Biblio

The Linux kernel is implemented in C, an unsafe programming language, which puts the burden of memory management, type and bounds checking, and error handling in the hands of the developer. Hundreds of buffer overflow bugs have compromised Linux systems over the years, leading to endless layers of mitigations applied on top of C. In contrast, the D programming language offers automated memory safety checks and modern features such as OOP, templates and functional style constructs. In addition, interoper-ability with C is supported out of the box. However, to integrate a D module with the Linux kernel it is required that the needed C header files are translated to D header files. This is a tedious, time consuming, manual task. Although a tool to automate this process exists, called DPP, it does not work with the complicated, sometimes convoluted, kernel code. In this paper, we improve DPP with the ability to translate any Linux kernel C header to D. Our work enables the development and integration of D code inside the Linux kernel, thus facilitating a method of making the kernel memory safe.

Given that an increasingly larger part of an organization's activity is taking place online, especially in the current situation caused by the COVID-19 pandemic, network log data collected by organizations contain an accurate image of daily activity patterns. In some scenarios, it may be useful to share such data with other parties in order to improve collaboration, or to address situations such as cyber-security incidents that may affect multiple organizations. However, in doing so, serious privacy concerns emerge. One can uncover a lot of sensitive information when analyzing an organization's network logs, ranging from confidential business interests to personal details of individual employees (e.g., medical conditions, political orientation, etc). Our objective is to enable organizations to share information about their network logs, while at the same time preserving data privacy. Specifically, we focus on enabling encrypted search at network flow granularity. We consider several state-of-the-art searchable encryption flavors for this purpose (including hidden vector encryption and inner product encryption), and we propose several customized encoding techniques for network flow information in order to reduce the overhead of applying state-of-the-art searchable encryption techniques, which are notoriously expensive.

The drawbacks of traditional methods of cybernetic vulnerability detection relate to the required time to identify new threats, to register them in the Common Vulnerabilities and Exposures (CVE) records, and to score them with the Common Vulnerabilities Scoring System (CVSS). These problems can be mitigated by early vulnerability detection systems relying on social media and open-source data. This paper presents a model that aims to identify emerging cybernetic vulnerabilities in cybersecurity news articles, as part of a system for automatic detection of early cybernetic threats using Open Source Intelligence (OSINT). Three machine learning models were trained on a novel dataset of 1000 labeled news articles to create a strong baseline for classifying cybersecurity articles as relevant (i.e., introducing new security threats), or irrelevant: Support Vector Machines, a Multinomial Naïve Bayes classifier, and a finetuned BERT model. The BERT model obtained the best performance with a mean accuracy of 88.45% on the test dataset. Our experiments support the conclusion that Natural Language Processing (NLP) models are an appropriate choice for early vulnerability detection systems in order to extract relevant information from cybersecurity news articles.