subject:(Vulnerability detection)

1. Hu, Yi. A Framework for Using Deep Learning to Detect Software Vulnerabilities.

Degree: Faculty of Science & Engineering, 2019, Linköping UniversityLinköping University

URL: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-164112

► In recent years, with the rise of Internet technology, software vulnerabilities have also flooded, making the software security of enterprises or individuals seriously threatened.… (more)

▼ In recent years, with the rise of Internet technology, software vulnerabilities have also flooded, making the software security of enterprises or individuals seriously threatened. Although it is difficult to avoid the occurrence of software vulnerabilities in the process of software development, it is also a way to find and modify the vulnerabilities as early as possible. At present, research on static vulnerability detection system can be divided into methods based on code similarity and pattern-based method. The method based on code similarity is mainly used to detect vulnerabilities caused by code cloning, while the vulnerabilities caused by other reasons have high false negative. Patterns-based approaches require experts to define vulnerability characteristics manually, which leads to a waste of time and effort. Besides, since defining characteristics is a subjective task, the judgement of experts will affect the results of detection. At this point, there is an urgent need for an approach that can detect vulnerabilities for various reasons and is less dependent on experts. Deep learning is a new field of machine learning research, which has received extensive attention in recent years. Its use has greatly liberated human resources, which makes us think whether deep learning can also be applied to vulnerability detection research, and whether it can also solve the problem of waste of expert resources. This thesis studies a software vulnerability detection framework based on deep learning. The main research contents are as follows: 1. Collect the source code of four types of software vulnerabilities in C/C++ (Function Call, Array Usage, Pointer Usage and Arithmetic Expression) as the dataset of the experiment in this thesis. Extract the vulnerability syntax characteristics of four kinds of software vulnerabilities, match the dataset with the vulnerability syntax characteristics, and generate syntax-based code fragments. Program slices for syntax-based code fragments are then generated and converted into semantic-based code fragments. 2. Data processing for semantic-based code fragments includes: replacing all strings in semantic-based code fragments with a unified string. And perform word segmentation on semantic-based code fragments. Then replace all user-defined variables in semantic-based code fragments and user-defined function names. Finally, the processed semantic-based code fragments are converted into vector representations. 3. According to the characteristics of software vulnerabilities, select deep learning methods suitable for text analysis: Long Short-Term Memory, Bi-directional Long Short-Term Memory, Gate Recurrent Unit, Bi-directional Gate Recurrent Unit. The four deep learning methods are designed and implemented to make the accuracy of software vulnerability detection as high as possible. 4. Select reasonable measurement methods to evaluate the framework, and compare it with other tools for…

Subjects/Keywords: Software Vulnerability; Vulnerability Detection; Deep Learning; Neural Network; Software Engineering; Programvaruteknik

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Hu, Y. (2019). A Framework for Using Deep Learning to Detect Software Vulnerabilities. (Thesis). Linköping UniversityLinköping University. Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-164112

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Hu, Yi. “A Framework for Using Deep Learning to Detect Software Vulnerabilities.” 2019. Thesis, Linköping UniversityLinköping University. Accessed January 24, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-164112.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Hu, Yi. “A Framework for Using Deep Learning to Detect Software Vulnerabilities.” 2019. Web. 24 Jan 2021.

Vancouver:

Hu Y. A Framework for Using Deep Learning to Detect Software Vulnerabilities. [Internet] [Thesis]. Linköping UniversityLinköping University; 2019. [cited 2021 Jan 24]. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-164112.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Hu Y. A Framework for Using Deep Learning to Detect Software Vulnerabilities. [Thesis]. Linköping UniversityLinköping University; 2019. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-164112

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Toronto

2. Farroukh, Amer. Enhancing Performance of Vulnerability-based Intrusion Detection Systems.

Degree: 2010, University of Toronto

URL: http://hdl.handle.net/1807/25574

►

The accuracy of current intrusion detection systems (IDSes) is hindered by the limited capability of regular expressions (REs) to express the exact vulnerability. Recent advances… (more)

Subjects/Keywords: Security; Intrusion Detection; Matching; MPDU; Vulnerability; Conficker; IDS; Snort; 0544; 0984

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Farroukh, A. (2010). Enhancing Performance of Vulnerability-based Intrusion Detection Systems. (Masters Thesis). University of Toronto. Retrieved from http://hdl.handle.net/1807/25574

Chicago Manual of Style (16^th Edition):

Farroukh, Amer. “Enhancing Performance of Vulnerability-based Intrusion Detection Systems.” 2010. Masters Thesis, University of Toronto. Accessed January 24, 2021. http://hdl.handle.net/1807/25574.

MLA Handbook (7^th Edition):

Farroukh, Amer. “Enhancing Performance of Vulnerability-based Intrusion Detection Systems.” 2010. Web. 24 Jan 2021.

Vancouver:

Farroukh A. Enhancing Performance of Vulnerability-based Intrusion Detection Systems. [Internet] [Masters thesis]. University of Toronto; 2010. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/1807/25574.

Council of Science Editors:

Farroukh A. Enhancing Performance of Vulnerability-based Intrusion Detection Systems. [Masters Thesis]. University of Toronto; 2010. Available from: http://hdl.handle.net/1807/25574

3. Shoshitaishvili, Yan. Building a Base for Cyber-autonomy.

Degree: 2017, University of California – eScholarship, University of California

URL: http://www.escholarship.org/uc/item/2gt7v61r

► As software becomes increasingly embedded in our daily lives, it becomes more and more critical to find the vulnerabilities in this software. Worse, since the… (more)

▼ As software becomes increasingly embedded in our daily lives, it becomes more and more critical to find the vulnerabilities in this software. Worse, since the amount and variety of this software is rapidly proliferating, manual analysis by rare, talented hackers cannot scale to keep this software safe.My first foray into what became my dissertation work tried to address a specific class of this general problem: backdoors inserted (either due to malice or for later support and maintenance convenience) into internet-connected embedded devices, such as smart power-meters. To address the requirement of having to reason about logical bugs and to analyze enormous amounts of binary code, I created a novel combination of static and dynamic-symbolic analysis techniques. Combining this with an insight into a new way to define a backdoor, I was able to build a system that analyzed firmware of real-world devices to identify such vulnerabilities in them.This first foray led into my main contribution: the generalization of this analysis composition in the form of a principled binary analysis framework built to enable the seamless combination of diverse program analysis techniques. This framework, angr, provides a powerful base future research from myself, my lab-mates, and researchers around the world (as the framework is fully open source). One of the early applications of the system was the identification of authentication bypass vulnerabilities in binary firmware using a combination of static analysis and dynamic symbolic execution.Using angr, we built an autonomous program analysis system that was able to analyze, exploit, and protect binary code without any human intervention. This system, the Mechanical Phish, won third place in the Cyber Grand Challenge, a competition created by DARPA to bootstrap the development of autonomous Cyber Reasoning Systems. While the system did well, its performance in the Cyber Grand Challenge provided an insight that shaped the conclusion of my dissertation: even with the current program analysis techniques combined into a coherent Cyber Reasoning System, serious limitations still exist. In the final work of my graduate studies, I explored the careful reintegration of human assistance into our analysis automation, in a way that addresses its limitations without compromising its scalability advantage over manual analysis.

Subjects/Keywords: Computer science; binary analysis; cyber autonomy; program analysis; vulnerability detection

9 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Shoshitaishvili, Y. (2017). Building a Base for Cyber-autonomy. (Thesis). University of California – eScholarship, University of California. Retrieved from http://www.escholarship.org/uc/item/2gt7v61r

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Shoshitaishvili, Yan. “Building a Base for Cyber-autonomy.” 2017. Thesis, University of California – eScholarship, University of California. Accessed January 24, 2021. http://www.escholarship.org/uc/item/2gt7v61r.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Shoshitaishvili, Yan. “Building a Base for Cyber-autonomy.” 2017. Web. 24 Jan 2021.

Vancouver:

Shoshitaishvili Y. Building a Base for Cyber-autonomy. [Internet] [Thesis]. University of California – eScholarship, University of California; 2017. [cited 2021 Jan 24]. Available from: http://www.escholarship.org/uc/item/2gt7v61r.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Shoshitaishvili Y. Building a Base for Cyber-autonomy. [Thesis]. University of California – eScholarship, University of California; 2017. Available from: http://www.escholarship.org/uc/item/2gt7v61r

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

KTH

4. Broström, Andreas. Integrating Automated Security Testing in the Agile Development Process : Earlier Vulnerability Detection in an Environment with High Security Demands.

Degree: Computer Science and Communication (CSC), 2015, KTH

URL: http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-170834

►

The number of vulnerabilities discovered in software has been growing fast the last few years. At the same time the Agile method has quickly… (more)

▼

The number of vulnerabilities discovered in software has been growing fast the last few years. At the same time the Agile method has quickly become one of the most popular methods for software development. However, it contains no mention of security, and since security is not traditionally agile it is hard to develop secure software using the Agile method. To make software secure, security testing must be included in the development process. The aim of this thesis is to investigate how and where security can be integrated in the Agile development process when developing web applications. In the thesis some possible approaches for this are presented, one of which is to use a web application security scanner. The crawling and detection abilities of four scanners are compared, on scanner evaluation applications and on applications made by Nordnet.An example implementation of one of those scanners is made in the testing phase of the development process. Finally, a guide is created that explains how to use the implementation. I reach the conclusion that it is possible to integrate security in the Agile development process by using a web application security scanner during testing. This approach requires a minimal effort to set up, is highly automated and it makes the Agile development process secure and more effective.

Antalet upptäckta sårbarheter i mjukvara har ökat fort under de senaste åren. Den agila metoden har samtidigt blivit en av de mest populära metoderna för mjukvaruutveckling. Den berör dock inte säkerhet, och eftersom säkerhet, traditionellt sett, inte är agilt så blir det svårt att utveckla säker mjukvara med den agila metoden. För att kunna göra mjukvaran säker så måste säkerhetstestning infogas i utvecklingsfasen. Syftet med det här arbetet är att undersöka hur och var säkerhet kan integreras i den agila utvecklingsprocessen vid utveckling av webbapplikationer. Några sätt att göra detta på beskrivs i arbetet, varav ett är att använda ett verktyg för säkerhetstestning. En jämförelse av hur bra fyra sådana verktyg är på att genomsöka och hitta sårbarheter utförs på applikationer designade för att utvärdera verktyg för säkerhetstestning, samt hos Nordnets egna applikationer. Sedan beskrivs en exempelimplementation av ett av dessa verktyg i testfasen av utvecklingsprocessen. Slutligen, tas en guide fram som beskriver hur implementationen kan användas. Jag kommer fram till att det är möjligt att inkludera säkerhet i den agila utvecklingsprocessen genom att använda ett verktyg för säkerhetstestning i testfasen av utvecklingsprocessen. Detta tillvägagångssätt innebär en minimal ansträngning att införa, är automatiserat i hög grad och det gör den agila utvecklingsprocessen säker och mer effektiv.

