Software Security, 2014 (ACM), Part 1

	Software Security, 2014 (ACM), Part 1

This set of bibliographical references about software security research papers is from conference publications posted in the ACM Digital Library. More than 2500 conference papers were presented on this topic in 2014. The set presented here represents those likely to be of most interest to the Science of Security community. They address issues related to measurement, scalability, reliability, and other hard problem issues.  IEEE papers will be presented in a separate series.

Todd R. Andel, Lindsey N. Whitehurst, Jeffrey T. McDonald; Software Security and Randomization through Program Partitioning and Circuit Variation; MTD '14 Proceedings of the First ACM Workshop on Moving Target Defense, November 2014, Pages 79-86. Doi: 10.1145/2663474.2663484 Abstract: The commodity status of Field Programmable Gate Arrays (FPGAs) has allowed computationally intensive algorithms, such as cryptographic protocols, to take advantage of faster hardware speed while simultaneously leveraging the reconfigurability and lower cost of software. Numerous security applications have been transitioned into FPGA implementations allowing security applications to operate at real-time speeds, such as firewall and packet scanning on high speed networks. However, the utilization of FPGAs to directly secure software vulnerabilities is seemingly non-existent. Protecting program integrity and confidentiality is crucial as malicious attacks through injected code are becoming increasingly prevalent. This paper lays the foundation of continuing research in how to protect software by partitioning critical sections using reconfigurable hardware. This approach is similar to a traditional coprocessor approach to scheduling opcodes for execution on specialized hardware as opposed to running on the native processor. However, the partitioned program model enables the programmer the ability to split portions of an application to reconfigurable hardware at compile time. The fundamental underlying hypothesis is that synthesizing portions of programs onto hardware can mitigate potential software vulnerabilities. Further, this approach provides an avenue for randomization or diversity for software layout and circuit variation.
Keywords: circuit variation, program protection, reconfigurable hardware, secure software, software partitioning (ID#: 15-4587)
URL: http://doi.acm.org/10.1145/2663474.2663484

Gary E. McGraw; Software Security: A Study in Technology Transfer; SPLASH '14 Proceedings of the Companion Publication of the 2014 ACM SIGPLAN Conference on Systems, Programming, and Applications: Software for Humanity, October 2014, Pages 1-1. Doi: 10.1145/2660252.2661745 Abstract: Where do security technologies come from? Academics propose research and government (sometimes) funds it. Startups move technologies across the "research valley of death" to early adopters. Global corporations make technology widely available by acquiring startups. At every step there are gaps and pitfalls. Adoption is the acid test of innovation. Idea-generation is perhaps ten per cent of innovation; most of the work is on technology transfer and adoption. Chance plays a big role in creating opportunities (e.g., R&D involves a lot of luck), but a company's success depends on its ability to make opportunities more likely to occur, and to capitalize on those opportunities when they arise. Passionate individuals drive technology transfer more than does process; indeed, some people believe that the original researchers need to be involved all the way along the chain. Prototyping is an important practice, often resulting in "researchware" that proves a concept but is not ready for wide use. Transforming a prototype from the lab to the real-world is a multi-stage, multi-year undertaking. This talk will use the decade-long evolution of static analysis in code review as a driver for discussion. We'll talk startups, big companies, venture capital, research agencies, and subject-matter expertise. In general, technologists don't appreciate business people enough and business people don't appreciate technology enough. Most successful companies are brilliant at one, but also need to be adequate at the other.
Keywords: code review, security, static analysis, technology adoption, technology transfer (ID#: 15-4588)
URL: http://doi.acm.org/10.1145/2660252.2661745

Tiffany Brooke Jordan, Brittany Johnson, Jim Witschey, Emerson Murphy-Hill; Designing Interventions to Persuade Software Developers to Adopt Security Tools; SIW '14 Proceedings of the 2014 ACM Workshop on Security Information Workers, November 2014, Pages 35-38. Doi: 10.1145/2663887.2663900  Abstract: The nature of security information workers' jobs requires a certain level of care and attention to detail. There exist tools that can assist these workers with their daily tasks; however, workers may not be using these tools. Research suggests persuasive techniques can positively affect a worker's outlook on a given technology. We attempt to develop an effective way to motivate security workers to adopt and use security tools by using persuasive design guidelines. We present an system that generates automated emails to inform software developers of FindBugs, a tool that detects potential vulnerabilities within a project. We discuss the decisions supporting our overall design of the automated emails.
Keywords: persuasive interventions, security, tool adoption (ID#: 15-4589)
URL: http://doi.acm.org/10.1145/2663887.2663900

