results demonstrate that (1) software security practices should combine manual code review with automated detection tools, achieving a more comprehensive coverage to identifying and addressing security defects, and (2) promoting appropriate standardization of practitioners' behaviors during code review remains necessary for enhancing software security.

Software Engineering

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

Jipeng Wu,Shanshan Lv,Eryu Ding,Bin Luo

DOI: https://doi.org/10.1109/icsess.2015.7338994

2015-01-01

Abstract:There are two types of software defects: (1)implementation defects(i.e., discrepancies between a implementation and its specification), and (2)specification defects(Systems implemented correctly may also fail due to its defective specification design). This paper presents a specification defects detection method called Specification Defects Detection Using Statecharts (SDDS), and applies it to 5 classes from open source software. SDDS converts source codes to statecharts and then find intrinsic design defects or risks of specifications from their statecharts. We applied this method in our case study and proved that at least 3 types of specification defects exist and can be detected by SDDS.

Wanwangying MA,Lin CHEN,Zhifei CHEN,Ziyuan WANG

DOI: https://doi.org/10.3778/j.issn.1673-9418.1403007

2014-01-01

Abstract:In order to evaluate the risk of software defects, this paper proposes an approach for defects evaluation based on complex network analysis. In this approach, a network model is used to express the relationship between entities, and the methods in source code and the call relations between them are extracted as nodes and directed edges respectively to construct the source code network. Then the importance of root cause nodes with respect to the whole network is computed by the betweenness centrality and PageRank, which is used to assess the severity of defects. The experimental results show that the approach has a good performance in evaluating inside software severe defects, which can help maintainers pay more attention to implicit severe defects and provide helpful reference to the pro-gram repair, thus supporting software evolution.

Yan Wu,Jingyi Su,David D. Moran,Chris D. Near

DOI: https://doi.org/10.48550/arXiv.2301.06215

2023-01-15

Software Engineering

Abstract:The mass production of complex software has made it impossible to manually test it for security vulnerabilities. Automated security testing tools come in a variety of flavors, function at various stages of software development, and target different categories of software vulnerabilities. It is great that we have a plethora of automated tools to choose from, but it is a problem that their adoption and recognition are not prominent. The purpose of this study is to explore the possibilities of existing techniques while also broadening the horizon by exploring the future of security testing tools and related techniques.

Xueqin Gao,Tao Shang,Da Li,Jianwei Liu

DOI: https://doi.org/10.1109/pst55820.2022.9851965

2022-01-01

Abstract:SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.

Juan C. Augusto,George Wilkie,Chunping Li,Hui Wang,Jun Liu

DOI: https://doi.org/10.5220/0003596000710077

2011-01-01

Abstract:We explain a new strategy to model a set of java classes and to abstract a model from them that can be use to study the impact that defects affecting specific classes can have on the whole system. We use the models of the software implementation as an abstraction of the software that can be used for experimentation We used simulation and verification in SPIN but the idea can be applied to implementations in other languages than java and the analysis of defects impact can be done with other verification tools as well.

Zhefei Zhang,Qinghua Zheng,Xiaohong Guan,Qing Wang,Tuo Wang

DOI: https://doi.org/10.1007/s11460-008-0047-x

2008-01-01

Frontiers of Electrical and Electronic Engineering in China

Abstract:SQL injection poses a major threat to the application level security of the database and there is no systematic solution to these attacks. Different from traditional run time security strategies such as IDS and firewall, this paper focuses on the solution at the outset; it presents a method to find vulnerabilities by analyzing the source codes. The concept of validated tree is developed to track variables referenced by database operations in scripts. By checking whether these variables are influenced by outside inputs, the database operations are proved to be secure or not. This method has advantages of high accuracy and efficiency as well as low costs, and it is universal to any type of web application platforms. It is implemented by the software code vulnerabilities of SQL injection detector (CVSID). The validity and efficiency are demonstrated with an example.

