Ruihua Wang,Yihao Peng,Yilun Sun,Xuancheng Zhang,Hai Wan,Xibin Zhao

DOI: https://doi.org/10.1109/sp46215.2023.10179402

2023-01-01

Abstract:The user interface (UI) of web applications is usually the entry point of web attacks against enterprises and organizations. Finding the UI elements utilized by the intruders is of great importance both for attack interception and web application fixing. Current attack investigation methods targeting web UI either provide rough analysis results or have poor performance in high concurrency scenarios, which leads to heavy manual analysis work. In this paper, we propose TESEC, an accurate attack investigation method for web UI applications. TESEC makes use of two kinds of correlations. The first one, built from annotated audit log partitioned by PID/TID and delimiter-logs, captures the correspondence between audit log entries and web requests. The second one, modeled by an Aho-Corasick automaton built during system testing period, captures the correspondence between requests and the UI elements/events. Leveraging these two correlations, TESEC can accurately and automatically locate the UI elements/events (i.e., the root cause of the alarm) from an alarm, even in high concurrency scenarios. Furthermore, TESEC only needs to be deployed in the server and does not need to collect logs from the client-side browsers. We evaluate TESEC on 12 web applications. The experimental results show that the matching accuracy between UI events/elements and the alarm is above 99.6%. And security analysts only need to check no more than 2 UI elements on average for each individual forensics analysis. The maximum overhead of average response time and audit log space overhead are low (4.3% and 4.6% respectively).

Shixiong Zhao,Rui Gu,Haoran Qiu,Tsz On Li,Yuexuan Wang,Heming Cui,Junfeng Yang

DOI: https://doi.org/10.1109/DSN.2018.00033

2018-01-01

Abstract:Just like bugs in single-threaded programs can lead to vulnerabilities, bugs in multithreaded programs can also lead to concurrency attacks. We studied 31 real-world concurrency attacks, including privilege escalations, hijacking code executions, and bypassing security checks. We found that compared to concurrency bugs' traditional consequences (e.g., program crashes), concurrency attacks' consequences are often implicit, extremely hard to be observed and diagnosed by program developers. Moreover, in addition to bug-inducing inputs, extra subtle inputs are often needed to trigger the attacks. These subtle features make existing tools ineffective to detect concurrency attacks. To tackle this problem, we present OWL, the first practical tool that models general concurrency attacks' implicit consequences and automatically detects them. We implemented OWL in Linux and successfully detected five new concurrency attacks, including three confirmed and fixed by developers, and two exploited from previously known and well-studied concurrency bugs. OWL has also detected seven known concurrency attacks. Our evaluation shows that OWL eliminates 94.1% of the reports generated by existing concurrency bug detectors as false positive, greatly reducing developers' efforts on diagnosis. All OWL source code, concurrency attack exploit scripts, and results are available on github.com/hku-systems/owl.

Juchuan Zhang,Xiaoyu Ji,Yuehan Chi,Yi‐Chao Chen,Bin Wang,Wenyuan Xu

DOI: https://doi.org/10.1145/3448300.3468291

2021-01-01

Abstract:Trade secrets such as intellectual properties are the inherent values for firms. Although companies have exploited strict access management policies and isolated their networks from the public Internet, trade secrets are still vulnerable to side-channel attacks. Side-channels can reveal the computing processes of computers in forms of various physical signals such as light, electromagnetism, and even heat. Such side-channels can bypass the isolation mechanism and therefore bring about severe threats. However, existing side-channels can only perform well within a short-distance (e.g., less than 1 meter) due to the high attenuation of signals. In this paper, we seek to utilize the built-in power lines in a building and construct a power side-channel that enables remote, i.e., cross-outlet attack against trade secrets. To this end, we investigate the power factor correction (PFC) module inside the power supply units of commodity computers and find that the PFC signals observed from an outlet can precisely reveal the power consumption information of all the connected devices, even from the outlets in adjacent rooms. Based upon this insight, we design and implement OutletSpy, a power side-channel attack that can infer application launching from a remote outlet and therefore enjoys the stealthiness property. We validate and evaluate OutletSpy with a dataset under different background APPs, time variations and different locations. The experiment results show OutletSpy can infer the application launching with 98.25% accuracy.