Mark Murphy, Per Larsen, Stefan Brunthaler, Michael Franz; Software Profiling Options and Their Effects on Security Based Diversification; MTD '14 Proceedings of the First ACM Workshop on Moving Target Defense, November 2014, Pages 87-96. Doi: 10.1145/2663474.2663485  Abstract: Imparting diversity to binaries by inserting garbage instructions is an effective defense against code-reuse attacks. Relocating and breaking up code gadgets removes an attacker's ability to craft attacks by merely studying the existing code on their own computer. Unfortunately, inserting garbage instructions also slows down program execution. The use of profiling enables optimizations that alleviate much of this overhead, while still maintaining the high level of security needed to deter attacks. These optimizations are performed by varying the probability for the insertion of a garbage instruction at any particular location in the binary. The hottest regions of code get the smallest amount of diversification, while the coldest regions get the most diversification.  We show that static and dynamic profiling methods both reduce run-time overhead to under 2.5% while preventing over 95% of original gadgets from appearing in any diversified binary. We compare static and dynamic profiling and find that dynamic profiling has a slight performance advantage in a best-case scenario. But we also show that dynamic profiling results can suffer greatly from bad training input. Additionally, we find that static profiling creates smaller binary files than dynamic profiling, and that the two methods offer nearly identical security characteristics. 
Keywords: automated software diversity, code randomization, dynamic profiling, static profiling (ID#: 15-4590)
URL: http://doi.acm.org/10.1145/2663474.2663485

Kostantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, Panagiotis Katsaros; Securing Legacy Code with the TRACER Platform; PCI '14 Proceedings of the 18th Panhellenic Conference on Informatics, October 2014, Article No. 26, Pages 1-6. Doi: 10.1145/2645791.2645796 Abstract: Software vulnerabilities can severely affect an organization's infrastructure and cause significant financial damage to it. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects. However, since the requirements for running such tools and the formats in which they store and present their results vary wildly, it is difficult to utilize many of them in the scope of a project. By simplifying the process of running a variety of vulnerability detectors and collecting their results in an efficient, automated manner during development, the task of tracking security defects throughout the evolution history of software projects is bolstered. In this paper we present tracer, a software framework and platform to support the development of more secure applications by constantly monitoring software projects for vulnerabilities. The platform allows the easy integration of existing tools that statically detect software vulnerabilities and promotes their use during software development and maintenance. To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their use. 
Keywords: Legacy software, Software Security, Static Analysis, Trusted Applications (ID#: 15-4591)
URL: http://doi.acm.org/10.1145/2645791.2645796

Mingwei Zhang, Rui Qiao, Niranjan Hasabnis, R. Sekar; A Platform for Secure Static Binary Instrumentation; VEE '14 Proceedings of the 10th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, March 2014, Pages 129-140. Doi: 10.1145/2576195.2576208 Abstract: Program instrumentation techniques form the basis of many recent software security defenses, including defenses against common exploits and security policy enforcement. As compared to source-code instrumentation, binary instrumentation is easier to use and more broadly applicable due to the ready availability of binary code. Two key features needed for security instrumentations are (a) it should be applied to all application code, including code contained in various system and application libraries, and (b) it should be non-bypassable. So far, dynamic binary instrumentation (DBI) techniques have provided these features, whereas static binary instrumentation (SBI) techniques have lacked them. These features, combined with ease of use, have made DBI the de facto choice for security instrumentations. However, DBI techniques can incur high overheads in several common usage scenarios, such as application startups, system-calls, and many real-world applications. We therefore develop a new platform for secure static binary instrumentation (PSI) that overcomes these drawbacks of DBI techniques, while retaining the security, robustness and ease-of-use features. We illustrate the versatility of PSI by developing several instrumentation applications: basic block counting, shadow stack defense against control-flow hijack and return-oriented programming attacks, and system call and library policy enforcement. While being competitive with the best DBI tools on CPU-intensive SPEC 2006 benchmark, PSI provides an order of magnitude reduction in overheads on a collection of real-world applications. 
Keywords: binary instrumentation, binary translation, control flow integrity, COTS binary hardening, security policy enforcement, software security (ID#: 15-4592)
URL: http://doi.acm.org/10.1145/2576195.2576208

