More Like this

1. Hardware/Software Co-Design for Sensor Security

   https://doi.org/10.1109/MC.2023.3248779  

   Barua, Anomadarshi; Al Faruque, Mohammad Abdullah (May 2023, Computer)
2. Security Labs for Software Defined Networks in CloudLab

   https://doi.org/10.1145/3287324.3287538  

   Park, Younghee; Hu, Hongxin; Yuan, Xiaohong (January 2019, ACM Technical Symposium on Computer Science Education (SIGCSE))

   Software-Defined Networking (SDN) has been changing inflexible networks in software-based programmable networks for more flexibility, scalability, and visibility into networking. At the same time, it brings many new security challenges, but there are very few educational materials for students in learning about SDN security. In this workshop, we present our newly designed SDN security education materials, which can be used to meet the ever-increasing demand for high-quality cybersecurity professionals with expertise in SDN security. For effective hands-on learning, the security labs are designed in CloudLab, a free open cloud platform supported by NSF. Participants receive handouts describing security problems, lab instructions, techniques to use CloudLab, and worksheets for Q&A, which can be directly used for their networking classes at their home institutions. The workshop proceeds in three sessions in which we: present the way to use CloudLab and to understand SDN; practice in simulating three networking attacks in SDN on CloudLab; and discussion and critique in small groups for new SDN security labs. 

   more » « less
3. Mobile Software Security with Dynamic Analysis

   https://doi.org/10.1109/PRDC.2018.00039  

   Shahriar, Hossain; Qian, Kai; Talukder, Md Arabin; Lo, Dan; Patel, Nidhibahen (December 2018, Proc. of the 23rd IEEE Pacific Rim International Symposium on Dependable Computing (PRDC))

   The majority of malicious mobile attacks take advantage of vulnerabilities in mobile software (applications), such as sensitive data leakage, unsecured sensitive data storage, data transmission, and many others. Most of these vulnerabilities can be detected by analyzing the mobile software. In this paper, we describe a tainted dataflow approach to detect mobile software security vulnerability, particularly, SQL Injection. 

   more » « less
4. Evaluating Security of Executable Steganography for Digital Software Watermarking

   Mullins, J.; McDonald, J.T.; Mahoney, W.R.; Andel, T.R. (October 2020, 7th Annual Cybersecurity Symposium)

   Man-at-the-end (MATE) attacks against software programs are difficult to protect. Adversaries have complete access to the binary program and can run it under both static and dynamic analysis to find and break any software protection mechanisms put in place. Even though full-proof protection is not possible practically or theoretically, the goal of software protection should be to make it more difficult for an adversary to find program secrets by increasing either their monetary cost or time. Protection mechanisms must be easy to integrate into the software development lifecycle, or else they are of little to no use. In this paper, we evaluate the practical security of a watermarking technique known as Weaver, which is intended to support software watermarking based on a new transformation technique called executable steganography. Weaver allows hiding of identification marks directly into a program binary in a way that makes it difficult for an adversary to find and remove. We performed instruction frequency analysis on 106 programs from the GNU coreutils package to understand and define Weaver’s limitations and strengths as a watermarking technique. Our evaluation revealed that the initial prototype version of Weaver suffers from limitations in terms of standard benchmarks for steganography evaluation, such as its stealth. We found that this initial prototype of Weaver relied heavily on one type of instruction that does not frequently occur in standard programs, namely the mov instruction with an 8-byte immediate operand. Our instruction frequency analysis revealed a negative impact due to Weaver’s over-reliance on this mov instruction. 

   more » « less
5. Evaluating Security of Executable Steganography for Digital Software Watermarking

   Mullins, J.; McDonald, J.T.; Mahoney, W.R.; Andel, T.R. (October 2020, 7th Annual Cybersecurity Symposium)

   Man-at-the-end (MATE) attacks against software programs are difficult to protect. Adversaries have complete access to the binary program and can run it under both static and dynamic analysis to find and break any software protection mechanisms put in place. Even though full-proof protection is not possible practically or theoretically, the goal of software protection should be to make it more difficult for an adversary to find program secrets by increasing either their monetary cost or time. Protection mechanisms must be easy to integrate into the software development lifecycle, or else they are of little to no use. In this paper, we evaluate the practical security of a watermarking technique known as Weaver, which is intended to support software watermarking based on a new transformation technique called executable steganography. Weaver allows hiding of identification marks directly into a program binary in a way that makes it difficult for an adversary to find and remove. We performed instruction frequency analysis on 106 programs from the GNU coreutils package to understand and define Weaver’s limitations and strengths as a watermarking technique. Our evaluation revealed that the initial prototype version of Weaver suffers from limitations in terms of standard benchmarks for steganography evaluation, such as its stealth. We found that this initial prototype of Weaver relied heavily on one type of instruction that does not frequently occur in standard programs, namely the mov instruction with an 8-byte immediate operand. Our instruction frequency analysis revealed a negative impact due to Weaver’s over-reliance on this mov instruction. 

   more » « less