Subjects/Keywords: agile; security; testing; vulnerability scanner; detection; Computer Sciences; Datavetenskap (datalogi)

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Broström, A. (2015). Integrating Automated Security Testing in the Agile Development Process : Earlier Vulnerability Detection in an Environment with High Security Demands. (Thesis). KTH. Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-170834

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Broström, Andreas. “Integrating Automated Security Testing in the Agile Development Process : Earlier Vulnerability Detection in an Environment with High Security Demands.” 2015. Thesis, KTH. Accessed January 24, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-170834.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Broström, Andreas. “Integrating Automated Security Testing in the Agile Development Process : Earlier Vulnerability Detection in an Environment with High Security Demands.” 2015. Web. 24 Jan 2021.

Vancouver:

Broström A. Integrating Automated Security Testing in the Agile Development Process : Earlier Vulnerability Detection in an Environment with High Security Demands. [Internet] [Thesis]. KTH; 2015. [cited 2021 Jan 24]. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-170834.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Broström A. Integrating Automated Security Testing in the Agile Development Process : Earlier Vulnerability Detection in an Environment with High Security Demands. [Thesis]. KTH; 2015. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-170834

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Sydney

5. Liu, Long. Modelling and Vulnerability Assessment of Intelligent Electricity Networks as Cyber-Physical Systems .

Degree: 2017, University of Sydney

URL: http://hdl.handle.net/2123/17846

► The future grid is different from the current system, and requires more interactions between electrical network and data communication network from the end users to… (more)

Subjects/Keywords: smart grid; interdependent networks; vulnerability assessment; complex networks; community detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Liu, L. (2017). Modelling and Vulnerability Assessment of Intelligent Electricity Networks as Cyber-Physical Systems . (Thesis). University of Sydney. Retrieved from http://hdl.handle.net/2123/17846

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Liu, Long. “Modelling and Vulnerability Assessment of Intelligent Electricity Networks as Cyber-Physical Systems .” 2017. Thesis, University of Sydney. Accessed January 24, 2021. http://hdl.handle.net/2123/17846.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Liu, Long. “Modelling and Vulnerability Assessment of Intelligent Electricity Networks as Cyber-Physical Systems .” 2017. Web. 24 Jan 2021.

Vancouver:

Liu L. Modelling and Vulnerability Assessment of Intelligent Electricity Networks as Cyber-Physical Systems . [Internet] [Thesis]. University of Sydney; 2017. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/2123/17846.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Liu L. Modelling and Vulnerability Assessment of Intelligent Electricity Networks as Cyber-Physical Systems . [Thesis]. University of Sydney; 2017. Available from: http://hdl.handle.net/2123/17846

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Bradford

6. Munir, Rashid. A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats.

Degree: PhD, 2014, University of Bradford

URL: http://hdl.handle.net/10454/14251

► Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in… (more)

Subjects/Keywords: 005.8; Enterprise network security; Vulnerability analysis; Security assessment; Risk; Threat detection; Common Vulnerability Scoring System (CVSS)

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Munir, R. (2014). A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats. (Doctoral Dissertation). University of Bradford. Retrieved from http://hdl.handle.net/10454/14251

Chicago Manual of Style (16^th Edition):

Munir, Rashid. “A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats.” 2014. Doctoral Dissertation, University of Bradford. Accessed January 24, 2021. http://hdl.handle.net/10454/14251.

MLA Handbook (7^th Edition):

Munir, Rashid. “A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats.” 2014. Web. 24 Jan 2021.

Vancouver:

Munir R. A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats. [Internet] [Doctoral dissertation]. University of Bradford; 2014. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/10454/14251.

Council of Science Editors:

Munir R. A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats. [Doctoral Dissertation]. University of Bradford; 2014. Available from: http://hdl.handle.net/10454/14251

Delft University of Technology

7. Bisesser, Dinesh (author). Predicting True Vulnerabilities from Static Analyzer Warnings in Industry: An Attempt to Faster Releasing Software in Industry.

Degree: 2020, Delft University of Technology

URL: http://resolver.tudelft.nl/uuid:abfa9cc8-75ba-4dd0-84ed-3ce674445c0d

►

An increasing digital world, comes with many benefits but unfortunately also many drawbacks. The increase of the digital world means an increase in data and… (more)

▼

An increasing digital world, comes with many benefits but unfortunately also many drawbacks. The increase of the digital world means an increase in data and software. Developing more software unfortunately also means a higher probability of vulnerabilities, which can be exploited by adversaries. Adversaries taking advantage of users and software vulnerabilities, by stealing data to cause harm, steal money, etc. This makes the digital world a dangerous environment. To ensure software has a minimal number of vulnerabilities, companies invest in software tools and experts to check their software for vulnerabilities. One such company is ING, the largest bank of The Netherlands. At ING they use Fortify, a static analyzer. The problem with this tool is that it gives many false positives. Therefore, pentesters and developers have to manually check all the warnings given by Fortify, which takes a lot of time and slows down the whole software development process. In this study, we propose to use supervised machine learning techniques to predict true vulnerabilities from static analyzer warnings. Using ING's data from Fortify, two highly imbalanced datasets with code metrics are created on class and method level. Various classifiers and sampling techniques are compared to determine which techniques perform the best. Next to that, we also compared the performance at different levels of granularity. Finally, we also investigate whether a dataset with different types of vulnerabilities performs better than a dataset consisting of only one vulnerability type. From our study, it is clear that Bagging in combination with ClassBalancer gives the best f-measure (0.618) for the class-level dataset, which is slightly good. Random Forest with SMOTE gives the best f-measure (0.412) for the method-level dataset, which we consider weak. Depending on the type of vulnerability, the performance can benefit from a dataset per vulnerability type. Overall, the performance found in this study shows slightly promising results when using Fortify in combination with supervised machine learning, especially compared to only using Fortify.

Computer Science

Advisors/Committee Members: Panichella, A. (mentor), Verwer, S.E. (graduation committee), Lagendijk, R.L. (graduation committee), Delft University of Technology (degree granting institution).

Subjects/Keywords: Static Analysis; Supervised Learning; Fortify; software vulnerability detection; Classification; Code Metrics; Vulnerability Types; Granularity; Closed Source

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Bisesser, D. (. (2020). Predicting True Vulnerabilities from Static Analyzer Warnings in Industry: An Attempt to Faster Releasing Software in Industry. (Masters Thesis). Delft University of Technology. Retrieved from http://resolver.tudelft.nl/uuid:abfa9cc8-75ba-4dd0-84ed-3ce674445c0d

Chicago Manual of Style (16^th Edition):

Bisesser, Dinesh (author). “Predicting True Vulnerabilities from Static Analyzer Warnings in Industry: An Attempt to Faster Releasing Software in Industry.” 2020. Masters Thesis, Delft University of Technology. Accessed January 24, 2021. http://resolver.tudelft.nl/uuid:abfa9cc8-75ba-4dd0-84ed-3ce674445c0d.

MLA Handbook (7^th Edition):

Bisesser, Dinesh (author). “Predicting True Vulnerabilities from Static Analyzer Warnings in Industry: An Attempt to Faster Releasing Software in Industry.” 2020. Web. 24 Jan 2021.

Vancouver:

Bisesser D(. Predicting True Vulnerabilities from Static Analyzer Warnings in Industry: An Attempt to Faster Releasing Software in Industry. [Internet] [Masters thesis]. Delft University of Technology; 2020. [cited 2021 Jan 24]. Available from: http://resolver.tudelft.nl/uuid:abfa9cc8-75ba-4dd0-84ed-3ce674445c0d.

Council of Science Editors:

Bisesser D(. Predicting True Vulnerabilities from Static Analyzer Warnings in Industry: An Attempt to Faster Releasing Software in Industry. [Masters Thesis]. Delft University of Technology; 2020. Available from: http://resolver.tudelft.nl/uuid:abfa9cc8-75ba-4dd0-84ed-3ce674445c0d

8. Jimenez, Willy. Two complementary approaches to detecting vulnerabilities in C programs : Deux approches complémentaires pour la détection de vulnérabilités dans les programmes C.

Degree: Docteur es, Informatique, 2013, Evry, Institut national des télécommunications

URL: http://www.theses.fr/2013TELE0017

►

De manière générale, en informatique, les vulnérabilités logicielles sont définies comme des cas particuliers de fonctionnements non attendus du système menant à la dégradation des… (more)

▼

De manière générale, en informatique, les vulnérabilités logicielles sont définies comme des cas particuliers de fonctionnements non attendus du système menant à la dégradation des propriétés de sécurité ou à la violation de la politique de sécurité. Ces vulnérabilités peuvent être exploitées par des utilisateurs malveillants comme brèches de sécurité. Comme la documentation sur les vulnérabilités n'est pas toujours disponible pour les développeurs et que les outils qu'ils utilisent ne leur permettent pas de les détecter et les éviter, l'industrie du logiciel continue à être paralysée par des failles de sécurité. Nos travaux de recherche s'inscrivent dans le cadre du projet Européen SHIELDS et portent sur les techniques de modélisation et de détection formelles de vulnérabilités. Dans ce domaine, les approches existantes sont peu nombreuses et ne se basent pas toujours sur une modélisation formelle précise des vulnérabilités qu'elles traitent. De plus, les outils de détection sous-jacents produisent un nombre conséquent de faux positifs/négatifs. Notons également qu'il est assez difficile pour un développeur de savoir quelles vulnérabilités sont détectées par chaque outil vu que ces derniers sont très peu documentés. En résumé, les contributions réalisées dans le cadre de cette thèse sont les suivantes: Définition d'un formalisme tabulaire de description de vulnérabilités appelé template. Définition d'un langage formel, appelé Condition de Détection de Vulnérabilité (VDC). Une approche de génération de VDCs à partir des templates. Définition d'une approche de détection de vulnérabilités combinant le model checking et l'injection de fautes. Évaluation des deux approches

In general, computer software vulnerabilities are defined as special cases where an unexpected behavior of the system leads to the degradation of security properties or the violation of security policies. These vulnerabilities can be exploited by malicious users or systems impacting the security and/or operation of the attacked system. Since the literature on vulnerabilities is not always available to developers and the used tools do not allow detecting and avoiding them; the software industry continues to be affected by security breaches. Therefore, the detection of vulnerabilities in software has become a major concern and research area. Our research was done under the scope of the SHIELDS European project and focuses specifically on modeling techniques and formal detection of vulnerabilities. In this area, existing approaches are limited and do not always rely on a precise formal modeling of the vulnerabilities they target. Additionally detection tools produce a significant number of false positives/negatives. Note also that it is quite difficult for a developer to know what vulnerabilities are detected by each tool because they are not well documented. Under this context the contributions made in this thesis are: Definition of a formalism called template. Definition of a formal language, called Vulnerability Detection Condition (VDC), which can…

Advisors/Committee Members: Cavalli, Ana (thesis director), Mammar, Amel (thesis director).

