Biblio

Filters: Author is Wu, Fan  [Clear All Filters]
2023-04-14
Hossain Faruk, Md Jobair, Tasnim, Masrura, Shahriar, Hossain, Valero, Maria, Rahman, Akond, Wu, Fan.  2022.  Investigating Novel Approaches to Defend Software Supply Chain Attacks. 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :283–288.
Software supply chain attacks occur during the processes of producing software is compromised, resulting in vulnerabilities that target downstream customers. While the number of successful exploits is limited, the impact of these attacks is significant. Despite increased awareness and research into software supply chain attacks, there is limited information available on mitigating or architecting for these risks, and existing information is focused on singular and independent elements of the supply chain. In this paper, we extensively review software supply chain security using software development tools and infrastructure. We investigate the path that attackers find is least resistant followed by adapting and finding the next best way to complete an attack. We also provide a thorough discussion on how common software supply chain attacks can be prevented, preventing malicious hackers from gaining access to an organization's development tools and infrastructure including the development environment. We considered various SSC attacks on stolen code-sign certificates by malicious attackers and prevented unnoticed malware from passing by security scanners. We are aiming to extend our research to contribute to preventing software supply chain attacks by proposing novel techniques and frameworks.
2020-08-10
Zhang, Hao, Li, Zhuolin, Shahriar, Hossain, Lo, Dan, Wu, Fan, Qian, Ying.  2019.  Protecting Data in Android External Data Storage. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:924–925.
Insecure data storage may open a door to malicious malware to steal users' and system sensitive information. These problems may due to developer negligence or lack of security knowledge. Android developers use various storage methods to store data. However, Attackers have attacked these vulnerable data storage. Although the developers have modified the apps after knowing the vulnerability, the user's personal information has been leaked and caused serious consequences. As a result, instead of patching and fixing the vulnerability, we should conduct proactive control for secure Android data storage. In this paper, we analyzed Android external storage vulnerability and discussed the prevention solutions to prevent sensitive information in external storage from disclosure.
2020-02-10
Talukder, Md Arabin Islam, Shahriar, Hossain, Qian, Kai, Rahman, Mohammad, Ahamed, Sheikh, Wu, Fan, Agu, Emmanuel.  2019.  DroidPatrol: A Static Analysis Plugin For Secure Mobile Software Development. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:565–569.

While the number of mobile applications are rapidly growing, these applications are often coming with numerous security flaws due to the lack of appropriate coding practices. Security issues must be addressed earlier in the development lifecycle rather than fixing them after the attacks because the damage might already be extensive. Early elimination of possible security vulnerabilities will help us increase the security of our software and mitigate or reduce the potential damages through data losses or service disruptions caused by malicious attacks. However, many software developers lack necessary security knowledge and skills required at the development stage, and Secure Mobile Software Development (SMSD) is not yet well represented in academia and industry. In this paper, we present a static analysis-based security analysis approach through design and implementation of a plugin for Android Development Studio, namely DroidPatrol. The proposed plugins can support developers by providing list of potential vulnerabilities early.

2020-06-12
Gu, Feng, Zhang, Hong, Wang, Chao, Wu, Fan.  2019.  SAR Image Super-Resolution Based on Noise-Free Generative Adversarial Network. IGARSS 2019 - 2019 IEEE International Geoscience and Remote Sensing Symposium. :2575—2578.

Deep learning has been successfully applied to the ordinary image super-resolution (SR). However, since the synthetic aperture radar (SAR) images are often disturbed by multiplicative noise known as speckle and more blurry than ordinary images, there are few deep learning methods for the SAR image SR. In this paper, a deep generative adversarial network (DGAN) is proposed to reconstruct the pseudo high-resolution (HR) SAR images. First, a generator network is constructed to remove the noise of low-resolution SAR image and generate HR SAR image. Second, a discriminator network is used to differentiate between the pseudo super-resolution images and the realistic HR images. The adversarial objective function is introduced to make the pseudo HR SAR images closer to real SAR images. The experimental results show that our method can maintain the SAR image content with high-level noise suppression. The performance evaluation based on peak signal-to-noise-ratio and structural similarity index shows the superiority of the proposed method to the conventional CNN baselines.

2018-05-25