ESEC/FSE 2019 – DISCOVER: Detecting Algorithmic Complexity Vulnerabilities
Abstract: Algorithmic Complexity Vulnerabilities (ACV) are a class of vulnerabilities that enable Denial of Service Attacks. ACVs stem from asymmetric consumption of resources due to complex loop termination logic, recursion, and/or resource intensive library APIs. Completely automated detection of ACVs is intractable and it calls for tools that assist human analysts. We present DISCOVER, a […]
DySDoc3 – DynaDoc: Automated On-Demand Context-Specific Documentation
Abstract: This 2018 DOCGEN Challenge paper describes DynaDoc, an automated documentation system for on-demand context-specific documentation. A key novelty is the use of graph database technology with an eXtensible Common Software Graph Schema (XCSG). Using XCSG-based query language, DynaDoc can mine efficiently and accurately a variety of program artifacts and graph abstractions from millions of […]
Springer Verlag Publishers – Catastrophic Cyber-Physical Malware
Abstract: With the advent of highly sophisticated cyber-physical malware (CPM) such as Industroyer, a cyberattack could be as destructive as the terrorist attack on 9/11, it would virtually paralyze the nation. We discuss as the major risks the vulnerability of: telecommunication infrastructure, industrial control systems (ICS), and mission-critical software. In differentiating CPM from traditional malware, […]
ICISS 2017 – Human-on-the-loop Automation for Detecting Software Side-Channel Vulnerabilities
Abstract: Software side-channel vulnerabilities (SSCVs) allow an attacker to gather secrets by observing the differential in the time or space required for executing the program for different inputs. Detecting SSCVs is like searching for a needle in the haystack, not knowing what the needle looks like. Detecting SSCVs requires automation that supports systematic exploration to […]
APSEC 2017 – Intelligence Amplifying Loop Characterizations for Detecting Algorithmic Complexity Vulnerabilities
Abstract: Algorithmic complexity vulnerabilities (ACVs) can be exploited to cause denial-of-service. Detecting ACVs is hard because of the numerous kinds of loop complexities that cause ACVs. This renders automatic detection intractable for ACVs. State-of-the-art loop analyses aim to obtain precise loop iteration bounds automatically; they can do so for relatively simple loops. This research focuses […]
VizSec 2017 – Interactive Visualization Toolbox to Detect Sophisticated Android Malware
Abstract: Detecting zero-day sophisticated malware is like searching for a needle in the haystack, not knowing what the needle looks like. This paper describes Android Malicious Flow Visualization Toolbox that empowers a human analyst to detect such malware. Detecting sophisticated malware requires systematic exploration of the code to identify potentially malignant code, conceiving plausible malware […]
ICST 2017 – Transferring state-of-the-art immutability analyses: An experimentation toolbox and accuracy benchmark
Abstract: Immutability analysis is important to software testing, verification and validation (V&V) because it can be used to identify independently testable functions without side-effects. Existing tools for immutability analysis are largely academic prototypes that have not been rigorously tested for accuracy or have not been maintained and are unable to analyze programs written in later […]
SCAM 2016 – Statically-informed Dynamic Analysis Tools to Detect Algorithmic Complexity Vulnerabilities
Abstract: Algorithmic Complexity (AC) vulnerabilities can be exploited to cause a denial of service attack. Specifically, an adversary can design an input to trigger excessive (space/time) resource consumption. It is not possible to build a fully automated tool to detect AC vulnerabilities. Since it is an open-ended problem, a human-in-loop exploration is required to find […]
ICISS 2015 – FlowMiner: Automatic Summarization of Library Data-Flow for Malware Analysis
Abstract: FlowMiner is a tool for automatically mining expressive, fine-grained data-flow summaries from Java library bytecode. FlowMiner captures enough information to enable context, type, field, object and flow-sensitive partial program analysis of applications using the library. FlowMiner’s summaries are compact- flow details of a library that are non-critical for future partial program analysis of applications are elided into simple […]