Xinyu Yang,Haoyuan Liu,Ziyu Wang,Peng Gao

DOI: https://doi.org/10.48550/arXiv.2211.05403

2022-11-10

Cryptography and Security

Abstract:System auditing has emerged as a key approach for monitoring system call events and investigating sophisticated attacks. Based on the collected audit logs, research has proposed to search for attack patterns or track the causal dependencies of system events to reveal the attack sequence. However, existing approaches either cannot reveal long-range attack sequences or suffer from the dependency explosion problem due to a lack of focus on attack-relevant parts, and thus are insufficient for investigating complex attacks. To bridge the gap, we propose Zebra, a system that synergistically integrates attack pattern search and causal dependency tracking for efficient attack investigation. With Zebra, security analysts can alternate between search and tracking to reveal the entire attack sequence in a progressive, user-guided manner, while mitigating the dependency explosion problem by prioritizing the attack-relevant parts. To enable this, Zebra provides (1) an expressive and concise domain-specific language, Tstl, for performing various types of search and tracking analyses, and (2) an optimized language execution engine for efficient execution over a big amount of auditing data. Evaluations on a broad set of attack cases demonstrate the effectiveness of Zebra in facilitating a timely attack investigation.

Jun Zhu,Bill Chu,Heather Richter Lipford

DOI: https://doi.org/10.1145/2914642.2914661

2016-01-01

Abstract:ABSTRACTPrivilege Escalation is a common and serious type of security attack. Although experience shows that many applications are vulnerable to such attacks, attackers rarely succeed upon first trial. Their initial probing attempts often fail before a successful breach of access control is achieved. This paper presents an approach to automatically instrument application source code to report events of failed access attempts that may indicate privilege escalation attacks to a run time application protection mechanism. The focus of this paper is primarily on the problem of instrumenting web application source code to detect access control attack events. We evaluated false positives and negatives of our approach using two open source web applications.

Jie Ying,Tiantian Zhu,Wenrui Cheng,Qixuan Yuan,Mingjun Ma,Chunlin Xiong,Tieming Chen,Mingqi Lv,Yan Chen

2024-05-04

Abstract:As the complexity and destructiveness of Advanced Persistent Threat (APT) increase, there is a growing tendency to identify a series of actions undertaken to achieve the attacker's target, called attack investigation. Currently, analysts construct the provenance graph to perform causality analysis on Point-Of-Interest (POI) event for capturing critical events (related to the attack). However, due to the vast size of the provenance graph and the rarity of critical events, existing attack investigation methods suffer from problems of high false positives, high overhead, and high latency. To this end, we propose SPARSE, an efficient and real-time system for constructing critical component graphs (i.e., consisting of critical events) from streaming logs. Our key observation is 1) Critical events exist in a suspicious semantic graph (SSG) composed of interaction flows between suspicious entities, and 2) Information flows that accomplish attacker's goal exist in the form of paths. Therefore, SPARSE uses a two-stage framework to implement attack investigation (i.e., constructing the SSG and performing path-level contextual analysis). First, SPARSE operates in a state-based mode where events are consumed as streams, allowing easy access to the SSG related to the POI event through semantic transfer rule and storage strategy. Then, SPARSE identifies all suspicious flow paths (SFPs) related to the POI event from the SSG, quantifies the influence of each path to filter irrelevant events. Our evaluation on a real large-scale attack dataset shows that SPARSE can generate a critical component graph (~ 113 edges) in 1.6 seconds, which is 2014 X smaller than the backtracking graph (~ 227,589 edges). SPARSE is 25 X more effective than other state-of-the-art techniques in filtering irrelevant edges.

Cryptography and Security

Md Nahid Hossain,Sadegh M Milajerdi,Junao Wang,Birhanu Eshete,Rigel Gjomemo,R Sekar,Scott Stoller,VN Venkatakrishnan

DOI: https://doi.org/10.48550/arXiv.1801.02062

2018-01-06

Cryptography and Security

Abstract:We present an approach and system for real-time reconstruction of attack scenarios on an enterprise host. To meet the scalability and real-time needs of the problem, we develop a platform-neutral, main-memory based, dependency graph abstraction of audit-log data. We then present efficient, tag-based techniques for attack detection and reconstruction, including source identification and impact analysis. We also develop methods to reveal the big picture of attacks by construction of compact, visual graphs of attack steps. Our system participated in a red team evaluation organized by DARPA and was able to successfully detect and reconstruct the details of the red team's attacks on hosts running Windows, FreeBSD and Linux.

