Proceedings of the 7th Symposium on Hot Topics in the Science of Security最新文献

{"title":"Can we use software bug reports to identify vulnerability discovery strategies?","authors":"Farzana Ahamed Bhuiyan, Raunak Shakya, A. Rahman","doi":"10.1145/3384217.3385618","DOIUrl":"https://doi.org/10.1145/3384217.3385618","url":null,"abstract":"Daily horror stories related to software vulnerabilities necessitates the understanding of how vulnerabilities are discovered. Identification of data sources that can be leveraged to understand how vulnerabilities are discovered could aid cybersecurity researchers to characterize exploitation of vulnerabilities. The goal of the paper is to help cybersecurity researchers in characterizing vulnerabilities by conducting an empirical study of software bug reports. We apply qualitative analysis on 729, 908, and 5336 open source software (OSS) bug reports respectively, collected from Gentoo, LibreOffice, and Mozilla to investigate if bug reports include vulnerability discovery strategies i.e. sequences of computation and/or cognitive activities that an attacker performs to discover vulnerabilities, where the vulnerability is indexed by a credible source, such as the National Vulnerability Database (NVD). We evaluate two approaches namely, text feature-based approach and regular expression-based approach to automatically identify bug reports that include vulnerability discovery strategies. We observe the Gentoo, LibreOffice, and Mozilla bug reports to include vulnerability discovery strategies. Using text feature-based prediction models, we observe the highest prediction performance for the Mozilla dataset with a recall of 0.78. Using the regular expression-based approach we observe recall to be 0.83 for the same dataset. Findings from our paper provide the groundwork for cybersecurity researchers to use OSS bug reports as a data source for advancing the science of vulnerabilities.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"462 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115784644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Decentralized backup and recovery of TOTP secrets","authors":"Conor Gilsenan, Noura Alomar, Andrew Huang, Serge Egelman","doi":"10.1145/3384217.3386396","DOIUrl":"https://doi.org/10.1145/3384217.3386396","url":null,"abstract":"This work proposes a set of security, privacy, and usability design requirements for the backup and recovery systems of apps implementing the Time-based One-Time Password (TOTP) algorithm, a widely deployed method of two-factor authentication (2FA). We explain how several prevalent apps fail to satisfy these requirements and outline how our scheme leverages decentralized security techniques to satisfy the majority of these requirements and provide stronger security and privacy guarantees.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114762932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Do configuration management tools make systems more secure?: an empirical research plan","authors":"Md. Rayhanur Rahman, W. Enck, L. Williams","doi":"10.1145/3384217.3384223","DOIUrl":"https://doi.org/10.1145/3384217.3384223","url":null,"abstract":"Configuration Management Tools (CMT) help developers manage the system and installed application in an automated and efficient manner. However, misconfiguration in these tools can make a system vulnerable to compromises. Whether the usage of these tools makes the systems secure - this question can only be answered through empirical evidence. Hence, we propose a empirical research plan on the impact of CMT on systems where these tools have been applied. As a case, we will investigate the case of Endpoint Linux Management System managed by Puppet, a popular configuration management tool.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130614537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A preliminary taxonomy of techniques used in software fuzzing","authors":"Raunak Shakya, A. Rahman","doi":"10.1145/3384217.3384219","DOIUrl":"https://doi.org/10.1145/3384217.3384219","url":null,"abstract":"Software fuzzing is a testing technique, which generates erroneous and random input to a software so that the software of interest can be monitored for exceptions such as crashes [1]. Both in the open source software (OSS) and proprietary domain, fuzzing has been widely used to explore software vulnerabilities. For example, information technology (IT) organizations such as Google1 and Microsoft2 use software fuzzing as part of the software development process. As of Jan 2019, GitHub hosts 2,915 OSS repositories related to fuzzing3.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"131 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124716541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A formal security analysis of ZigBee (1.0 and 3.0)","authors":"Li Li, P. Podder, Md. Endadul Hoque","doi":"10.1145/3384217.3385617","DOIUrl":"https://doi.org/10.1145/3384217.3385617","url":null,"abstract":"The rapid increase in the number of IoT devices in recent years indicates how much financial investment and efforts the tech-industries and the device manufacturers have put in. Unfortunately, this aggressive competition can give rise to poor quality IoT devices that are prone to adversarial attacks. To make matter worse, these attacks can compromise not only security but also safety, since an IoT device can directly operate on the physical world. Many recently reported attacks are due to the insecurity present in the underlying communication protocol stacks, and ZigBee is one of them. Considering the emergence and adoption of ZigBee 3.0 and the current market share of ZigBee 1.0, it is essential to study and analyze these protocol stacks at their specification level so that any insecurity at the specification level should be identified and fixed before they go into production. With that goal in mind, in this paper, we develop a model for ZigBee (1.0 and 3.0) and reason about its security properties using a security protocol verification tool (named Tamarin). Our model of ZigBee closely follows the ZigBee specification, and the security properties are derived from the ZigBee specification. We use Tamarin to verify these properties on our model and report our findings on ZigBee 1.0 and ZigBee 3.0.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125343054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"@PAD","authors":"A. Ozdagli, Carlos Barreto, X. Koutsoukos","doi":"10.1145/3384217.3385616","DOIUrl":"https://doi.org/10.1145/3384217.3385616","url":null,"abstract":"In this work, we study the vulnerabilities of protection systems that can detect cyber-attacks in power grid systems. We show that machine learning-based discriminators are not resilient against Denial-of-Service (DoS) attacks. In particular, we demonstrate that an adversarial actor can launch DoS attacks on specific sensors, render their measurements useless and cause the attack detector to classify a more sophisticated cyber-attack as a normal event. As a result of this, the system operator may fail to take action against attack-related faults leading to a decrease in the operation performance. To realize a DoS attack, we present an optimization problem to determine which sensors to attack within a given budget such that the existing classifier can be deceived. For linear classifiers, this optimization problem can be formulated as a mixed-integer linear programming problem. In this paper, we extend this optimization problem to find attacks for more complex classifiers such as neural networks. We demonstrate that a neural network, in particular, with RELU activation functions, can be represented as a set of logic formulas using Disjunctive Normal Form, and the optimization problem can be used to efficiently compute a DoS attack. In addition, we propose a defense model that improves the resilience of neural networks against DoS through adversarial training. Finally, we evaluate the efficiency of the approach using a dataset for classification in power systems.