Zongjie Li,Zhibo Liu,Wai Kin Wong,Pingchuan Ma,Shuai Wang

DOI: https://doi.org/10.1109/tdsc.2024.3354789

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In recent years, query-based static application security testing (Q-SAST) tools such as CodeQL have gained popularity due to their ability to codify vulnerability knowledge into SQL-like queries and search for vulnerabilities in the database derived from the software. The industry has made considerable progress in building Q-SAST tools, facilitating their integration into the continuous integration (CI) pipeline, and sustaining an active community. However, we do not have a systematic understanding of their vulnerability detection capability in comparison to conventional SAST tools. We conduct the first in-depth study of Q-SAST to demystify their C/C++ vulnerability detectability. Our study is conducted from three complementary aspects. We first use a synthetic CWE test suite and a real-world CVE test suite, totaling almost 30K programs with known CWE/CVE, to assess popular (commercial) Q-SAST and industry-leading SAST (requiring no queries). Then, we gather defect-fixing pull requests (PRs) since the release dates of three popular Q-SAST tools, characterizing historically-fixed defects and comparing them to pitfalls exposed in our CWE/CVE study. To enhance vulnerability detection, we design SAST-MT, a metamorphic testing framework to detect false positives (FPs) and false negatives (FNs) of Q-SAST. Findings of SAST-MT can be used to easily expose the root causes of Q-SAST's FPs and FNs. We summarize lessons from our study that can benefit both users and developers of Q-SAST.

computer science, information systems, software engineering, hardware & architecture

Li Zhou,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.1109/icstw.2011.18

2011-01-01

Abstract:Protocol security testing is an important technique to ensure the security of communication protocols. However, methods considering both effective detection to specification vulnerabilities and efficient testing on protocol implementations are not well developed. In this paper, we present a general method for protocol security testing including protocol verification with SPIN model checker and protocol testing with formal testing language TTCN-3. We use threat model to model malicious entities and import the classification of information security to achieve a complete analysis of security requirements for protocol verification. We also develop a SPIN Trail to TTCN-3(st2ttcn) conversion tool to generate test cases automatically from counter examples obtained from model checking. As a case study, we apply our approach to the security testing of Source Address Validation Improvements (SAVI) protocol. We test two versions of SAVI-DHCP protocol. Security vulnerabilities have been found and tested in corresponding implementations.

WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2010.04.031

2010-01-01

Computer Science

Abstract:In order to analyze vulnerabilities in executable programs,a vulnerability analysis framework for binaries based upon model checking was proposed.Firstly,the abstract model of binary was defined,and the formal models of vulnerabilities based upon finite state automaton and the representations of software security attributes based upon event system were described.Then,the model checking based vulnerability analysis process and algorithm were proposed with respect to the abstract models of binaries and the security attributes to be checked.After that,the prototype of vulnerability analysis tool was designed and implemented based upon the framework.The illustrative sample program was analyzed to show in detail the principles of the framework,and the experimental results show the effectiveness of the analysis method.

Edward Chen,Han Bao,Tate Shorthill,Carl Elks,Nam Dinh

DOI: https://doi.org/10.48550/arXiv.2205.12075

2022-05-24

Software Engineering

Abstract:In recent years, there has been considerable effort to modernize existing and new nuclear power plants with digital instrumentation and control systems. However, there has also been considerable concern both by industry and regulatory bodies for the risk and consequence analysis of these systems. Of concern are digital common cause failures specifically due to software defects. These failures by the software can occur in both the control and monitoring of a system. While many methods have been proposed to identify software failure modes, such as Systems Theoretic Process Analysis, Hazard and Consequence Analysis for Digital Systems, etc., these methods are focused primarily on the control action pathway of a system. In contrast, the information feedback pathway lacks Unsafe Control Actions, which are typically related to software basic events; thus, assessment of software basic events in such systems is unclear. In this work, we present the idea of intermediate processors and Unsafe Information Flow (UIF) to help safety analysts trace failure mechanisms in the feedback pathway and how they can be integrated into a fault tree for improved assessment capability. The concepts presented are demonstrated in two comprehensive case studies, a smart sensor integrated platform for unmanned autonomous vehicles and another on a representative advanced human system interface for safety critical plant monitoring. The qualitative software basic events are identified, and a fault tree analysis is conducted based on a modified Redundancy guided Systems theoretic Hazard Analysis methodology. The case studies demonstrate the use of UIFs and intermediate processors in the fault tree to improve traceability of software failures in highly complex digital instrumentation feedback. The improved method clarifies fault tree construction when multiple component dependencies are present in the system.