Shundan Xiao, Jim Witschey, Emerson Murphy-Hill; Social Influences on Secure Development Tool Adoption: Why Security Tools Spread; CSCW '14 Proceedings of the 17th ACM Conference On Computer Supported Cooperative Work & Social Computing, February 2014, Pages 1095-1106. Doi: 10.1145/2531602.2531722  Abstract: Security tools can help developers build more secure software systems by helping developers detect or fix security vulnerabilities in source code. However, developers do not always use these tools. In this paper, we investigate a number of social factors that impact developers' adoption decisions, based on a multidisciplinary field of research called diffusion of innovations. We conducted 42 one-on-one interviews with professional software developers, and our results suggest a number of ways in which security tool adoption depends on developers' social environments and on the channels through which information about tools is communicated. For example, some participants trusted developers with strong reputations on the Internet as much as they trust their colleagues for information about security tools.
Keywords: adoption, security tools, social factors (ID#: 15-4593)
URL: http://doi.acm.org/10.1145/2531602.2531722

Maria Riaz, John Slankas, Jason King, Laurie Williams; Using Templates to Elicit Implied Security Requirements from Functional Requirements - A Controlled Experiment;  ESEM '14 Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, September 2014, Article No. 22. Doi: 10.1145/2652524.2652532  Abstract: Context: Security requirements for software systems can be challenging to identify and are often overlooked during the requirements engineering process. Existing functional requirements of a system can imply the need for security requirements. Systems having similar security objectives (e.g., confidentiality) often also share security requirements that can be captured in the form of reusable templates and instantiated in the context of a system to specify security requirements.  Goal: We seek to improve the security requirements elicitation process by automatically suggesting appropriate security requirement templates implied by existing functional requirements.  Method: We conducted a controlled experiment involving 50 graduate students enrolled in a software security course to evaluate the use of automatically-suggested templates in eliciting implied security requirements. Participants were divided into treatment (automatically-suggested templates) and control groups (no templates provided).  Results: Participants using our templates identified 42% of all the implied security requirements in the oracle as compared to the control group, which identified only 16% of the implied security requirements. Template usage increased the efficiency of security requirements identified per unit of time.  Conclusion: Automatically-suggested templates helped participants (security non-experts) think about security implications for the software system and consider more security requirements than they would have otherwise. We found that participants need more incentive than just a participatory grade when completing the task. Further, we recommend to ensure task completeness, participants either need a step-driven (i.e., wizard) approach or progress indicators to identify remaining work.
Keywords: controlled experiment, security requirements, templates (ID#: 15-4594)
URL: http://doi.acm.org/10.1145/2652524.2652532

Benjamin D. Rodes, John C. Knight, Kimberly S. Wasson; A Security Metric Based on Security Arguments; WETSoM 2014 Proceedings of the 5th International Workshop on Emerging Trends in Software Metrics, June 2014, Pages 66-72. Doi: 10.1145/2593868.2593880 Abstract: Software security metrics that facilitate decision making at the enterprise design and operations levels are a topic of active research and debate. These metrics are desirable to support deployment decisions, upgrade decisions, and so on; however, no single metric or set of metrics is known to provide universally effective and appropriate measurements. Instead, engineers must choose, for each software system, what to measure, how and how much to measure, and must be able to justify the rationale for how these measurements are mapped to stakeholder security goals. An assurance argument for security (i.e., a security argument) provides comprehensive documentation of all evidence and rationales for justifying belief in a security claim about a software system. In this work, we motivate the need for security arguments to facilitate meaningful and comprehensive security metrics, and present a novel framework for assessing security arguments to generate and interpret security metrics.
Keywords: Assurance Case, Confidence, Security Metrics (ID#: 15-4595)
URL: http://doi.acm.org/10.1145/2593868.2593880