Jiaping Gui,Ding Li,Zhengzhang Chen,Junghwan Rhee,Xusheng Xiao,Mu Zhang,Kangkook Jee,Zhichun Li,Haifeng Chen

DOI: https://doi.org/10.1109/ICDE48307.2020.00151

2020-01-01

Abstract:While backtracking analysis has been successful in assisting the investigation of complex security attacks, it faces a critical dependency explosion problem. To address this problem, security analysts currently need to tune backtracking analysis manually with different case-specific heuristics. However, existing systems fail to fulfill two important system requirements to achieve effective backtracking analysis. First, there need flexible abstractions to express various types of heuristics. Second, the system needs to be responsive in providing updates so that the progress of backtracking analysis can be frequently inspected, which typically involves multiple rounds of manual tuning. In this paper, we propose a novel system, APTrace, to meet both of the above requirements. As we demonstrate in the evaluation, security analysts can effectively express heuristics to reduce more than 99.5% of irrelevant events in the backtracking analysis of real-world attack cases. To improve the responsiveness of backtracking analysis, we present a novel execution-window partitioning algorithm that significantly reduces the waiting time between two consecutive updates (especially, 57 times reduction for the top 1% waiting time).

Yao Guo,Junming Ma,Wenjun Wu,Xiangqun Chen

DOI: https://doi.org/10.1007/978-3-030-01701-9_12

2018-01-01

Abstract:The UI (user interface) state of a mobile application is important for attackers since it exposes what is happening inside an application. Attackers could initiate attacks timely according to this information, for example inserting fake GUIs or taking screenshots of GUIs involving user’s sensitive data. This paper proposes PoWatt, a method to infer the timing of sensitive UI occurrences by exploiting power side channels on mobile devices such as smartphones. Based on power traces collected and power patterns learned in advance, PoWatt applies a pattern matching algorithm to detect target UI occurrences within a series of continuous power traces. Experiment results on popular Android apps show that PoWatt can detect sensitive UI loading with an average precision of 71% (up to 98%) and an average recall rate of 70% (up to 88%) during offline detection. In real-time experiments for online detection, PoWatt can still detect sensitive UIs with a reasonable precision and recall, which can be successfully exploited by real-world attacks such as screenshot-based password stealing. Finally, we discuss the limitations of PoWatt and possible mitigation techniques.

Roberto Vigo,Flemming Nielson,Hanne Riis Nielson

DOI: https://doi.org/10.2168/LMCS-12%284%3A5%292016

2016-10-19

Abstract:In the design of software and cyber-physical systems, security is often perceived as a qualitative need, but can only be attained quantitatively. Especially when distributed components are involved, it is hard to predict and confront all possible attacks. A main challenge in the development of complex systems is therefore to discover attacks, quantify them to comprehend their likelihood, and communicate them to non-experts for facilitating the decision process. To address this three-sided challenge we propose a protection analysis over the Quality Calculus that (i) computes all the sets of data required by an attacker to reach a given location in a system, (ii) determines the cheapest set of such attacks for a given notion of cost, and (iii) derives an attack tree that displays the attacks graphically. The protection analysis is first developed in a qualitative setting, and then extended to quantitative settings following an approach applicable to a great many contexts. The quantitative formulation is implemented as an optimisation problem encoded into Satisfiability Modulo Theories, allowing us to deal with complex cost structures. The usefulness of the framework is demonstrated on a national-scale authentication system, studied through a Java implementation of the framework.

Cryptography and Security,Logic in Computer Science

Shiwen Song,Xuanyu Liu,Xiao Fu,Bin Luo,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/globecom46510.2021.9685748

2021-01-01

Abstract:With the widespread use of Android devices, research on their security has attracted increasing attention. However, at present, digital forensics for investigating attacks, such as social engineering attacks and phishing that target Android users, remains a challenging and time-consuming task. To help discover the existence of an attack and conduct effective investigations, we propose a top-down digital forensic tool for Android applications to reconstruct attack scenarios by considering both high-level user interface (UI) elements and low-level system events. Thus, we can explain the nature of an attack from a visual and global perspective. The tested evaluation results show that our tool can successfully reconstruct scenarios on Android devices for phishing attacks.