Subjects/Keywords: Vulnérabilité; Détection automatique; Test passif; Formalisme; Condition de détection de vulnérabilité; Template; Model checking; Vulnerability; Automatic detection; Passive testing; Formalism; Vulnerability detection condition; Template; Model checking

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Jimenez, W. (2013). Two complementary approaches to detecting vulnerabilities in C programs : Deux approches complémentaires pour la détection de vulnérabilités dans les programmes C. (Doctoral Dissertation). Evry, Institut national des télécommunications. Retrieved from http://www.theses.fr/2013TELE0017

Chicago Manual of Style (16^th Edition):

Jimenez, Willy. “Two complementary approaches to detecting vulnerabilities in C programs : Deux approches complémentaires pour la détection de vulnérabilités dans les programmes C.” 2013. Doctoral Dissertation, Evry, Institut national des télécommunications. Accessed January 24, 2021. http://www.theses.fr/2013TELE0017.

MLA Handbook (7^th Edition):

Jimenez, Willy. “Two complementary approaches to detecting vulnerabilities in C programs : Deux approches complémentaires pour la détection de vulnérabilités dans les programmes C.” 2013. Web. 24 Jan 2021.

Vancouver:

Jimenez W. Two complementary approaches to detecting vulnerabilities in C programs : Deux approches complémentaires pour la détection de vulnérabilités dans les programmes C. [Internet] [Doctoral dissertation]. Evry, Institut national des télécommunications; 2013. [cited 2021 Jan 24]. Available from: http://www.theses.fr/2013TELE0017.

Council of Science Editors:

Jimenez W. Two complementary approaches to detecting vulnerabilities in C programs : Deux approches complémentaires pour la détection de vulnérabilités dans les programmes C. [Doctoral Dissertation]. Evry, Institut national des télécommunications; 2013. Available from: http://www.theses.fr/2013TELE0017

Delft University of Technology

9. Anker, Eva (author). Runtime analysis of Android apps based on their behaviour.

Degree: 2020, Delft University of Technology

URL: http://resolver.tudelft.nl/uuid:78cf1391-4767-4027-803b-b2ad3bd583eb

► In the modern world, Smartphones are everywhere and Android is the most used operating system. To protect these devices against malicious actions, the behaviour of… (more)

Subjects/Keywords: Android; Smartphones; JNI; Apps; Call graph; Vulnerability detection; Dynamic analysis; Dynamic Binary Instrumentation

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Anker, E. (. (2020). Runtime analysis of Android apps based on their behaviour. (Masters Thesis). Delft University of Technology. Retrieved from http://resolver.tudelft.nl/uuid:78cf1391-4767-4027-803b-b2ad3bd583eb

Chicago Manual of Style (16^th Edition):

Anker, Eva (author). “Runtime analysis of Android apps based on their behaviour.” 2020. Masters Thesis, Delft University of Technology. Accessed January 24, 2021. http://resolver.tudelft.nl/uuid:78cf1391-4767-4027-803b-b2ad3bd583eb.

MLA Handbook (7^th Edition):

Anker, Eva (author). “Runtime analysis of Android apps based on their behaviour.” 2020. Web. 24 Jan 2021.

Vancouver:

Anker E(. Runtime analysis of Android apps based on their behaviour. [Internet] [Masters thesis]. Delft University of Technology; 2020. [cited 2021 Jan 24]. Available from: http://resolver.tudelft.nl/uuid:78cf1391-4767-4027-803b-b2ad3bd583eb.

Council of Science Editors:

Anker E(. Runtime analysis of Android apps based on their behaviour. [Masters Thesis]. Delft University of Technology; 2020. Available from: http://resolver.tudelft.nl/uuid:78cf1391-4767-4027-803b-b2ad3bd583eb

Brno University of Technology

10. Krkoš, Radko. Software pro hledání zranitelných počítačů v síti: Software for seeking vulnerable computers in network.

Degree: 2018, Brno University of Technology

URL: http://hdl.handle.net/11012/17580

► This thesis concerns about computer system and network infrastructure security. It describes the topic of security holes and vulnerabilities and discusses possibilities for computer attack… (more)

Subjects/Keywords: bezpečnosť; počítač; skenovanie; bezpečnostná diera; detekcia; aplikácia; software; security; computer; scanning; vulnerability; detection; application; software

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Krkoš, R. (2018). Software pro hledání zranitelných počítačů v síti: Software for seeking vulnerable computers in network. (Thesis). Brno University of Technology. Retrieved from http://hdl.handle.net/11012/17580

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Krkoš, Radko. “Software pro hledání zranitelných počítačů v síti: Software for seeking vulnerable computers in network.” 2018. Thesis, Brno University of Technology. Accessed January 24, 2021. http://hdl.handle.net/11012/17580.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Krkoš, Radko. “Software pro hledání zranitelných počítačů v síti: Software for seeking vulnerable computers in network.” 2018. Web. 24 Jan 2021.

Vancouver:

Krkoš R. Software pro hledání zranitelných počítačů v síti: Software for seeking vulnerable computers in network. [Internet] [Thesis]. Brno University of Technology; 2018. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/11012/17580.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Krkoš R. Software pro hledání zranitelných počítačů v síti: Software for seeking vulnerable computers in network. [Thesis]. Brno University of Technology; 2018. Available from: http://hdl.handle.net/11012/17580

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Brno University of Technology

11. Janček, Matej. Detekce zranitelnosti ze souboru Blueborne: Detection of Blueborne Revealed Vulnerability.

Degree: 2020, Brno University of Technology

URL: http://hdl.handle.net/11012/194955

► This paper deals with the development of an automatic detection method detecting Blueborne vulnerabilities in Android devices. The result is a method that is invoking… (more)

Subjects/Keywords: bluetooth; blueborne; android; zraniteľnosť; detekcia; bezpečnosť; bluetooth; blueborne; android; vulnerability; detection; security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Janček, M. (2020). Detekce zranitelnosti ze souboru Blueborne: Detection of Blueborne Revealed Vulnerability. (Thesis). Brno University of Technology. Retrieved from http://hdl.handle.net/11012/194955

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Janček, Matej. “Detekce zranitelnosti ze souboru Blueborne: Detection of Blueborne Revealed Vulnerability.” 2020. Thesis, Brno University of Technology. Accessed January 24, 2021. http://hdl.handle.net/11012/194955.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Janček, Matej. “Detekce zranitelnosti ze souboru Blueborne: Detection of Blueborne Revealed Vulnerability.” 2020. Web. 24 Jan 2021.

Vancouver:

Janček M. Detekce zranitelnosti ze souboru Blueborne: Detection of Blueborne Revealed Vulnerability. [Internet] [Thesis]. Brno University of Technology; 2020. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/11012/194955.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Janček M. Detekce zranitelnosti ze souboru Blueborne: Detection of Blueborne Revealed Vulnerability. [Thesis]. Brno University of Technology; 2020. Available from: http://hdl.handle.net/11012/194955

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Delft University of Technology

12. Man, K.W. (author). Predicting software vulnerabilities with unsupervised learning techniques.

Degree: 2020, Delft University of Technology

URL: http://resolver.tudelft.nl/uuid:80c1b078-b8ca-4c29-b0ba-866fdc5f656b

► As software is produced more and more every year, software also gets exploited more. This exploitation can lead to huge monetary losses and other damages… (more)

Subjects/Keywords: k-means; unsupervised learning; software fault prediction; software vulnerability detection; k-nearest neighbors; Fortify; anomaly detection; clustering

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Man, K. W. (. (2020). Predicting software vulnerabilities with unsupervised learning techniques. (Masters Thesis). Delft University of Technology. Retrieved from http://resolver.tudelft.nl/uuid:80c1b078-b8ca-4c29-b0ba-866fdc5f656b

Chicago Manual of Style (16^th Edition):

Man, K W (author). “Predicting software vulnerabilities with unsupervised learning techniques.” 2020. Masters Thesis, Delft University of Technology. Accessed January 24, 2021. http://resolver.tudelft.nl/uuid:80c1b078-b8ca-4c29-b0ba-866fdc5f656b.

MLA Handbook (7^th Edition):

Man, K W (author). “Predicting software vulnerabilities with unsupervised learning techniques.” 2020. Web. 24 Jan 2021.

Vancouver:

Man KW(. Predicting software vulnerabilities with unsupervised learning techniques. [Internet] [Masters thesis]. Delft University of Technology; 2020. [cited 2021 Jan 24]. Available from: http://resolver.tudelft.nl/uuid:80c1b078-b8ca-4c29-b0ba-866fdc5f656b.

Council of Science Editors:

Man KW(. Predicting software vulnerabilities with unsupervised learning techniques. [Masters Thesis]. Delft University of Technology; 2020. Available from: http://resolver.tudelft.nl/uuid:80c1b078-b8ca-4c29-b0ba-866fdc5f656b

13. Stijnen, M.M.N. Towards proactive care for potentially frail older people in general practice : Development, feasibility, and effectiveness of the [G]OLD preventive home visitation programme.