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116964258","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exploring hackers assets: topics of interest as indicators of compromise","authors":"M. Al-Ramahi, I. Alsmadi, Joshua Davenport","doi":"10.1145/3384217.3385619","DOIUrl":"https://doi.org/10.1145/3384217.3385619","url":null,"abstract":"The need to develop actionable intelligence that is proactive is very critical to current security controls and systems. Hackers and hacking techniques continue to grow and become more sophisticated. As such Security teams start to adopt proactive and offensive approaches within hackers' territories. In this scope, we proposed a systematic approach to automatically extract \"topics of interest, ToI\" from hackers' websites. Those can eventually be used as inputs to actionable security controls or Indicators of Compromise (IOS) collectors. As a showcase, we selected the hackers' news website \"CrackingFire\". ToI can be integrated into Indicators of Compromise (IoC) and once correlated with other signs of attacks from those IoC will trigger further cybersecurity offense or defense actions. We also developed our own dark web crawler and evaluate extracting ToIs. We observed the types of challenges in both the crawling and the processing stages.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117342772","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improving architectures for automating network security using specification-based protocols","authors":"Khir Henderson, K. Kornegay","doi":"10.1145/3384217.3386395","DOIUrl":"https://doi.org/10.1145/3384217.3386395","url":null,"abstract":"The proliferation of the Internet of Things continues to be a critical issue today. The current landscape provides security with minimal oversight and is furthermore inadequate due to unaccounted human behavior in the design flow and management of personal networks. As a result, these inherently insecure devices exponentially increase the attack surface of our critical infrastructure. This research leverages a specification-based protocol called Manufacturer Usage Description or MUD that is designed to automate access control at the \"edge\" of the network where IoT devices reside. This research approaches improved network security by underlining inherent weaknesses and key research areas to create a resilient architecture that is both sustainable and scalable.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126784403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Accelerating block propagation in PoW blockchain networks with pipelining and chunking","authors":"Kaushik Ayinala, Baek-Young Choi, Sejun Song","doi":"10.1145/3384217.3385621","DOIUrl":"https://doi.org/10.1145/3384217.3385621","url":null,"abstract":"Blockchain is an open, verifiable, and distributed consensus of transactions among different parties, relying on P2P technology for connectivity between nodes. However, the long time of block propagation limits inceptions of another consensus. We propose a novel method that accelerates block propagation in PoW blockchain networks by pipelining message transaction and verifications in parallel over a network with chunks of a block (PiChu). We have conducted extensive evaluations to present the significance of the network pipelining with many parallel chunk connections. Various simulation results exhibit that the proposed method achieves significantly less latency of block propagation than traditional method as the size of a P2P network increases.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"154 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127280286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Resilient multi-robot target pursuit","authors":"Jiani Li, W. Abbas, Mudassir Shabbir, X. Koutsoukos","doi":"10.1145/3384217.3386401","DOIUrl":"https://doi.org/10.1145/3384217.3386401","url":null,"abstract":"We consider the problem of networked agents cooperating together to perform a task of optimizing the parameters of a global cost function. Agents receive linearly correlated noisy streaming data that can be used to learn the target parameters via Least-Mean-Squares (LMS) approaches. Diffusion scheme is incorporated such that at each step after agents adapt the parameters by the current received data, a combination step is included for agents to aggregate the information coming from its one-hop neighbors. It has been demonstrated that by introducing the aggregation step, diffusion algorithms greatly improve the learning accuracy of the parameters measured by the network Mean-Square-Deviation (MSD) [1]. However, the aggregation step is susceptible to attacks. In the presence of Byzantine agents, the aggregation of Byzantine information can easily disrupt the convergence of normal robots and even one Byzantine agent can drive its normal neighbors to converge to some point desired by the attacker [2]. To address this, we propose a resilient aggregation rule based on the notion of centerpoint [3], which is a generalization of median in the higher dimensional Euclidean space. We show that if a normal robot implements the centerpoint based aggregation rule for distributed diffusion, then it can guarantee the aggregated result to lie inside the convex hull of its normal neighbors, given at most [EQUATION] neighbors are Byzantine with n total negihbors and d-dimensional state vectors exchanged among agents. Further, we demonstrate all normal robots implementing centerpoint based distributed diffusion converge resiliently to the true target state. In addition, we demonstrate that widely adopted aggregation rules such as coordinate-wise median [4] and geometric median [5] based are not resilient under certain conditions. The main reason is that unlike centerpoint based aggregation, these rules do not guarantee the aggregation result to be inside the convex hull of the states of normal agents. We carried out experiments on Robotarium, a multirobot testbed developed at the Georgia Institute of Technology to demonstrate the cases where diffusion with coordinate-wise median and geometric median based aggregation rules fail to converge to the true target state, whereas diffusion with centerpoint based rule resiliently converge to the true target state in the same scenario.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"396 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131916916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}