Yasser M. Hausawi, William H. Allen; Usability and Security Trade-Off: A Design Guideline; ACM SE '14 Proceedings of the 2014 ACM Southeast Regional Conference, March 2014, Article No. 21. Doi: 10.1145/2638404.2638483 Abstract: Requirements engineering and design are the first two phases of the Software Development Life-Cycle. Considerable research has addressed the requirements phase and a number of well-regarded tools exist to assist with that process. The design phase can also make use of a wide range of tools, including design principles, activities, best practices, techniques, and patterns, to improve the incorporation of requirements into the software design documents. However, the process of selecting the appropriate design tools to support each requirement is a complex task that requires considerable training and experience. It is also possible that design tools selected for different requirements can conflict with each other, reducing their effectiveness, increasing complexity, impacting usability or potentially causing security vulnerabilities. In this paper, we propose guidelines for selecting appropriate design tools to support the integration of usability and security requirements in the software design phase and to resolve conflicts between those tools. We demonstrate this approach with a case study that illustrates the design tool selection and analysis process. 
Keywords: best practices, patterns, security, software design, usability, usable-security (ID#: 15-4596)
URL: http://doi.acm.org/10.1145/2638404.2638483

Xiaohong Yuan, Emmanuel Borkor Nuakoh, Jodria S. Beal, Huiming Yu; Retrieving Relevant CAPEC Attack Patterns for Secure Software Development; CISR '14 Proceedings of the 9th Annual Cyber and Information Security Research Conference, April 2014, Pages 33-36. Doi: 10.1145/2602087.2602092 Abstract: To improve the security of computer systems, information, and the cyber space, it is critical to engineer more secure software. To develop secure and reliable software, software developers need to have the mindset of an attacker. Attack patterns such as CAPEC are valuable resources to help software developers to think like an attacker and have the potential to be used in each phase of the secure software development life cycle. However, systematic processes or methods for utilizing existing attack pattern resources are needed. As a first step, this paper describes our ongoing effort of developing a tool to retrieve relevant CAPEC attack patterns for software development. This tool can retrieve attack patterns most relevant to a particular STRIDE type, as well as most useful to the software being developed. It can be used in conjunction with the Microsoft SDL threat modeling tool. It also allows developers to search for CAPEC attack patterns using keywords.
Keywords: CAPEC, STRIDE, attack pattern, secure software development, secure software engineering (ID#: 15-4597)
URL:  http://doi.acm.org/10.1145/2602087.2602092

Frederico Araujo, Kevin W. Hamlen, Sebastian Biedermann, Stefan Katzenbeisser; From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation; CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 942-953.  Doi: 10.1145/2660267.2660329 Abstract: Traditional software security patches often have the unfortunate side-effect of quickly alerting attackers that their attempts to exploit patched vulnerabilities have failed. Attackers greatly benefit from this information; it expedites their search for unpatched vulnerabilities, it allows them to reserve their ultimate attack payloads for successful attacks, and it increases attacker confidence in stolen secrets or expected sabotage resulting from attacks. To overcome this disadvantage, a methodology is proposed for reformulating a broad class of security patches into honey-patches - patches that offer equivalent security but that frustrate attackers' ability to determine whether their attacks have succeeded or failed. When an exploit attempt is detected, the honey-patch transparently and efficiently redirects the attacker to an unpatched decoy, where the attack is allowed to succeed. The decoy may host aggressive software monitors that collect important attack information, and deceptive files that disinform attackers. An implementation for three production-level web servers, including Apache HTTP, demonstrates that honey-patching can be realized for large-scale, performance-critical software applications with minimal overheads.
Keywords: honeypots, intrusion detection and prevention (ID#: 15-4598)
URL: http://doi.acm.org/10.1145/2660267.2660329