Degree: 2015, Datawyse / Universitaire Pers Maastricht

URL: https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; 45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:isbn:9789461593924 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8

► Ensuring that the elderly can live independently at home for as long as possible is central to Dutch healthcare policy. This is pursued by [G]OUD,… (more)

Subjects/Keywords: elderly care; vulnerability; early detection; primary care

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Stijnen, M. M. N. (2015). Towards proactive care for potentially frail older people in general practice : Development, feasibility, and effectiveness of the [G]OLD preventive home visitation programme. (Doctoral Dissertation). Datawyse / Universitaire Pers Maastricht. Retrieved from https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; 45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:isbn:9789461593924 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8

Chicago Manual of Style (16^th Edition):

Stijnen, M M N. “Towards proactive care for potentially frail older people in general practice : Development, feasibility, and effectiveness of the [G]OLD preventive home visitation programme.” 2015. Doctoral Dissertation, Datawyse / Universitaire Pers Maastricht. Accessed January 24, 2021. https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; 45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:isbn:9789461593924 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8.

MLA Handbook (7^th Edition):

Stijnen, M M N. “Towards proactive care for potentially frail older people in general practice : Development, feasibility, and effectiveness of the [G]OLD preventive home visitation programme.” 2015. Web. 24 Jan 2021.

Vancouver:

Stijnen MMN. Towards proactive care for potentially frail older people in general practice : Development, feasibility, and effectiveness of the [G]OLD preventive home visitation programme. [Internet] [Doctoral dissertation]. Datawyse / Universitaire Pers Maastricht; 2015. [cited 2021 Jan 24]. Available from: https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; 45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:isbn:9789461593924 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8.

Council of Science Editors:

Stijnen MMN. Towards proactive care for potentially frail older people in general practice : Development, feasibility, and effectiveness of the [G]OLD preventive home visitation programme. [Doctoral Dissertation]. Datawyse / Universitaire Pers Maastricht; 2015. Available from: https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; 45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; urn:isbn:9789461593924 ; urn:nbn:nl:ui:27-45625e9f-ff65-4c43-bd0f-31d271e61dc8 ; https://cris.maastrichtuniversity.nl/en/publications/45625e9f-ff65-4c43-bd0f-31d271e61dc8

Brno University of Technology

14. Koláček, František. Automatizovaná detekce zranitelnosti webových aplikací: Automated Web Application Vulnerability Detection.

Degree: 2018, Brno University of Technology

URL: http://hdl.handle.net/11012/52361

► The aim of this thesis is to analyze and compare implementation of already existing open source web application vulnerability scanners (using test suites Wivet and… (more)

Subjects/Keywords: web; bezpečnost; detekce zranitelností; revok; wivet; wavsep; jenkins; web; security; vulnerability detection; revok; wivet; wavsep; jenkins

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Koláček, F. (2018). Automatizovaná detekce zranitelnosti webových aplikací: Automated Web Application Vulnerability Detection. (Thesis). Brno University of Technology. Retrieved from http://hdl.handle.net/11012/52361

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Koláček, František. “Automatizovaná detekce zranitelnosti webových aplikací: Automated Web Application Vulnerability Detection.” 2018. Thesis, Brno University of Technology. Accessed January 24, 2021. http://hdl.handle.net/11012/52361.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Koláček, František. “Automatizovaná detekce zranitelnosti webových aplikací: Automated Web Application Vulnerability Detection.” 2018. Web. 24 Jan 2021.

Vancouver:

Koláček F. Automatizovaná detekce zranitelnosti webových aplikací: Automated Web Application Vulnerability Detection. [Internet] [Thesis]. Brno University of Technology; 2018. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/11012/52361.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Koláček F. Automatizovaná detekce zranitelnosti webových aplikací: Automated Web Application Vulnerability Detection. [Thesis]. Brno University of Technology; 2018. Available from: http://hdl.handle.net/11012/52361

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

15. Thresiamma K. George; Dr. K. Poulose Jacob; Dr. Rekha K. James. Security Vulnerability in On-Line Applications: Analysis, Anomaly Detection and Prevention of Attack.

Degree: 2017, Cochin University of Science and Technology

URL: http://dyuthi.cusat.ac.in/purl/5355

Subjects/Keywords: Security Vulnerability; Multilevel Template Based Detection Framework; Reconstruction Framework

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

James, T. K. G. D. K. P. J. D. R. K. (2017). Security Vulnerability in On-Line Applications: Analysis, Anomaly Detection and Prevention of Attack. (Thesis). Cochin University of Science and Technology. Retrieved from http://dyuthi.cusat.ac.in/purl/5355

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

James, Thresiamma K. George; Dr. K. Poulose Jacob; Dr. Rekha K.. “Security Vulnerability in On-Line Applications: Analysis, Anomaly Detection and Prevention of Attack.” 2017. Thesis, Cochin University of Science and Technology. Accessed January 24, 2021. http://dyuthi.cusat.ac.in/purl/5355.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

James, Thresiamma K. George; Dr. K. Poulose Jacob; Dr. Rekha K.. “Security Vulnerability in On-Line Applications: Analysis, Anomaly Detection and Prevention of Attack.” 2017. Web. 24 Jan 2021.

Vancouver:

James TKGDKPJDRK. Security Vulnerability in On-Line Applications: Analysis, Anomaly Detection and Prevention of Attack. [Internet] [Thesis]. Cochin University of Science and Technology; 2017. [cited 2021 Jan 24]. Available from: http://dyuthi.cusat.ac.in/purl/5355.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

James TKGDKPJDRK. Security Vulnerability in On-Line Applications: Analysis, Anomaly Detection and Prevention of Attack. [Thesis]. Cochin University of Science and Technology; 2017. Available from: http://dyuthi.cusat.ac.in/purl/5355

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Iowa State University

16. Pham, Nam Hoai. Detection of recurring software vulnerabilities.

Degree: 2010, Iowa State University

URL: https://lib.dr.iastate.edu/etd/11590

► Software security vulnerabilities are discovered on an almost daily basis and have caused substantial damage. It is vital to be able to detect and resolve… (more)

▼ Software security vulnerabilities are discovered on an almost daily basis and have caused substantial damage. It is vital to be able to detect and resolve them as early as possible. One of early detection approaches is to consult with the prior known vulnerabilities and corresponding patches. With the hypothesis that recurring software vulnerabilities are due to software reuse, we conducted an empirical study on several databases for security vulnerabilities and found several recurring and similar software security vulnerabilities occurring in different software systems. Most of recurring vulnerabilities occur in the systems that reuse source code, share libraries/APIs or reuse at a higher level of abstraction (e.g. algorithms, protocols, or specifications). The finding suggests that one could effectively detect and resolve some unreported vulnerabilities in one software system by consulting the prior known and reported vulnerabilities in the other systems that reuse/share source code, libraries/APIs, or specifications. To help developers with this task, we developed SecureSync, a supporting tool to automatically detect recurring software vulnerabilities in different systems that share source code or libraries, which are the most frequent types of recurring vulnerabilities. SecureSync is designed to work with a semi-automatically built knowledge base of the prior known/reported vulnerabilities, including the corresponding systems, libraries, and vulnerable and patched code. To help developers check and fix the vulnerable code, SecureSync also provides some suggestions such as adding missed function calls, adding checking of an input/output of a function call, replacing the operators in an expression, etc. We conducted an evaluation on 60 vulnerabilities of with the totals of 176 releases in 119 open-source software systems. The result shows that SecureSync is able to detect recurring vulnerabilities with high accuracy and to identify several vulnerable code locations that are not yet reported or fixed even in mature systems.

Subjects/Keywords: Detection; Recurring; Software Vulnerability; Electrical and Computer Engineering

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Pham, N. H. (2010). Detection of recurring software vulnerabilities. (Thesis). Iowa State University. Retrieved from https://lib.dr.iastate.edu/etd/11590

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Pham, Nam Hoai. “Detection of recurring software vulnerabilities.” 2010. Thesis, Iowa State University. Accessed January 24, 2021. https://lib.dr.iastate.edu/etd/11590.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Pham, Nam Hoai. “Detection of recurring software vulnerabilities.” 2010. Web. 24 Jan 2021.

Vancouver:

Pham NH. Detection of recurring software vulnerabilities. [Internet] [Thesis]. Iowa State University; 2010. [cited 2021 Jan 24]. Available from: https://lib.dr.iastate.edu/etd/11590.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Pham NH. Detection of recurring software vulnerabilities. [Thesis]. Iowa State University; 2010. Available from: https://lib.dr.iastate.edu/etd/11590

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

17. Irolla, Paul. Formalization of Neural Network Applications to Secure 3D Mobile Applications : Formalisation et applications des réseaux de neurones à la sécurisation d'applications mobiles 3D.

Degree: Docteur es, Recherche clinique, innovation technologique, santé publique, 2018, Université Paris-Saclay (ComUE)

URL: http://www.theses.fr/2018SACLS585

► Ce travail de thèse fait partie du projet 3D NeuroSecure. C'est un projet d'investissement d'avenir, qui vise à développer une solution de collaboration sécurisée pour… (more)

▼ Ce travail de thèse fait partie du projet 3D NeuroSecure. C'est un projet d'investissement d'avenir, qui vise à développer une solution de collaboration sécurisée pour l'innovation thérapeutique appliquant les traitements de haute performance (HPC) au monde biomédical. Cette solution donnera la possibilité pour les experts de différents domaines de naviguer intuitivement dans l'imagerie Big Data avec un accès via des terminaux mobile. La protection des données contre les fuites de données est primordiale. En tant que tel, l'environnement client et les communications avec le serveur doivent être sécurisé. Nous avons concentré notre travail sur le développement d'une solution antivirale sur le système d'exploitation Android. Nous avons promu la création de nouveaux algorithmes, méthodes et outils qui apportent des avantages par rapport à état de l'art, mais plus important encore, qui peuvent être utilisés efficacement dans un contexte de production. C'est pourquoi, ce qui est proposé ici est souvent un compromis entre ce qui peut théoriquement être fait et son applicabilité. Les choix algorithmiques et technologiques sont motivés par une relation entre efficacité et performance. Cette thèse contribue à l'état de l'art dans les domaines suivants:Analyse statique et dynamique d'applications Android, web crawling d'application.Tout d'abord, pour rechercher des fonctions malveillantes et des vulnérabilités, il faut concevoir les outils qui extraient des informations pertinentes des applications Android. C'est la base de toute analyse. En outre, tout algorithme de classification est toujours limité par la qualité discriminative des données sous-jacentes. Une partie importante de cette thèse est la la conception d'outils d'analyse statique et dynamique efficientes, telles qu'un module de reverse engineering, un outil d'analyse de communication, un système Android instrumenté.Algorithme d'initialisation, d'apprentissage et d'anti-saturation pour réseau de neurones.Les réseaux de neurones sont initialisés au hasard. Il est possible de contrôler la distribution aléatoire sous-jacente afin de réduire l'effet de saturation, le temps de l'entrainement et la capacité à atteindre le minimum global. Nous avons développé une procédure d’initialisation qui améliore les résultats par rapport à l'état del'art. Nous avons aussi adapté l'algorithme ADAM pour prendre en compte les interdépendances avec des techniques de régularisation, en particulier le Dropout. Enfin, nous utilisons techniques d'anti-saturation et nous montrons qu'elles sont nécessaires pour entraîner correctement un réseau neuronal.Un algorithme pour représenter les sous-séquences communes à un groupe de séquences.Nous proposons un nouvel algorithme pour construire l'AntichaineEnglobante des sous-séquences communes. Il est capable de traiter et de représenter toutes les sous-séquences d'un ensemble de séquences. C'estun outil qui permet de caractériser de manière systématique un groupe de séquence. Cet algorithme est une nouvelle voie de recherche verscréation automatique… Advisors/Committee Members: Filiol, Éric (thesis director), Deslys, Jean-Philippe (thesis director).