Moses Ike,Kandy Phan,Keaton Sadoski,Romuald Valme,Wenke Lee

DOI: https://doi.org/10.48550/arXiv.2211.14642

2022-11-27

Abstract:Modern Industrial Control Systems (ICS) attacks evade existing tools by using knowledge of ICS processes to blend their activities with benign Supervisory Control and Data Acquisition (SCADA) operation, causing physical world damages. We present SCAPHY to detect ICS attacks in SCADA by leveraging the unique execution phases of SCADA to identify the limited set of legitimate behaviors to control the physical world in different phases, which differentiates from attackers activities. For example, it is typical for SCADA to setup ICS device objects during initialization, but anomalous during processcontrol. To extract unique behaviors of SCADA execution phases, SCAPHY first leverages open ICS conventions to generate a novel physical process dependency and impact graph (PDIG) to identify disruptive physical states. SCAPHY then uses PDIG to inform a physical process-aware dynamic analysis, whereby code paths of SCADA process-control execution is induced to reveal API call behaviors unique to legitimate process-control phases. Using this established behavior, SCAPHY selectively monitors attackers physical world-targeted activities that violates legitimate processcontrol behaviors. We evaluated SCAPHY at a U.S. national lab ICS testbed environment. Using diverse ICS deployment scenarios and attacks across 4 ICS industries, SCAPHY achieved 95% accuracy & 3.5% false positives (FP), compared to 47.5% accuracy and 25% FP of existing work. We analyze SCAPHYs resilience to futuristic attacks where attacker knows our approach.

Cryptography and Security

Zhe Liu,Chunyang Chen,Junjie Wang,Yuekai Huang,Jun Hu,Qing Wang

DOI: https://doi.org/10.48550/arXiv.2009.01417

2020-09-03

Software Engineering

Abstract:Graphical User Interface (GUI) provides a visual bridge between a software application and end users, through which they can interact with each other. With the development of technology and aesthetics, the visual effects of the GUI are more and more attracting. However, such GUI complexity posts a great challenge to the GUI implementation. According to our pilot study of crowdtesting bug reports, display issues such as text overlap, blurred screen, missing image always occur during GUI rendering on different devices due to the software or hardware compatibility. They negatively influence the app usability, resulting in poor user experience. To detect these issues, we propose a novel approach, OwlEye, based on deep learning for modelling visual information of the GUI screenshot. Therefore, OwlEye can detect GUIs with display issues and also locate the detailed region of the issue in the given GUI for guiding developers to fix the bug. We manually construct a large-scale labelled dataset with 4,470 GUI screenshots with UI display issues and develop a heuristics-based data augmentation method for boosting the performance of our OwlEye. The evaluation demonstrates that our OwlEye can achieve 85% precision and 84% recall in detecting UI display issues, and 90% accuracy in localizing these issues. We also evaluate OwlEye with popular Android apps on Google Play and F-droid, and successfully uncover 57 previously-undetected UI display issues with 26 of them being confirmed or fixed so far.

Yixiong Wu,Shangru Song,Jianwei Zhuge,Tingting Yin,Tianyi Li,Junmin Zhu,Guannan Guo,Yue Liu,Jianju Hu

DOI: https://doi.org/10.1007/978-3-031-37807-2_1

2022-01-01

Abstract:Industrial Control Systems (ICS) play an important role in modern Industrial manufacturing and city life, as well as an critical attack surface. However, many ICS devices are deployed without proper security consideration, such as being exposed to the public Internet without protection. Furthermore, the ICS devices are hardly updated or patched due to the stability requirements. Therefore, the Internet-accessible ICS devices generally have publicly known vulnerabilities, which makes them fragile victims. In this work, we propose a method to measure the security status of Internet-facing ICS devices in a passive way and develop a prototype ICScope. With ICScope, we can find vulnerable devices without actively scanning the ICS device, which may have negative effects on their normal operation. ICScope collects device information from multiple public search engines like Shodan, gets vulnerability information from vulnerability databases like NVD, and matches them according to the vendors, products, and versions. ICScope can deal with the incomplete device data collected from the search engines and has taken the honeypots into consideration. We use ICScope to launch a comprehensive evaluation of the ICS devices exposed to the Internet between Dec 2019 and Jan 2020, including 466K IPs. The result shows that 49.58% of Internet-facing ICS devices have at least one publicly known vulnerability. We also observed a downward trend in the number of ICS devices and their vulnerable percentage during our measurement spanning 1.5 years.