Andrew Meneely, Alberto C. Rodriguez Tejeda, Brian Spates, Shannon Trudeau, Danielle Neuberger, Katherine Whitlock, Christopher Ketant, Kayla Davis; An Empirical Investigation of Socio-Technical Code Review Metrics and Security Vulnerabilities; SSE 2014 Proceedings of the 6th International Workshop on Social Software Engineering, November 2014, Pages 37-44. Doi: 10.1145/2661685.2661687 Abstract: One of the guiding principles of open source software development is to use crowds of developers to keep a watchful eye on source code. Eric Raymond declared Linus' Law as "many eyes make all bugs shallow," with the socio-technical argument that high quality open source software emerges when developers combine together their collective experience and expertise to review code collaboratively. Vulnerabilities are a particularly nasty set of bugs that can be rare, difficult to reproduce, and require specialized skills to recognize. Does Linus' Law apply to vulnerabilities empirically? In this study, we analyzed 159,254 code reviews, 185,948 Git commits, and 667 post-release vulnerabilities in the Chromium browser project. We formulated, collected, and analyzed various metrics related to Linus' Law to explore the connection between collaborative reviews and vulnerabilities that were missed by the review process. Our statistical association results showed that source code files reviewed by more developers are, counter-intuitively, more likely to be vulnerable (even after accounting for file size). However, files are less likely to be vulnerable if they were reviewed by developers who had experience participating on prior vulnerability-fixing reviews. The results indicate that lack of security experience and lack of collaborator familiarity are key risk factors in considering Linus’ Law with vulnerabilities. 
Keywords: code review, socio-technical, vulnerability (ID#: 15-4599)
URL: http://doi.acm.org/10.1145/2661685.2661687

Amiangshu Bosu; Characteristics of the Vulnerable Code Changes Identified Through Peer Code Review; ICSE Companion 2014 Companion Proceedings of the 36th International Conference on Software Engineering, May 2014, Pages 736-738. Doi: 10.1145/2591062.2591200 Abstract: To effectively utilize the efforts of scarce security experts, this study aims to provide empirical evidence about the characteristics of security vulnerabilities. Using a three-stage, manual analysis of peer code review data from 10 popular Open Source Software (OSS) projects, this study identified 413 potentially vulnerable code changes (VCC). Some key results include: 1) the most experienced contributors authored the majority of the VCCs, 2) while less experienced authors wrote fewer VCCs, their code changes were 1.5 to 24 times more likely to be vulnerable, 3) employees of the organization sponsoring the OSS projects are more likely to write VCCs.
Keywords: code review, inspection, open source, security defects, vulnerability (ID#: 15-4600)
URL:  http://doi.acm.org/10.1145/2591062.2591200

Marco Patrignani, Dave Clarke; Fully Abstract Trace Semantics for Low-Level Isolation Mechanisms; SAC '14 Proceedings of the 29th Annual ACM Symposium on Applied Computing, March 2014, Pages 1562-1569. Doi: 10.1145/2554850.2554865 Abstract: Many software systems adopt isolation mechanisms of modern processors as software security building blocks. Reasoning about these building blocks means reasoning about elaborate assembly code, which can be very complex due to the loose structure of the code. A way to overcome this complexity is giving the code a more structured semantics. This paper presents one such semantics, namely a fully abstract trace semantics, for an assembly language enhanced with protection mechanisms of modern processors. The trace semantics represents the behaviour of protected assembly code with simple abstractions, unburdened by low-level details, at the maximum degree of precision. Additionally, it captures the capabilities of attackers to protected software and simplifies providing a secure compiler targeting that language.
Keywords: (not provided) (ID#: 15-4601)
URL: http://doi.acm.org/10.1145/2554850.2554865

Steven D. Fraser, Djenana Campara, Michael C. Fanning, Gary McGraw, Kevin Sullivan; Privacy and Security in a Networked World; SPLASH '14 Proceedings of the Companion Publication of the 2014 ACM SIGPLAN Conference on Systems, Programming, and Applications: Software for Humanity, October 2014, Pages 43-45. Doi: 10.1145/2660252.2661294 Abstract: As news stories continue to demonstrate, ensuring adequate security and privacy in a networked "always on" world is a challenge; and while open source software can mitigate problems, it is not a panacea. This panel will bring together experts from industry and academia to debate, discuss, and offer opinions -- questions might include:  What are the "costs" of "good enough" security and privacy on developers and customers?  What is the appropriate trade-off between the price provide security and cost of poor security?  How can the consequences of poor design and implementation be managed? Can systems be enabled to fail "security-safe"?  What are the tradeoffs for increased adoption of privacy and security best practices? How can the "costs" of privacy and security -- both tangible and intangible -- be reduced?
Keywords: cost, design, privacy, security, soft issues (ID#: 15-4602)
URL: http://doi.acm.org/10.1145/2660252.2661294