Subjects/Keywords: Détection de malware Android; Vulnérabilité; Data mining; Apprentissage artificiel; Séquence; Android malware detection,; Vulnerability; Data mining; Machine learning; Sequence

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Irolla, P. (2018). Formalization of Neural Network Applications to Secure 3D Mobile Applications : Formalisation et applications des réseaux de neurones à la sécurisation d'applications mobiles 3D. (Doctoral Dissertation). Université Paris-Saclay (ComUE). Retrieved from http://www.theses.fr/2018SACLS585

Chicago Manual of Style (16^th Edition):

Irolla, Paul. “Formalization of Neural Network Applications to Secure 3D Mobile Applications : Formalisation et applications des réseaux de neurones à la sécurisation d'applications mobiles 3D.” 2018. Doctoral Dissertation, Université Paris-Saclay (ComUE). Accessed January 24, 2021. http://www.theses.fr/2018SACLS585.

MLA Handbook (7^th Edition):

Irolla, Paul. “Formalization of Neural Network Applications to Secure 3D Mobile Applications : Formalisation et applications des réseaux de neurones à la sécurisation d'applications mobiles 3D.” 2018. Web. 24 Jan 2021.

Vancouver:

Irolla P. Formalization of Neural Network Applications to Secure 3D Mobile Applications : Formalisation et applications des réseaux de neurones à la sécurisation d'applications mobiles 3D. [Internet] [Doctoral dissertation]. Université Paris-Saclay (ComUE); 2018. [cited 2021 Jan 24]. Available from: http://www.theses.fr/2018SACLS585.

Council of Science Editors:

Irolla P. Formalization of Neural Network Applications to Secure 3D Mobile Applications : Formalisation et applications des réseaux de neurones à la sécurisation d'applications mobiles 3D. [Doctoral Dissertation]. Université Paris-Saclay (ComUE); 2018. Available from: http://www.theses.fr/2018SACLS585

18. Dewey, David Bryan. Finding and remedying high-level security issues in binary code.

Degree: PhD, Computer Science, 2015, Georgia Tech

URL: http://hdl.handle.net/1853/54338

► C++ and Microsoft's Component Object Model (COM) are examples of a high- level lan- guage and development framework that were built on top of the… (more)

Subjects/Keywords: Security; Static analysis; Binary decompilation; Vulnerability detection

…PROP_ENTRY_* macros and PROP_DATA_ENTRY 87 . . . . . . . 88 type confusion vulnerability… …Instantiation 63 Sample C++ code with a use-after-free vulnerability… …vulnerability is possible… …vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 67 AODA… …results detect use of an object that is not in the previously-disclosed vulnerability 68 AV…

11 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Dewey, D. B. (2015). Finding and remedying high-level security issues in binary code. (Doctoral Dissertation). Georgia Tech. Retrieved from http://hdl.handle.net/1853/54338

Chicago Manual of Style (16^th Edition):

Dewey, David Bryan. “Finding and remedying high-level security issues in binary code.” 2015. Doctoral Dissertation, Georgia Tech. Accessed January 24, 2021. http://hdl.handle.net/1853/54338.

MLA Handbook (7^th Edition):

Dewey, David Bryan. “Finding and remedying high-level security issues in binary code.” 2015. Web. 24 Jan 2021.

Vancouver:

Dewey DB. Finding and remedying high-level security issues in binary code. [Internet] [Doctoral dissertation]. Georgia Tech; 2015. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/1853/54338.

Council of Science Editors:

Dewey DB. Finding and remedying high-level security issues in binary code. [Doctoral Dissertation]. Georgia Tech; 2015. Available from: http://hdl.handle.net/1853/54338

19. Jafri, Nisrine. Formal fault injection vulnerability detection in binaries : a software process and hardware validation : Détection formelle de vulnérabilité créée par injection de faute au niveau binaire : un processus logiciel et une validation matérielle.

Degree: Docteur es, Informatique, 2019, Rennes 1

URL: http://www.theses.fr/2019REN1S014

►

L'injection de faute est une méthode bien connue pour évaluer la robustesse et détecter les vulnérabilités des systèmes. La détection des vulnérabilités créées par injection… (more)

▼

L'injection de faute est une méthode bien connue pour évaluer la robustesse et détecter les vulnérabilités des systèmes. La détection des vulnérabilités créées par injection de fautes a été approchée par différentes méthodes. Dans la littérature deux approches existent: les approches logicielles et les approches matérielles. Les approches logicielles peuvent fournir une large et rapide couverture, mais ne garantissent pas la présence de vulnérabilité dans le système. Les approches matérielles sont incontestables dans leurs résultats, mais nécessitent l’utilisation de matériaux assez coûteux et un savoir-faire approfondi, qui ne permet tout de même pas dans la majorité des cas de confirmer le modèle de faute représentant l'effet créé. Dans un premier lieu, cette thèse se concentre sur l'approche logicielle et propose une approche automatisée qui emploie les techniques de la vérification formelle pour détecter des vulnérabilités créées par injection de faute au niveau binaire. L'efficacité de cette approche est montrée en l'appliquant à des algorithmes de cryptographie implémentés dans les systèmes embarqués. Dans un second lieu, cette thèse établit un rapprochement entre les deux approches logicielles et matérielles sur la détection de vulnérabilité d'injection de faute en comparant les résultats des expériences des deux approches. Ce rapprochement des deux approches démontre que: toutes les vulnérabilités détectées par l'approche logicielle ne peuvent pas être reproduites dans le matériel; les conjectures antérieures sur le modèle de faute par des attaques d'impulsion électromagnétique ne sont pas précises ; et qu’il y a un lien entre les résultats de l’approche logicielle et l'approche matérielle. De plus, la combinaison des deux approches peut rapporter une approche plus précise et plus efficace pour détecter les vulnérabilités qui peuvent être créées par injection de faute.

Fault injection is a well known method to test the robustness and security vulnerabilities of systems. Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. Software-based and hardware-based approaches have both been used to detect fault injection vulnerabilities. Software-based approaches can provide broad and rapid coverage, but may not correlate with genuine hardware vulnerabilities. Hardware-based approaches are indisputable in their results, but rely upon expensive expert knowledge, manual testing, and can not confirm what fault model represent the created effect. First, this thesis focuses on the software-based approach and proposes a general process that uses model checking to detect fault injection vulnerabilities in binaries. The efficacy and scalability of this process is demonstrated by detecting vulnerabilities in different cryptographic real-world implementations. Then, this thesis bridges software-based and hardware-based fault injection vulnerability detection by contrasting results of the two approaches. This demonstrates that: not all software-based vulnerabilities can…

Advisors/Committee Members: Lanet, Jean-Louis (thesis director), Legay, Axel (thesis director).

Subjects/Keywords: Injection de faute; Détection de vulnérabilité; Model checking; Méthodes formelles; Fault Injection; Vulnerability Detection; Model Checking; Formal Methods

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Jafri, N. (2019). Formal fault injection vulnerability detection in binaries : a software process and hardware validation : Détection formelle de vulnérabilité créée par injection de faute au niveau binaire : un processus logiciel et une validation matérielle. (Doctoral Dissertation). Rennes 1. Retrieved from http://www.theses.fr/2019REN1S014

Chicago Manual of Style (16^th Edition):

Jafri, Nisrine. “Formal fault injection vulnerability detection in binaries : a software process and hardware validation : Détection formelle de vulnérabilité créée par injection de faute au niveau binaire : un processus logiciel et une validation matérielle.” 2019. Doctoral Dissertation, Rennes 1. Accessed January 24, 2021. http://www.theses.fr/2019REN1S014.

MLA Handbook (7^th Edition):

Jafri, Nisrine. “Formal fault injection vulnerability detection in binaries : a software process and hardware validation : Détection formelle de vulnérabilité créée par injection de faute au niveau binaire : un processus logiciel et une validation matérielle.” 2019. Web. 24 Jan 2021.

Vancouver:

Jafri N. Formal fault injection vulnerability detection in binaries : a software process and hardware validation : Détection formelle de vulnérabilité créée par injection de faute au niveau binaire : un processus logiciel et une validation matérielle. [Internet] [Doctoral dissertation]. Rennes 1; 2019. [cited 2021 Jan 24]. Available from: http://www.theses.fr/2019REN1S014.

Council of Science Editors:

Jafri N. Formal fault injection vulnerability detection in binaries : a software process and hardware validation : Détection formelle de vulnérabilité créée par injection de faute au niveau binaire : un processus logiciel et une validation matérielle. [Doctoral Dissertation]. Rennes 1; 2019. Available from: http://www.theses.fr/2019REN1S014

20. 小菅, 祐史. A Study on Dynamic Detection of Web Application Vulnerabilities : 動的解析によるWebアプリケーションの脆弱性検出手法に関する研究.

Degree: 2011, Keio University / 慶應義塾大学

URL: http://koara.lib.keio.ac.jp/xoonips/modules/xoonips/detail.php?koara_id=KO50002002-00002011-0028

博士学位論文 : 慶應義塾大学(工学　開放環境科学専攻), 2011.9.21平成23年度春学期　甲第3559号

Subjects/Keywords: セキュリティ; Webアプリケーション; 脆弱性検出; Security; Web Application; Vulnerability Detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

小菅, �. (2011). A Study on Dynamic Detection of Web Application Vulnerabilities : 動的解析によるWebアプリケーションの脆弱性検出手法に関する研究. (Thesis). Keio University / 慶應義塾大学. Retrieved from http://koara.lib.keio.ac.jp/xoonips/modules/xoonips/detail.php?koara_id=KO50002002-00002011-0028

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

小菅, 祐史. “A Study on Dynamic Detection of Web Application Vulnerabilities : 動的解析によるWebアプリケーションの脆弱性検出手法に関する研究.” 2011. Thesis, Keio University / 慶應義塾大学. Accessed January 24, 2021. http://koara.lib.keio.ac.jp/xoonips/modules/xoonips/detail.php?koara_id=KO50002002-00002011-0028.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

小菅, 祐史. “A Study on Dynamic Detection of Web Application Vulnerabilities : 動的解析によるWebアプリケーションの脆弱性検出手法に関する研究.” 2011. Web. 24 Jan 2021.