Yu Ding,Tao Wei,Hui Xue,Yulong Zhang,Chao Zhang,Xinhui Han

DOI: https://doi.org/10.1007/s11432-016-5521-0

2016-01-01

Science China Information Sciences

Abstract:Software exploits, especially zero-day exploits, are major security threats. Every day, security experts discover and collect numerous exploits from honeypots, malware forensics, and underground channels.However, no easy methods exist to classify these exploits into meaningful categories and to accelerate diagnosis as well as detailed analysis. To address this need, we present Seismo Meter, which recognizes both control-flowhijacking, and data-only attacks by combining approximate control-flow integrity, fast dynamic taint analysis and API sandboxing schemes. Once it detects an exploit incident, Seismo Meter generates a succinct data representation, called an exploit skeleton, to characterize the captured exploit. Seismo Meter then classifies the captured exploits into different exploit families by performing distance computing on the extracted skeletons.To evaluate the efficiency of Seismo Meter, we conduct a field test using exploit samples from public exploit databases, such as Metasploit, as well as wild-captured exploits. Our experiments demonstrate that Seismo Meter is a practical system that successfully detects and correctly classifies all these exploit attacks.

Yushan Liu,Mu Zhang,Ding Li,Kangkook Jee,Zhichun Li,Zhenyu Wu,Junghwan Rhee,Prateek Mittal

DOI: https://doi.org/10.14722/ndss.2018.23254

2018-01-01

Abstract:The increasingly sophisticated Advanced Persistent Threat (APT) attacks have become a serious challenge for enterprise IT security. Attack causality analysis, which tracks multi-hop causal relationships between files and processes to diagnose attack provenances and consequences, is the first step towards understanding APT attacks and taking appropriate responses. Since attack causality analysis is a time-critical mission, it is essential to design causality tracking systems that extract useful attack information in a timely manner. However, prior work is limited in serving this need. Existing approaches have largely focused on pruning causal dependencies totally irrelevant to the attack, but fail to differentiate and prioritize abnormal events from numerous relevant, yet benign and complicated system operations, resulting in long investigation time and slow responses. To address this problem, we propose PRIOTRACKER, a backward and forward causality tracker that automatically prioritizes the investigation of abnormal causal dependencies in the tracking process. Specifically, to assess the priority of a system event, we consider its rareness and topological features in the causality graph. To distinguish unusual operations from normal system events, we quantify the rareness of each event by developing a reference model which records common routine activities in corporate computer systems. We implement PRIOTRACKER, in 20K lines of Java code, and a reference model builder in 10K lines of Java code. We evaluate our tool by deploying both systems in a real enterprise IT environment, where we collect 1TB of 2.5 billion OS events from 150 machines in one week. Experimental results show that PRIOTRACKER can capture attack traces that are missed by existing trackers and reduce the analysis time by up to two orders of magnitude.

Lei Wu,Siwei Wu,Yajin Zhou,Runhuai Li,Zhi Wang,Xiapu Luo,Cong Wang,Kui Ren

2020-01-01

Abstract:As one of the representative blockchain platforms, Ethereum has attractedlots of attacks. Due to the existed financial loss, there is a pressing need toperform timely investigation and detect more attack instances. Though multiplesystems have been proposed, they suffer from the scalability issue due to thefollowing reasons. First, the tight coupling between malicious contractdetection and blockchain data importing makes them infeasible to repeatedlydetect different attacks. Second, the coarse-grained archive data makes theminefficient to replay transactions. Third, the separation between maliciouscontract detection and runtime state recovery consumes lots of storage. In this paper, we present the design of a scalable attack detection frameworkon Ethereum. It overcomes the scalability issue by saving the Ethereum stateinto a database and providing an efficient way to locate suspicioustransactions. The saved state is fine-grained to support the replay ofarbitrary transactions. The state is well-designed to avoid saving unnecessarystate to optimize the storage consumption. We implement a prototype namedEthScope and solve three technical challenges, i.e., incomplete Ethereum state,scalability, and extensibility. The performance evaluation shows that oursystem can solve the scalability issue, i.e., efficiently performing alarge-scale analysis on billions of transactions, and a speedup of around2,300x when replaying transactions. It also has lower storage consumptioncompared with existing systems. The result with three different types ofinformation as inputs shows that our system can help an analyst understandattack behaviors and further detect more attacks. To engage the community, wewill release our system and the dataset of detected attacks.