Ali Reza Honarvar, Ashkan Sami; CBR Clone Based Software Flaw Detection Issues; SIN '14 Proceedings of the 7th International Conference on Security of Information and Networks, September 2014, Pages 487. Doi: 10.1145/2659651.2659745 Abstract: The biggest problem in computer security is that most systems aren't constructed with security in mind. Being aware of common security weaknesses in programming might sound like a good way to avoid them, but awareness by itself often proves to be insufficient. Understanding security is one thing and applying your understanding in a complete and consistent fashion to meet your security goals is quite another. For this reason, static analysis is advocated as a technique for finding common security errors in source code. Manual security static analysis is a tedious work, so automatic tools which can guide programmers to detect security concerns is suggested. Good static analysis tools provide a fast way to get a detailed security related evaluation of program code. In this paper a new architecture (CBRFD) for software flaw detector, based on the concept of clone detection and case base reasoning, is proposed and various issues which concern detection of security weakness of codes through code clone detector is investigated.
Keywords: Software flaw detection, flaw clone detector, static analysis tools, static security analysis (ID#: 15-4603)
URL: http://doi.acm.org/10.1145/2659651.2659745

Anil Kurmus, Robby Zippel; A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel; CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 1366-1377. Doi: 10.1145/2660267.2660331 Abstract: Software security practitioners are often torn between choosing performance or security. In particular, OS kernels are sensitive to the smallest performance regressions. This makes it difficult to develop innovative kernel hardening mechanisms: they may inevitably incur some run-time performance overhead. Here, we propose building each kernel function with and without hardening, within a single split kernel. In particular, this allows trusted processes to be run under unmodified kernel code, while system calls of untrusted processes are directed to the hardened kernel code. We show such trusted processes run with no overhead when compared to an unmodified kernel. This allows deferring the decision of making use of hardening to the run-time. This means kernel distributors, system administrators and users can selectively enable hardening according to their needs: we give examples of such cases. Although this approach cannot be directly applied to arbitrary kernel hardening mechanisms, we show cases where it can. Finally, our implementation in the Linux kernel requires few changes to the kernel sources and no application source changes. Thus, it is both maintainable and easy to use.  
Keywords: build system, kernel hardening, os security, performance (ID#: 15-4604)
URL: http://doi.acm.org/10.1145/2660267.2660331

Antti Evesti, Habtamu Abie, Reijo Savola; Security Measuring for Self-adaptive Security; ECSAW '14 Proceedings of the 2014 European Conference on Software Architecture Workshops; August 2014, Article No. 5. Doi: 10.1145/2642803.2642808 Abstract: Self-adaptive security is needed due to vast amount of changes in an execution environment and threat landscape, which all cannot be anticipated at software design-time. Self-adaptive security requires means for monitoring a security level and decision making capability to improve the current security level. In this paper, we describe how security metrics are able to support self-adaptive security. The paper analyses benefits and challenges of security measuring from the self-adaptive security perspective. Thus, five benefits and three challenges of security metrics in self-adaptive security are described. Furthermore, the paper derives requirements that measuring causes for self-adaptive security. Based on the derived requirements, extension components for the MAPE (Monitor, Analyse, Plan and Execute) reference model are proposed.
Keywords: Self-adaptive, architecture, decision-making, security metric (ID#: 15-4605)
URL: http://doi.acm.org/10.1145/2642803.2642808