Vancouver:

小菅 �. A Study on Dynamic Detection of Web Application Vulnerabilities : 動的解析によるWebアプリケーションの脆弱性検出手法に関する研究. [Internet] [Thesis]. Keio University / 慶應義塾大学; 2011. [cited 2021 Jan 24]. Available from: http://koara.lib.keio.ac.jp/xoonips/modules/xoonips/detail.php?koara_id=KO50002002-00002011-0028.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

小菅 �. A Study on Dynamic Detection of Web Application Vulnerabilities : 動的解析によるWebアプリケーションの脆弱性検出手法に関する研究. [Thesis]. Keio University / 慶應義塾大学; 2011. Available from: http://koara.lib.keio.ac.jp/xoonips/modules/xoonips/detail.php?koara_id=KO50002002-00002011-0028

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

21. Gao, Wei. Cyber threats, attacks and intrusion detection in supervisory control and data acquisition networks.

Degree: PhD, Electrical and Computer Engineering, 2013, Mississippi State University

URL: http://sun.library.msstate.edu/ETD-db/theses/available/etd-09232013-205355/ ;

► Supervisory Control and Data Acquisition (SCADA) systems are computer-based process control systems that interconnect and monitor remote physical processes. There have been many real… (more)

▼ Supervisory Control and Data Acquisition (SCADA) systems are computer-based process control systems that interconnect and monitor remote physical processes. There have been many real world documented incidents and cyber-attacks affecting SCADA systems, which clearly illustrate critical infrastructure vulnerabilities. These reported incidents demonstrate that cyber-attacks against SCADA systems might produce a variety of financial damage and harmful events to humans and their environment. This dissertation documents four contributions towards increased security for SCADA systems. First, a set of cyber-attacks was developed. Second, each attack was executed against two fully functional SCADA systems in a laboratory environment; a gas pipeline and a water storage tank. Third, signature based intrusion detection system rules were developed and tested which can be used to generate alerts when the aforementioned attacks are executed against a SCADA system. Fourth, a set of features was developed for a decision tree based anomaly based intrusion detection system. The features were tested using the datasets developed for this work. This dissertation documents cyber-attacks on both serial based and Ethernet based SCADA networks. Four categories of attacks against SCADA systems are discussed: reconnaissance, malicious response injection, malicious command injection and denial of service. In order to evaluate performance of data mining and machine learning algorithms for intrusion detection systems in SCADA systems, a network dataset to be used for benchmarking intrusion detection systemswas generated. This network dataset includes different classes of attacks that simulate different attack scenarios on process control systems. This dissertation describes four SCADA network intrusion detection datasets; a full and abbreviated dataset for both the gas pipeline and water storage tank systems. Each feature in the dataset is captured from network flow records. This dataset groups two different categories of features that can be used as input to an intrusion detection system. First, network traffic features describe the communication patterns in a SCADA system. This research developed both signature based IDS and anomaly based IDS for the gas pipeline and water storage tank serial based SCADA systems. The performance of both types of IDS were evaluates by measuring detection rate and the prevalence of false positives. Advisors/Committee Members: Thomas H. Morris (committee member), Sherif Abdelwahed (committee member), Donna Reese (committee member), David Dampier (committee member).

Subjects/Keywords: Network Security; Dataset; Vulnerability; SCADA; : Intrusion detection system

…16 Intrusion Detection System… …20 SCADA-Specific Intrusion Detection… …79 V. SCADA NETWORK INTRUSION DETECTION .........................................95… …Anomaly Based Intrusion Detection Result .....................................................97… …Signature Based Intrusion Detection Result ..................................................105…

10 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Gao, W. (2013). Cyber threats, attacks and intrusion detection in supervisory control and data acquisition networks. (Doctoral Dissertation). Mississippi State University. Retrieved from http://sun.library.msstate.edu/ETD-db/theses/available/etd-09232013-205355/ ;

Chicago Manual of Style (16^th Edition):

Gao, Wei. “Cyber threats, attacks and intrusion detection in supervisory control and data acquisition networks.” 2013. Doctoral Dissertation, Mississippi State University. Accessed January 24, 2021. http://sun.library.msstate.edu/ETD-db/theses/available/etd-09232013-205355/ ;.

MLA Handbook (7^th Edition):

Gao, Wei. “Cyber threats, attacks and intrusion detection in supervisory control and data acquisition networks.” 2013. Web. 24 Jan 2021.

Vancouver:

Gao W. Cyber threats, attacks and intrusion detection in supervisory control and data acquisition networks. [Internet] [Doctoral dissertation]. Mississippi State University; 2013. [cited 2021 Jan 24]. Available from: http://sun.library.msstate.edu/ETD-db/theses/available/etd-09232013-205355/ ;.

Council of Science Editors:

Gao W. Cyber threats, attacks and intrusion detection in supervisory control and data acquisition networks. [Doctoral Dissertation]. Mississippi State University; 2013. Available from: http://sun.library.msstate.edu/ETD-db/theses/available/etd-09232013-205355/ ;

22. Akrout, Rim. Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web. : Web applications vulnerability analysis and intrusion detection systems assessment.

Degree: Docteur es, Informatique, 2012, Toulouse, INSA

URL: http://www.theses.fr/2012ISAT0031

►

Avec le développement croissant d’Internet, les applications Web sont devenues de plus en plus vulnérables et exposées à des attaques malveillantes pouvant porter atteinte à… (more)

▼

Avec le développement croissant d’Internet, les applications Web sont devenues de plus en plus vulnérables et exposées à des attaques malveillantes pouvant porter atteinte à des propriétés essentielles telles que la confidentialité, l’intégrité ou la disponibilité des systèmes d’information. Pour faire face à ces malveillances, il est nécessaire de développer des mécanismes de protection et de test (pare-feu, système de détection d’intrusion, scanner Web, etc.) qui soient efficaces. La question qui se pose est comment évaluer l’efficacité de tels mécanismes et quels moyens peut-on mettre en oeuvre pour analyser leur capacité à détecter correctement des attaques contre les applications web.Dans cette thèse nous proposons une nouvelle méthode, basée sur des techniques de clustering de pages Web, qui permet d’identifier les vulnérabilités à partir de l’analyse selon une approche boîte noire de l’application cible. Chaque vulnérabilité identifiée est réellement exploitée ce qui permet de s’assurer que la vulnérabilité identifiée ne correspond pas à un faux positif. L’approche proposée permet également de mettre en évidence différents scénarios d’attaque potentiels incluant l’exploitation de plusieurs vulnérabilités successives en tenant compte explicitement des dépendances entre les vulnérabilités.Nous nous sommes intéressés plus particulièrement aux vulnérabilités de type injection de code, par exemple les injections SQL. Cette méthode s’est concrétisée par la mise en oeuvre d’un nouveau scanner de vulnérabilités et a été validée expérimentalement sur plusieurs exemples d’applications vulnérables. Nous avons aussi développé une plateforme expérimentale intégrant le nouveau scanner de vulnérabilités, qui est destinée à évaluer l’efficacité de systèmes de détection d’intrusions pour des applications Web dans un contexte qui soit représentatif des menaces auxquelles ces applications seront confrontées en opération. Cette plateforme intègre plusieurs outils qui ont été conçus pour automatiser le plus possible les campagnes d’évaluation. Cette plateforme a été utilisée en particulier pour évaluer deux techniques de détection d’intrusions développées par nos partenaires dans le cadre d’un projet de coopération financé par l’ANR, le projet DALI.

With the increasing development of Internet, Web applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties such as confidentiality, integrity or availability of information systems. To cope with these threats, it is necessary to develop efficient security protection mechanisms and testing techniques (firewall, intrusion detection system,Web scanner, etc..). The question that arises is how to evaluate the effectiveness of such mechanisms and what means can be implemented to analyze their ability to correctly detect attacks against Webapplications.This thesis presents a new methodology, based on web pages clustering, that is aimed at identifying the vulnerabilities of a Web application following a black box analysis of the…

Advisors/Committee Members: Kaâniche, Mohamed (thesis director), Nicomette, Vincent (thesis director).

Subjects/Keywords: Système de détection d’intrusions; Scanner Web; Application Web; Attaque et vulnérabilités; Évaluation; Web vulnerability scanners; Web applications; Web attacks; Vulnerabilities; Evaluation; Ntrusion detection System; 005

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Akrout, R. (2012). Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web. : Web applications vulnerability analysis and intrusion detection systems assessment. (Doctoral Dissertation). Toulouse, INSA. Retrieved from http://www.theses.fr/2012ISAT0031

Chicago Manual of Style (16^th Edition):

Akrout, Rim. “Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web. : Web applications vulnerability analysis and intrusion detection systems assessment.” 2012. Doctoral Dissertation, Toulouse, INSA. Accessed January 24, 2021. http://www.theses.fr/2012ISAT0031.

MLA Handbook (7^th Edition):

Akrout, Rim. “Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web. : Web applications vulnerability analysis and intrusion detection systems assessment.” 2012. Web. 24 Jan 2021.

Vancouver:

Akrout R. Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web. : Web applications vulnerability analysis and intrusion detection systems assessment. [Internet] [Doctoral dissertation]. Toulouse, INSA; 2012. [cited 2021 Jan 24]. Available from: http://www.theses.fr/2012ISAT0031.