Peng Gao,Xusheng Xiao,Zhichun Li,Kangkook Jee,Fengyuan Xu,Sanjeev R. Kulkarni,Prateek Mittal

DOI: https://doi.org/10.48550/arXiv.1810.03464

2019-03-19

Abstract:The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each enterprise host, and perform timely attack investigation over the monitoring data for uncovering the attack sequence. However, existing general-purpose query systems lack explicit language constructs for expressing key properties of major attack behaviors, and their semantics-agnostic design often produces inefficient execution plans for queries. To address these limitations, we build AIQL, a novel query system that is designed with novel types of domain-specific optimizations to enable efficient attack investigation. AIQL provides (1) domain-specific data model and storage for storing the massive system monitoring data, (2) a domain-specific query language, Attack Investigation Query Language (AIQL) that integrates critical primitives for expressing major attack behaviors, and (3) an optimized query engine based on the characteristics of the data and the semantics of the query to efficiently schedule the execution. We have deployed AIQL in NEC Labs America comprising 150 hosts. In our demo, we aim to show the complete usage scenario of AIQL by (1) performing an APT attack in a controlled environment, and (2) using AIQL to investigate such attack by querying the collected system monitoring data that contains the attack traces. The audience will have the option to perform the APT attack themselves under our guidance, and interact with the system and investigate the attack via issuing queries and checking the query results through our web UI.

Cryptography and Security,Software Engineering

Sadegh M. Milajerdi,Birhanu Eshete,Rigel Gjomemo,V.N. Venkatakrishnan

DOI: https://doi.org/10.48550/arXiv.1810.05711

2018-10-13

Abstract:Kernel audit logs are an invaluable source of information in the forensic investigation of a cyber-attack. However, the coarse granularity of dependency information in audit logs leads to the construction of huge attack graphs which contain false or inaccurate dependencies. To overcome this problem, we propose a system, called ProPatrol, which leverages the open compartmentalized design in families of enterprise applications used in security-sensitive contexts (e.g., browser, chat client, email client). To achieve its goal, ProPatrol infers a model for an application's high-level tasks as input-processing compartments using purely the audit log events generated by that application. The main benefit of this approach is that it does not rely on source code or binary instrumentation, but only on a preliminary and general knowledge of an application's architecture to bootstrap the analysis. Our experiments with enterprise-level attacks demonstrate that ProPatrol significantly cuts down the forensic investigation effort and quickly pinpoints the root- cause of attacks. ProPatrol incurs less than 2% runtime overhead on a commodity operating system.

Cryptography and Security

Chen Zhi,Jianwei Yin,Junxiao Han,Shuiguang Deng

DOI: https://doi.org/10.1109/apsec51365.2020.00058

2020-01-01

Abstract:Logging is a common practice to collect valuable runtime information about software systems. However, information written to log files can be sensitive and give valuable guidance to attackers. In fact, information exposure through logging is not uncommon. Even large-scale online services (e.g., Facebook and Twitter) have reported exposing sensitive information via log files, and hundreds of millions of users are affected. Despite the severity of such vulnerabilities, there is no existing work that studies such vulnerabilities in the real-world context, and we have little knowledge about them. To fill this gap, we conduct a preliminary study on 413 real-world vulnerabilities to investigate the exploitability and root causes of such vulnerabilities. By analyzing these vulnerabilities, we find that 1) about two-third (67.8%) vulnerabilities can be exploited via the network, and a significant amount (89.3%) of vulnerabilities can be exploited with low efforts; 2) malicious users and insiders can use about half of (46.9%) proof-of-concept exploits to launch attacks without any expertise; 3) the top three common root causes for the vulnerabilities are insecure whole-object logging (43.4%), incorrect permission assignment (17.5%), and improper implementation of sanitization (11.2%). Based on the findings, we also discuss the implications for researchers and practitioners. We believe our work can inspire further work on detecting and fixing the vulnerabilities.