Amel Bennaceur, Arosha K. Bandara, Michael Jackson, Wei Liu, Lionel Montrieux, Thein Than Tun, Yijun Yu, Bashar Nuseibeh; Requirements-Driven Mediation for Collaborative Security; SEAMS 2014 Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, June 2014, Pages 37-42. Doi: 10.1145/2593929.2593938 Abstract: Security is concerned with the protection of assets from intentional harm. Secure systems provide capabilities that enable such protection to satisfy some security requirements. In a world increasingly populated with mobile and ubiquitous computing technology, the scope and boundary of security systems can be uncertain and can change. A single functional component, or even multiple components individually, are often insufficient to satisfy complex security requirements on their own.  Adaptive security aims to enable systems to vary their protection in the face of changes in their operational environment. Collaborative security, which we propose in this paper, aims to exploit the selection and deployment of multiple, potentially heterogeneous, software-intensive components to collaborate in order to meet security requirements in the face of changes in the environment, changes in assets under protection and their values, and the discovery of new threats and vulnerabilities.   However, the components that need to collaborate may not have been designed and implemented to interact with one another collaboratively. To address this, we propose a novel framework for collaborative security that combines adaptive security, collaborative adaptation and an explicit representation of the capabilities of the software components that may be needed in order to achieve collaborative security. We elaborate on each of these framework elements, focusing in particular on the challenges and opportunities afforded by (1) the ability to capture, represent, and reason about the capabilities of different software components and their operational context, and (2) the ability of components to be selected and mediated at runtime in order to satisfy the security requirements. We illustrate our vision through a collaborative robotic implementation, and suggest some areas for future work.
Keywords: Security requirements, collaborative adaptation, mediation (ID#: 15-4606)
URL: http://doi.acm.org/10.1145/2593929.2593938

Kristian Beckers, Isabelle Côté, Ludger Goeke; A Catalog of Security Requirements Patterns for the Domain of Cloud Computing Systems; SAC '14 Proceedings of the 29th Annual ACM Symposium on Applied Computing, March 2014, Pages 337-342. Doi: 10.1145/2554850.2554921 Abstract: Security and privacy concerns are essential in cloud computing scenarios, because cloud customers and end customers have to trust the cloud provider with their critical business data and even their IT infrastructure. In projects these are often addressed late in the software development life-cycle, because these are difficult to elicit in cloud scenarios, due to the large amount of stakeholders and technologies involved. We contribute a catalog of security and privacy requirement patterns that support software engineers in eliciting these requirements. As requirements patterns provide artifacts for re-using requirements. This paper shows how these requirements can be classified according to cloud security and privacy goals. Furthermore, we provide a structured method on how to elicit the right requirements for a given scenario. We mined these requirements patterns from existing security analysis of public organizations such as ENISA and the Cloud Security Alliance, from our practical experience in the cloud domain, and from our previous research in cloud security. We validate our requirements patterns in co-operation with industrial partners of the ClouDAT project.
Keywords: ISO 27001, cloud computing, patterns, privacy, requirements elicitation, requirements patterns, security requirements, security standards (ID#: 15-4607)
URL: http://doi.acm.org/10.1145/2554850.2554921

Kami E. Vaniea, Emilee Rader, Rick Wash; Betrayed by Updates: How Negative Experiences Affect Future Security; CHI '14 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, April 2014, Pages 2671-2674. Doi: 10.1145/2556288.2557275 Abstract: Installing security-relevant software updates is one of the best computer protection mechanisms. However, users do not always choose to install updates. Through interviewing non-expert Windows users, we found that users frequently decide not to install future updates, regardless of whether they are important for security, after negative experiences with past updates. This means that even non-security updates (such as user interface changes) can impact the security of a computer. We discuss three themes impacting users' willingness to install updates: unexpected new features in an update, the difficulty of assessing whether an update is `worth it', and confusion about why an update is necessary.
Keywords: human factors, security, software updates (ID#: 15-4608)
URL: http://doi.acm.org/10.1145/2556288.2557275