Council of Science Editors:

Akrout R. Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web. : Web applications vulnerability analysis and intrusion detection systems assessment. [Doctoral Dissertation]. Toulouse, INSA; 2012. Available from: http://www.theses.fr/2012ISAT0031

Université du Luxembourg

23. Thome, Julian. A Scalable and Accurate Hybrid Vulnerability Analysis Framework.

Degree: 2018, Université du Luxembourg

URL: http://orbilu.uni.lu/handle/10993/35504

► As the Internet has become an integral part of our everyday life for activities such as e-mail, online-banking, shopping, entertainment, etc., vulnerabilities in Web software… (more)

Subjects/Keywords: vulnerability detection; string constraint solving; security auditing; static analysis; search-based software engineering; Engineering, computing & technology :: Computer science [C05]; Ingénierie, informatique & technologie :: Sciences informatiques [C05]

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Thome, J. (2018). A Scalable and Accurate Hybrid Vulnerability Analysis Framework. (Doctoral Dissertation). Université du Luxembourg. Retrieved from http://orbilu.uni.lu/handle/10993/35504

Chicago Manual of Style (16^th Edition):

Thome, Julian. “A Scalable and Accurate Hybrid Vulnerability Analysis Framework.” 2018. Doctoral Dissertation, Université du Luxembourg. Accessed January 24, 2021. http://orbilu.uni.lu/handle/10993/35504.

MLA Handbook (7^th Edition):

Thome, Julian. “A Scalable and Accurate Hybrid Vulnerability Analysis Framework.” 2018. Web. 24 Jan 2021.

Vancouver:

Thome J. A Scalable and Accurate Hybrid Vulnerability Analysis Framework. [Internet] [Doctoral dissertation]. Université du Luxembourg; 2018. [cited 2021 Jan 24]. Available from: http://orbilu.uni.lu/handle/10993/35504.

Council of Science Editors:

Thome J. A Scalable and Accurate Hybrid Vulnerability Analysis Framework. [Doctoral Dissertation]. Université du Luxembourg; 2018. Available from: http://orbilu.uni.lu/handle/10993/35504

University of Washington

24. Ogunnaike, Ruth Motunrayo. VULNERABILITY DETECTION AND RESOLUTION IN INTERNET OF THINGS (IoT) DEVICES.

Degree: 2017, University of Washington

URL: http://hdl.handle.net/1773/39894

► The use of Internet of Things (IoT) devices has grown significantly in the past decade. While IoT is expected to improve life for many by… (more)

Subjects/Keywords: Internet of Things (IoT); IoT Security; OpenFlow; Software Defined Networking(SDN); Vulnerability Detection and Resolution; Computer science; Information technology; Computer engineering; Computer and software systems

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Ogunnaike, R. M. (2017). VULNERABILITY DETECTION AND RESOLUTION IN INTERNET OF THINGS (IoT) DEVICES. (Thesis). University of Washington. Retrieved from http://hdl.handle.net/1773/39894

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Ogunnaike, Ruth Motunrayo. “VULNERABILITY DETECTION AND RESOLUTION IN INTERNET OF THINGS (IoT) DEVICES.” 2017. Thesis, University of Washington. Accessed January 24, 2021. http://hdl.handle.net/1773/39894.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Ogunnaike, Ruth Motunrayo. “VULNERABILITY DETECTION AND RESOLUTION IN INTERNET OF THINGS (IoT) DEVICES.” 2017. Web. 24 Jan 2021.

Vancouver:

Ogunnaike RM. VULNERABILITY DETECTION AND RESOLUTION IN INTERNET OF THINGS (IoT) DEVICES. [Internet] [Thesis]. University of Washington; 2017. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/1773/39894.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Ogunnaike RM. VULNERABILITY DETECTION AND RESOLUTION IN INTERNET OF THINGS (IoT) DEVICES. [Thesis]. University of Washington; 2017. Available from: http://hdl.handle.net/1773/39894

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Western Ontario

25. Ning, Xirong. Analysis, Design and Demonstration of Control Systems Against Insider Attacks in Cyber-Physical Systems.

Degree: 2019, University of Western Ontario

URL: https://ir.lib.uwo.ca/etd/6248

► This dissertation aims to address the security issues of insider cyber-physical attacks and provide a defense-in-depth attack-resilient control system approach for cyber-physical systems. Firstly, security… (more)

▼ This dissertation aims to address the security issues of insider cyber-physical attacks and provide a defense-in-depth attack-resilient control system approach for cyber-physical systems. Firstly, security analysis for cyber-physical systems is investigated to identify potential risks and potential security enhancements. Vulnerabilities of the system and existing security solutions, including attack prevention, attack detection and attack mitigation strategies are analyzed. Subsequently, a methodology to analyze and mathematically characterize insider attacks is developed. An attack pattern is introduced to represent key features in an insider cyber-physical attack, which includes attack goals, resources, constraints, modes, as well as probable attack paths. Patterns for such attacks are analyzed for different attack stages. Impacts and consequences of these attacks are analyzed by using an attack tree. Stealthy conditions of insider attacks are identified through temporal and spatial analysis, respectively. On the defense side, a cross-layered detection scheme is developed to reveal stealthy insider attacks, and an attack-resilient control scheme is proposed to mitigate impacts of these attacks. The detection scheme includes a hierarchical approach by incorporating different detection methods in multiple layers to provide a defense-in-depth detection against the attacks. A model-based anomaly detection method is used to uncover the anomalies caused by temporal stealthy attacks, while a data-driven clustering detection method is used to recognized anomalies induced by spatial stealthy attacks. The attack-resilient control scheme consists of a decision logic and multiple attack-resilient controllers. The decision logic responds to the anomalies identified by the detection scheme and subsequently switches to suitable controllers. These controllers are designed to respond to these attacks and mitigate or minimize their impacts. To validate the above methodologies, a general guideline for designing an experimental security assessment platform has been developed in this dissertation. Furthermore, a modular approach is proposed to design and implement a platform to simulate various insider attacks and to evaluate corresponding defense mechanisms on a cyber-physical system. The designed platform has been implemented on a physical component based dynamic system simulator, known as Nuclear Process Control Test Facility (NPCTF). The proposed vulnerability assessment and security enhancement techniques have been validated under different insider attacker scenarios.

Subjects/Keywords: cyber-physical system security; vulnerability analysis; insider attacks; cross-layered detection; attack-resilient control; security assessment platform; Controls and Control Theory; Systems and Communications

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Ning, X. (2019). Analysis, Design and Demonstration of Control Systems Against Insider Attacks in Cyber-Physical Systems. (Thesis). University of Western Ontario. Retrieved from https://ir.lib.uwo.ca/etd/6248

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Ning, Xirong. “Analysis, Design and Demonstration of Control Systems Against Insider Attacks in Cyber-Physical Systems.” 2019. Thesis, University of Western Ontario. Accessed January 24, 2021. https://ir.lib.uwo.ca/etd/6248.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Ning, Xirong. “Analysis, Design and Demonstration of Control Systems Against Insider Attacks in Cyber-Physical Systems.” 2019. Web. 24 Jan 2021.

Vancouver:

Ning X. Analysis, Design and Demonstration of Control Systems Against Insider Attacks in Cyber-Physical Systems. [Internet] [Thesis]. University of Western Ontario; 2019. [cited 2021 Jan 24]. Available from: https://ir.lib.uwo.ca/etd/6248.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Ning X. Analysis, Design and Demonstration of Control Systems Against Insider Attacks in Cyber-Physical Systems. [Thesis]. University of Western Ontario; 2019. Available from: https://ir.lib.uwo.ca/etd/6248

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Georgia Tech

26. Duan, Ruian. Toward solving the security risks of open-source software use.

Degree: PhD, Computer Science, 2019, Georgia Tech

URL: http://hdl.handle.net/1853/62316

► Open-source software (OSS) has been widely adopted in all layers of the software stack, from operating systems to web servers and mobile apps. Despite their… (more)

▼ Open-source software (OSS) has been widely adopted in all layers of the software stack, from operating systems to web servers and mobile apps. Despite their myriad benefits, careless use of OSS can introduce significant legal and security risks, which if ignored not only jeopardize the security and privacy of end users but also cause developers and enterprises high financial loss. On one hand, use of OSS implicitly binds the developer to the associated licensing terms protected under copyright laws, which could have legal ramifications if violated. Just recently, Cisco and VMWare were involved in legal disputes for failing to comply with the licensing terms of the Linux kernel. On the other hand, software that reuses OSS also inherits their flaws, which could be exploited if not timely fixed. For example, the record-breaking security breach of Equifax originated from failure to patch a disclosed vulnerability in the open-source Apache Struts framework. Moreover, attackers are actively injecting malware into the open-source ecosystem, which abuses OSS reuse to amplify their effects. For example, eslint-scope, a package with millions of downloads in Npm, was compromised to steal credentials from developers. In this thesis, we aim to provide solutions to those risks posed by OSS misuse. First, we present a scalable OSS detection system (OSSPolice) that accurately detects OSS included in binary programs and checks for illegal misuse and n-day vulnerabilities in those OSS versions. OSSPolice was used to compare 1.6M apps against 140K OSS versions and identified over 40K potential GPL/AGPL license violators and over 100K apps using known vulnerable OSS. Once vulnerabilities have been identified, my next work (OSSPatcher) provides an automated patching system that fixes vulnerable OSS versions in app binaries using publicly available source patches. OSSPatcher is based upon variability-aware techniques which make patch feasibility analysis and, more importantly, source-code-to-binary-code matching possible. Third, we present a study (MalOSS) on recent supply chain attacks against the open-source ecosystem, where hundreds of malware have sneaked into package managers, and have been downloaded millions of times. We propose a comparative framework to understand the attacks and the misplaced trust that makes them possible, and a vetting pipeline to detect malware in package managers. MalOSS reported 339 malware to package manager maintainers, out of which, 278 (82 percent) have been confirmed and removed and 3 with more than 100K downloads have been assigned CVEs. Advisors/Committee Members: Lee, Wenke (advisor), Saltaformaggio, Brendan D. (advisor), Ahamad, Mustaque (committee member), Keromytis, Angelos D. (committee member), Boldyreva, Alexandra (committee member).

Subjects/Keywords: Open source software; Application security; License violation; Code clone detection; Known vulnerability; Patching; Supply chain attack; Package manager; Web security; Runtime protection; Runtime isolation

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Duan, R. (2019). Toward solving the security risks of open-source software use. (Doctoral Dissertation). Georgia Tech. Retrieved from http://hdl.handle.net/1853/62316

Chicago Manual of Style (16^th Edition):

Duan, Ruian. “Toward solving the security risks of open-source software use.” 2019. Doctoral Dissertation, Georgia Tech. Accessed January 24, 2021. http://hdl.handle.net/1853/62316.

MLA Handbook (7^th Edition):

Duan, Ruian. “Toward solving the security risks of open-source software use.” 2019. Web. 24 Jan 2021.

