Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems.Such security design flaws can ...Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems.Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage.Therefore,it is an essential task to discover unrestricted and misimplemented behaviors of a system.However,it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in detail.Also,most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities.This paper proposes SMINER,a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors.SMINER first collects unit test cases for the target system from the official repository.Next,preprocess the collected code fragments.SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing.To demonstrate the effectiveness of SMINER,this paper evaluates SMINER against Robot Operating System(ROS),a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration(NASA).From the evaluation,we discovered two real-world vulnerabilities in ROS.展开更多
Android malware has evolved in various forms such as adware that continuously exposes advertisements,banking malware designed to access users’online banking accounts,and Short Message Service(SMS)malware that uses a ...Android malware has evolved in various forms such as adware that continuously exposes advertisements,banking malware designed to access users’online banking accounts,and Short Message Service(SMS)malware that uses a Command&Control(C&C)server to send malicious SMS,intercept SMS,and steal data.By using many malicious strategies,the number of malware is steadily increasing.Increasing Android malware threats numerous users,and thus,it is necessary to detect malware quickly and accurately.Each malware has distinguishable characteristics based on its actions.Therefore,security researchers have tried to categorize malware based on their behaviors by conducting the familial analysis which can help analysists to reduce the time and cost for analyzing malware.However,those studies algorithms typically used imbalanced,well-labeled open-source dataset,and thus,it is very difficult to classify some malware families which only have a few number of malware.To overcome this challenge,previous data augmentation studies augmented data by visualizing malicious codes and used them for malware analysis.However,visualization of malware can result in misclassifications because the behavior information of the malware could be compromised.In this study,we propose an android malware familial analysis system based on a data augmentation method that preserves malware behaviors to create an effective multi-class classifier for malware family analysis.To this end,we analyze malware and use Application Programming Interface(APIs)and permissions that can reflect the behavior of malware as features.By using these features,we augment malware dataset to enable effective malware detection while preserving original malicious behaviors.Our evaluation results demonstrate that,when a model is created by using only the augmented data,a macro-F1 score of 0.65 and accuracy of 0.63%.On the other hand,when the augmented data and original malware are used together,the evaluation results show that a macro-F1 score of 0.91 and an accuracy of 0.99%.展开更多
Recently,there has been a sudden shift from using traditional office applications to the collaborative cloud-based office suite such as Microsoft Office 365.Such cloud-based systems allow users to work together on the...Recently,there has been a sudden shift from using traditional office applications to the collaborative cloud-based office suite such as Microsoft Office 365.Such cloud-based systems allow users to work together on the same docu-ment stored in a cloud server at once,by which users can effectively collaborate with each other.However,there are security concerns unsolved in using cloud col-laboration.One of the major concerns is the security of data stored in cloud ser-vers,which comes from the fact that data that multiple users are working together cannot be stored in encrypted form because of the dynamic characteristic of cloud collaboration.In this paper,we propose a novel mode of operation,DL-ECB,for AES by which we can modify,insert,and delete the ciphertext based on changes in plaintext.Therefore,we can use encrypted data in collaborative cloud-based platforms.To demonstrate that the DL-ECB mode can preserve the confidential-ity,integrity,and auditability of data used in collaborative cloud systems from adversaries,we implement and evaluate the prototype of the DL-ECB mode.展开更多
基金This work was supported in part by the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(MSIT)Future Planning under Grant NRF-2020R1A2C2014336 and Grant NRF-2021R1A4A1029650.
文摘Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems.Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage.Therefore,it is an essential task to discover unrestricted and misimplemented behaviors of a system.However,it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in detail.Also,most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities.This paper proposes SMINER,a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors.SMINER first collects unit test cases for the target system from the official repository.Next,preprocess the collected code fragments.SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing.To demonstrate the effectiveness of SMINER,this paper evaluates SMINER against Robot Operating System(ROS),a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration(NASA).From the evaluation,we discovered two real-world vulnerabilities in ROS.
基金This work was supported in part by the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(MSIT)Future Planning under Grant NRF-2020R1A2C2014336 and Grant NRF-2021R1A4A1029650.
文摘Android malware has evolved in various forms such as adware that continuously exposes advertisements,banking malware designed to access users’online banking accounts,and Short Message Service(SMS)malware that uses a Command&Control(C&C)server to send malicious SMS,intercept SMS,and steal data.By using many malicious strategies,the number of malware is steadily increasing.Increasing Android malware threats numerous users,and thus,it is necessary to detect malware quickly and accurately.Each malware has distinguishable characteristics based on its actions.Therefore,security researchers have tried to categorize malware based on their behaviors by conducting the familial analysis which can help analysists to reduce the time and cost for analyzing malware.However,those studies algorithms typically used imbalanced,well-labeled open-source dataset,and thus,it is very difficult to classify some malware families which only have a few number of malware.To overcome this challenge,previous data augmentation studies augmented data by visualizing malicious codes and used them for malware analysis.However,visualization of malware can result in misclassifications because the behavior information of the malware could be compromised.In this study,we propose an android malware familial analysis system based on a data augmentation method that preserves malware behaviors to create an effective multi-class classifier for malware family analysis.To this end,we analyze malware and use Application Programming Interface(APIs)and permissions that can reflect the behavior of malware as features.By using these features,we augment malware dataset to enable effective malware detection while preserving original malicious behaviors.Our evaluation results demonstrate that,when a model is created by using only the augmented data,a macro-F1 score of 0.65 and accuracy of 0.63%.On the other hand,when the augmented data and original malware are used together,the evaluation results show that a macro-F1 score of 0.91 and an accuracy of 0.99%.
基金This work was supported in part by the Mid-Career Researcher and Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(MSIT)Future Planning under Grant NRF2020R1A2C2014336 and Grant NRF2021R1F1A105611511.
文摘Recently,there has been a sudden shift from using traditional office applications to the collaborative cloud-based office suite such as Microsoft Office 365.Such cloud-based systems allow users to work together on the same docu-ment stored in a cloud server at once,by which users can effectively collaborate with each other.However,there are security concerns unsolved in using cloud col-laboration.One of the major concerns is the security of data stored in cloud ser-vers,which comes from the fact that data that multiple users are working together cannot be stored in encrypted form because of the dynamic characteristic of cloud collaboration.In this paper,we propose a novel mode of operation,DL-ECB,for AES by which we can modify,insert,and delete the ciphertext based on changes in plaintext.Therefore,we can use encrypted data in collaborative cloud-based platforms.To demonstrate that the DL-ECB mode can preserve the confidential-ity,integrity,and auditability of data used in collaborative cloud systems from adversaries,we implement and evaluate the prototype of the DL-ECB mode.