Aiman Hanna

Security Design Patterns: Survey and Evaluation

Security design patterns have been proposed recently as a tool for the improvement of software security during the architecture and design phases. Since the appearance of this research topic in 1997, several catalogs have emerged, and the security pattern community has produced significant contributions, with many related to design. In this paper, we survey major contributions in the state of the art in the field of security design patterns and assess their quality in the context of an established classification. From our results, we determined a classification of inappropriate pattern qualities. Using a six sigma approach, we propose a set of desirable properties that would prevent flaws in new design patterns, as well as a template for expressing them

Team Edit Automata for Testing Security Property

This paper introduces a mathematical model, called team edit automata, for evaluating software security properties. We use the model to describe security properties and their correlation in the software programs. The component automata can suppress and insert actions and report possible flaws. They are used to specify individual security properties. The team is composed of multiple component automata interacting through shared actions. It models the situation where some program events are concerned by multiple security properties jointly. The paper concludes by a case study of detecting memory management and pointer manipulation flaws in C/C++ programs.

A Synergy between Static and Dynamic Analysis for the Detection of Software Security Vulnerabilities

The main contribution of this paper is a framework for security testing. The key components of this framework are twofold: First, a static analyzer that automatically identifies suspicious sites of security vulnerabilities in a control flow graph. Second, a test-data generator. The intent is to attempt proving/disproving whether, or not, the suspicious sites are actual vulnerabilities. The paper introduces the static-dynamic hybrid vulnerability detection system, a system that targets the automation of security vulnerability detection in software. The system combines the detection powers of both static and dynamic analysis. Various components compose this model, namely Static Vulnerability Revealer, Goal-Path-oriented System, and Dynamic Vulnerability Detector.

AOP Extension for Security Testing of Programs

The purpose of this paper is to use the aspect-oriented programming (AOP) paradigm for security testing. AOP allows security experts to develop and inject separate modules for conducting security testing on the applications independent of their business logic. After an appropriateness analysis of the mostly used approaches for AOP, we retain the pointcut-advice model. The pointcut-advice model is significantly better than the other approaches for security testing. However, the current set of pointcuts is insufficient for the purpose of security testing and needs to be extended with new pointcuts

BINARM: Scalable and Efficient Detection of Vulnerabilities in Firmware Images of Intelligent Electronic Devices

There is a widespread adoption of intelligent electronic devices (IEDs) in modern-day smart grid deployments. Consequently, any vulnerabilities in IED firmware might greatly affect the security and functionality of the smart grid. Although general-purpose techniques exist for vulnerability detection in firmware, they usually cannot meet the specific needs, e.g., they lack the domain knowledge specific to IED vulnerabilities, and they are often not efficient enough for handling larger firmware of IEDs. In this paper, we present BinArm, a scalable approach to detecting vulnerable functions in smart grid IED firmware mainly based on the ARM architecture. To this end, we build comprehensive databases of vulnerabilities and firmware that are both specific to smart grid IEDs. Then, we propose a multi-stage detection engine to minimize the computational cost of function matching and to address the scalability issue in handling large IED firmware. Specifically, the proposed engine takes a coarse-to-fine grained multi-stage function matching approach by (i) first filtering out dissimilar functions based on a group of heterogeneous features; (ii) further filtering out dissimilar functions based on their execution paths; and (iii) finally identifying candidate functions based on fuzzy graph matching. Our experiments show that BinArm accurately identifies vulnerable functions with an average accuracy of 0.92. The experimental results also show that our detection engine can speed up the existing fuzzy matching approach by three orders of magnitude. Finally, as a practical framework, BinArm successfully detects 93 real-world CVE vulnerability entries, the majority of which have been confirmed, and the detection takes as little as 0.09 s per function on average.

BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables

Binary code fingerprinting is a challenging problem that requires an in-depth analysis of binary components for deriving identifiable signatures. Fingerprints are useful in automating reverse engineering tasks including clone detection, library identification, authorship attribution, cyber forensics, patch analysis, malware clustering, binary auditing, etc. In this paper, we present BinSign, a binary function fingerprinting framework. The main objective of BinSign is providing an accurate and scalable solution to binary code fingerprinting by computing and matching structural and syntactic code profiles for disassemblies. We describe our methodology and evaluate its performance in several use cases, including function reuse, malware analysis, and indexing scalability. Additionally, we emphasize the scalability aspect of BinSign. We perform experiments on a database of 6 million functions. The indexing process requires an average time of 0.0072 s per function. We find that BinSign achieves higher accuracy compared to existing tools.

Security Evaluation and Hardening of Free and Open Source Software (FOSS)

Recently, Free and Open Source Software (FOSS) has emerged as an alternative to Commercial-Off- The-Shelf (COTS) software. Now, FOSS is perceived as a viable long-term solution that deserves careful consideration because of its potential for significant cost savings, improved reliability, and numerous advantages over proprietary software. However, the secure integration of FOSS in IT infrastructures is very challenging and demanding. Methodologies and technical policies must be adapted to reliably compose large FOSS-based software systems. A DRDC Valcartier-Concordia University feasibility study completed in March 2004 concluded that the most promising approach for securing FOSS is to combine advanced design patterns and Aspect-Oriented Programming (AOP). Following the recommendations of this study a three years project have been conducted as a collaboration between Concordia University, DRDC Valcartier, and Bell Canada. This paper aims at presenting the main contributions of this project. It consists of a practical framework with the underlying solid semantic foundations for the security evaluation and hardening of FOSS.

Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)

In this paper, we present a joint approach to automate software security testing using two approaches, namely team edit automata (TEA), and the security chaining approach. Team edit automata is used to formally specify the security properties to be tested. It also composes the monitoring engine of the vulnerability detection process. The security chaining approach is used to generate test-data for the purpose of proving that a vulnerability is not only present in the software being tested but it is also exploitable. The combined approach provides elements of a solution towards the automation of security testing of software.

Towards Automation of Testing High-Level Security Properties

Many security problems only become apparent after software is deployed, and in many cases a failure has occurred prior to the awareness of the problem. Although many would argue that the simpler solution to the problem would be to test the software before deploying it. Although we support this argument, we understand that it is not necessarily applicable in a modern development environment. Software testing is labor intensive and is very expensive from a time and cost perspective. While much research has been undertake to automate software testing, very little has been directed at security testing. Additionally, the majority of these efforts have targeted low-level security (safety) instead of high-level security. In this paper, we present elements of a solution towards automation of testing security properties and for the generation of test data suites for detecting security vulnerabilities in software.

On Leveraging Coding Habits for Effective Binary Authorship Attribution

We propose BinAuthor, a novel and the first compiler-agnostic method for identifying the authors of program binaries. Having filtered out unrelated functions (compiler and library) to detect user-related functions, it converts user-related functions into a canonical form to eliminate compiler/compilation effects. Then, it leverages a set of features based on collections of authors’ choices made during coding. These features capture an author’s coding habits. Our evaluation demonstrated that BinAuthor outperforms existing methods in several respects. First, when tested on large datasets extracted from selected open-source C/C++ projects in GitHub, Google Code Jam events, and Planet Source Code contests, it successfully attributed a larger number of authors with a significantly higher accuracy: around \(90\%\) when the number of authors is 1000. Second, when the code was subjected to refactoring techniques, code transformation, or processing using different compilers or compilation settings, there was no significant drop in accuracy, indicating that BinAuthor is more robust than previous methods.