Vancouver:

Duan R. Toward solving the security risks of open-source software use. [Internet] [Doctoral dissertation]. Georgia Tech; 2019. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/1853/62316.

Council of Science Editors:

Duan R. Toward solving the security risks of open-source software use. [Doctoral Dissertation]. Georgia Tech; 2019. Available from: http://hdl.handle.net/1853/62316

Virginia Tech

27. Shelly, David Andrew. Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners.

Degree: MS, Electrical and Computer Engineering, 2010, Virginia Tech

URL: http://hdl.handle.net/10919/34464

► The threat of cyber attacks due to improper security is a real and evolving danger. Corporate and personal data is breached and lost because of… (more)

Subjects/Keywords: Vulnerability Detection; Web Application Scanners; Web Application Security; Black Box Testing

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Shelly, D. A. (2010). Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners. (Masters Thesis). Virginia Tech. Retrieved from http://hdl.handle.net/10919/34464

Chicago Manual of Style (16^th Edition):

Shelly, David Andrew. “Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners.” 2010. Masters Thesis, Virginia Tech. Accessed January 24, 2021. http://hdl.handle.net/10919/34464.

MLA Handbook (7^th Edition):

Shelly, David Andrew. “Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners.” 2010. Web. 24 Jan 2021.

Vancouver:

Shelly DA. Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners. [Internet] [Masters thesis]. Virginia Tech; 2010. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/10919/34464.

Council of Science Editors:

Shelly DA. Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners. [Masters Thesis]. Virginia Tech; 2010. Available from: http://hdl.handle.net/10919/34464

28. -2178-1988. Program analysis techniques for algorithmic complexity and relational properties.

Degree: PhD, Computer Science, 2019, University of Texas – Austin

URL: http://dx.doi.org/10.26153/tsw/2181

► Analyzing standard safety properties of a given program has traditionally been the primary focus of the program analysis community. Unfortunately, there are still many interesting… (more)

Subjects/Keywords: Complexity testing; Optimal program synthesis; Fuzzing; Genetic programming; Performance bug; Vulnerability detection; Side channel; Static analysis; Relational verification; Reinforcement learning; Policy gradient

10 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

-2178-1988. (2019). Program analysis techniques for algorithmic complexity and relational properties. (Doctoral Dissertation). University of Texas – Austin. Retrieved from http://dx.doi.org/10.26153/tsw/2181

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

Chicago Manual of Style (16^th Edition):

-2178-1988. “Program analysis techniques for algorithmic complexity and relational properties.” 2019. Doctoral Dissertation, University of Texas – Austin. Accessed January 24, 2021. http://dx.doi.org/10.26153/tsw/2181.

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

MLA Handbook (7^th Edition):

-2178-1988. “Program analysis techniques for algorithmic complexity and relational properties.” 2019. Web. 24 Jan 2021.

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

Vancouver:

-2178-1988. Program analysis techniques for algorithmic complexity and relational properties. [Internet] [Doctoral dissertation]. University of Texas – Austin; 2019. [cited 2021 Jan 24]. Available from: http://dx.doi.org/10.26153/tsw/2181.

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

Council of Science Editors:

-2178-1988. Program analysis techniques for algorithmic complexity and relational properties. [Doctoral Dissertation]. University of Texas – Austin; 2019. Available from: http://dx.doi.org/10.26153/tsw/2181

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

Delft University of Technology

29. Pan, K. Towards Cyber-secure Intelligent Electrical Power Grids: Vulnerability Analysis and Attack Detection.

Degree: 2020, Delft University of Technology

URL: http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; 4b4f9f96-237e-421b-82f4-97b1393ae507 ; 10.4233/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:isbn:978-94-028-1975-5 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507

► The digital transformation of power systems has introduced a new challenge for robustness: cyber security threats. Motivated by the feasibility of a potent attack (e.g.,… (more)

Subjects/Keywords: combined attacks; disruptive multivariate intrusions; vulnerability assessment; cyber risk analysis; robust attack detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Pan, K. (2020). Towards Cyber-secure Intelligent Electrical Power Grids: Vulnerability Analysis and Attack Detection. (Doctoral Dissertation). Delft University of Technology. Retrieved from http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; 4b4f9f96-237e-421b-82f4-97b1393ae507 ; 10.4233/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:isbn:978-94-028-1975-5 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507

Chicago Manual of Style (16^th Edition):

Pan, K. “Towards Cyber-secure Intelligent Electrical Power Grids: Vulnerability Analysis and Attack Detection.” 2020. Doctoral Dissertation, Delft University of Technology. Accessed January 24, 2021. http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; 4b4f9f96-237e-421b-82f4-97b1393ae507 ; 10.4233/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:isbn:978-94-028-1975-5 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507.

MLA Handbook (7^th Edition):

Pan, K. “Towards Cyber-secure Intelligent Electrical Power Grids: Vulnerability Analysis and Attack Detection.” 2020. Web. 24 Jan 2021.

Vancouver:

Pan K. Towards Cyber-secure Intelligent Electrical Power Grids: Vulnerability Analysis and Attack Detection. [Internet] [Doctoral dissertation]. Delft University of Technology; 2020. [cited 2021 Jan 24]. Available from: http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; 4b4f9f96-237e-421b-82f4-97b1393ae507 ; 10.4233/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:isbn:978-94-028-1975-5 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507.

Council of Science Editors:

Pan K. Towards Cyber-secure Intelligent Electrical Power Grids: Vulnerability Analysis and Attack Detection. [Doctoral Dissertation]. Delft University of Technology; 2020. Available from: http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; 4b4f9f96-237e-421b-82f4-97b1393ae507 ; 10.4233/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; urn:isbn:978-94-028-1975-5 ; urn:NBN:nl:ui:24-uuid:4b4f9f96-237e-421b-82f4-97b1393ae507 ; http://resolver.tudelft.nl/uuid:4b4f9f96-237e-421b-82f4-97b1393ae507

30. Jia, Yunhan. Program Analysis Based Approaches to Ensure Security and Safety of Emerging Software Platforms.

Degree: PhD, Computer Science & Engineering, 2018, University of Michigan

URL: http://hdl.handle.net/2027.42/145845

► Our smartphones, homes, hospitals, and automobiles are being enhanced with software that provide an unprecedentedly rich set of functionalities, which has created an enormous market… (more)

▼ Our smartphones, homes, hospitals, and automobiles are being enhanced with software that provide an unprecedentedly rich set of functionalities, which has created an enormous market for the development of software that run on almost every personal computing devices in a person's daily life, including security- and safety-critical ones. However, the software development support provided by the emerging platforms also raises security risks by allowing untrusted third-party code, which can potentially be buggy, vulnerable or even malicious to control user's device. Moreover, as the Internet-of-Things (IoT) technology is gaining vast adoptions by a wide range of industries, and is penetrating every aspects of people's life, safety risks brought by the open software development support of the emerging IoT platform (e.g., smart home) could bring more severe threat to the well-being of customers than what security vulnerabilities in mobile apps have done to a cell phone user. To address this challenge posed on the software security in emerging domains, my dissertation focuses on the flaws, vulnerabilities and malice in the software developed for platforms in these domains. Specifically, we demonstrate that systematic program analyses of software (1) Lead to an understanding of design and implementation flaws across different platforms that can be leveraged in miscellaneous attacks or causing safety problems; (2) Lead to the development of security mechanisms that limit the potential for these threats.We contribute static and dynamic program analysis techniques for three modern platforms in emerging domains – smartphone, smart home, and autonomous vehicle. Our app analysis reveals various different vulnerabilities and design flaws on these platforms, and we propose (1) static analysis tool OPAnalyzer to automates the discovery of problems by searching for vulnerable code patterns; (2) dynamic testing tool AutoFuzzer to efficiently produce and capture domain specific issues that are previously undefined; and (3) propose new access control mechanism ContexIoT to strengthen the platform's immunity to the vulnerability and malice in third-party software. Concretely, we first study a vulnerability family caused by the open ports on mobile devices, which allows remote exploitation due to insufficient protection. We devise a tool called OPAnalyzer to perform the first systematic study of open port usage and their security implications on mobile platform, which effectively identify and characterize vulnerable open port usage at scale in popular Android apps. We further identify the lack of context-based access control as a main enabler for such attacks, and begin to seek for defense solution to strengthen the system security. We study the popular smart home platform, and find the existing access control mechanisms to be coarse-grand, insufficient, and undemanding. Taking lessons from previous permission systems, we propose the ContexIoT approach, a context-based permission system for IoT platform that supports third-party app… Advisors/Committee Members: Mao, Z Morley (committee member), Schaub, Florian (committee member), Prakash, Atul (committee member), Qian, Zhiyun (committee member).

Subjects/Keywords: Program analysis; Vulnerability detection; Software quality assurance; Malware detection; Internet of Things; Application security; Computer Science; Engineering

…potential vulnerability. V1 :sensitive data leakage, V2 : privileged remote execution, V3 : DoS… …x28;ContexIoT) to strengthen the platform’s immunity to the vulnerability and malice in… …third-party software. Concretely, we first study a vulnerability family caused by the open… …app development, which protects the user from vulnerability and malice in these apps through… …vulnerability embedded in its 4G/LTE modem, whose compromise would put the vehicle in a situation…

10 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Jia, Y. (2018). Program Analysis Based Approaches to Ensure Security and Safety of Emerging Software Platforms. (Doctoral Dissertation). University of Michigan. Retrieved from http://hdl.handle.net/2027.42/145845

Chicago Manual of Style (16^th Edition):

Jia, Yunhan. “Program Analysis Based Approaches to Ensure Security and Safety of Emerging Software Platforms.” 2018. Doctoral Dissertation, University of Michigan. Accessed January 24, 2021. http://hdl.handle.net/2027.42/145845.

MLA Handbook (7^th Edition):

Jia, Yunhan. “Program Analysis Based Approaches to Ensure Security and Safety of Emerging Software Platforms.” 2018. Web. 24 Jan 2021.

Vancouver:

Jia Y. Program Analysis Based Approaches to Ensure Security and Safety of Emerging Software Platforms. [Internet] [Doctoral dissertation]. University of Michigan; 2018. [cited 2021 Jan 24]. Available from: http://hdl.handle.net/2027.42/145845.

Council of Science Editors:

Jia Y. Program Analysis Based Approaches to Ensure Security and Safety of Emerging Software Platforms. [Doctoral Dissertation]. University of Michigan; 2018. Available from: http://hdl.handle.net/2027.42/145845

Open Access Theses and Dissertations