Markus Kammerstetter, Christian Platzer, Wolfgang Kastner; Prospect: Peripheral Proxying Supported Embedded Code Testing; ASIA CCS '14 Proceedings of the 9th ACM Symposium On Information, Computer And Communications Security, June 2014, pages 329-340. Doi: 10.1145/2590296.2590301 Abstract: Embedded systems are an integral part of almost every electronic product today. From consumer electronics to industrial components in SCADA systems, their possible fields of application are manifold. While especially in industrial and critical infrastructures the security requirements are high, recent publications have shown that embedded systems do not cope well with this demand. One of the reasons is that embedded systems are being less scrutinized as embedded security analysis is considered to be more time consuming and challenging in comparison to PC systems. One of the key challenges on proprietary, resource constrained embedded devices is dynamic code analysis. The devices typically do not have the capabilities for a full-scale dynamic security evaluation. Likewise, the analyst cannot execute the software implementation inside a virtual machine due to the missing peripheral hardware that is required by the software to run. In this paper, we present PROSPECT, a system that can overcome these shortcomings and enables dynamic code analysis of embedded binary code inside arbitrary analysis environments. By transparently forwarding peripheral hardware accesses from the original host system into a virtual machine, PROSPECT allows security analysts to run the embedded software implementation without the need to know which and how embedded peripheral hardware components are accessed. We evaluated PROSPECT with respect to the performance impact and conducted a case study by doing a full-scale security audit of a widely used commercial fire alarm system in the building automation domain. Our results show that PROSPECT is both practical and usable for real-world application.
Keywords: device tunneling, dynamic analysis, embedded system, fuzz testing, security (ID#: 15-4609)
URL:  http://doi.acm.org/10.1145/2590296.2590301

Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Dave Tian, Kevin R.B. Butler, Abdulrahman Alkhelaifi; Securing SSL Certificate Verification through Dynamic Linking; CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 394-405. Doi: 10.1145/2660267.2660338 Abstract: Recent discoveries of widespread vulnerabilities in the SSL/TLS protocol stack, particular with regard to the verification of server certificates, has left the security of the Internet's communications in doubt. Newly proposed SSL trust enhancements address many of these vulnerabilities, but are slow to be deployed and do not solve the problem of securing existing software. In this work, we provide new mechanisms that offer immediate solutions to addressing vulnerabilities in legacy code. We introduce CertShim, a lightweight retrofit to SSL implementations that protects against SSL vulnerabilities, including those surveyed by Georgiev et. al., in a manner that is transparent to the application. We demonstrate CertShim's extensibility by adapting it to work with Convergence, DANE, and Client-Based Key Pinning. CertShim imposes just 20 ms overhead for an SSL verification call, and hooks the SSL dependencies of 94% of Ubuntu's most popular packages with no changes necessary to existing applications. This work significantly increases system-wide security of SSL communications in non-browser software, while simultaneously reducing the barriers to evaluating and adopting the myriad alternative proposals to the certificate authority system.
Keywords: https, public-key certificates, SSL, TLS (ID#: 15-4610)
URL: http://doi.acm.org/10.1145/2660267.2660338

Jeremy Tate, T. Charles Clancy; Secure and Tamper Proof Code Management;  SafeConfig '14 Proceedings of the 2014 Workshop on Cyber Security Analytics, Intelligence and Automation, November 2014, Pages 19-24. Doi: 10.1145/2665936.2665940  Abstract: In this paper, we present an additional layer of security to source code repositories by combining Keyless Signature Infrastructure (KSI) with Git to protect against insider threats as well as provide security even in the event of a private key compromise. This work was done to show the minimal effort required to integrate these two technologies to provide additional security to software development efforts using Git compared to the security benefit gained. Additionally, we designed the solution to minimize the impact to the current Git workflow, requiring no additional commands when committing code and only one new command to verify past commits.
Keywords: Git, KSI (ID#: 15-4611)
URL: http://doi.acm.org/10.1145/2665936.2665940

Aniket Kulkarni, Ravindra Metta; A Code Obfuscation Framework Using Code Clones; ICPC 2014 Proceedings of the 22nd International Conference on Program Comprehension, June 2014, Pages 295-299. Doi: 10.1145/2597008.2597807 Abstract: IT industry loses tens of billions of dollars annually from security attacks such as malicious reverse engineering. To protect sensitive parts of software from such attacks, we designed a code obfuscation scheme based on nontrivial code clones. While implementing this scheme, we realized that currently there is no framework to assist implementation of such advanced obfuscation techniques. Therefore, we have developed a framework to support code obfuscation using code clones. We could successfully implement our obfuscation technique using this framework in Java. In this paper, we present our framework and illustrate it with an example.
Keywords: Code Obfuscation, Framework, Reverse Engineering, Software Protection (ID#: 15-4612)
URL: http://doi.acm.org/10.1145/2597008.2597807

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.