Anup K. Ghosh

Software security and privacy risks in mobile e-commerce

Most current e-commerce transactions are conducted by users in fixed locations using workstations and personal computers. Soon, we expect a significant portion of e-commerce will take place via wireless, Internet-enabled devices such as cellular phones and personal digital assistants. Wireless devices provide users mobility to research, communicate, and purchase goods and services from anywhere at anytime without being tethered to the desktop. Using the Internet from wireless devices has come to be known as mobile e-commerce, or simply “m-commerce,” and encompasses many more activities than merely online purchasing. One of the major wireless applications is Web access for retrieval of real-time information such as weather reports, sport scores, flight and reservation information, navigational maps, and stock quotes. While email will continue to dominate wireless applications, innovative online applications that, for instance, use location reference information of end users will drive new areas of mobile e-business growth. Strategy Analytics, among other market research groups, predicts that by 2004 there will be over one TE R Y M IU R A

Detecting anomalous and unknown intrusions against programs

The ubiquity of the Internet connection to desktops has been both a boon to business as well as a cause for concern for the security of digital assets that may be unknowingly exposed. Firewalls have been the most commonly deployed solution to secure corporate assets against intrusions, but firewalls are vulnerable to errors in configuration, ambiguous security policies, data-driven attacks through allowed services, and insider attacks. The failure of firewalls to adequately protect digital assets from computer-based attacks has been a boon to commercial intrusion detection tools. Two general approaches to detecting computer security intrusions in real time are misuse detection and anomaly detection. Misuse detection attempts to detect known attacks against computer systems. Anomaly detection uses knowledge of users normal behavior to detect attempted attacks. The primary advantage of anomaly detection over misuse detection methods is the ability to detect novel and unknown intrusions. This paper presents a study in employing neural networks to detect the existence of anomalous and unknown intrusions against a software system using the anomaly detection approach.

Simple, state-based approaches to program-based anomaly detection

This article describes variants of two state-based intrusion detection algorithms from Michael and Ghosh [2000] and Ghosh et al. [2000], and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other two monitor statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, and they are compared to the well-known intrusion detection technique of looking for novel n-grams in computer audit data.

Testing the robustness of Windows NT software

To date, most studies on the robustness of operating system software have focused on Unix based systems. The paper develops a methodology and architecture for performing intelligent black box analysis of software that runs on the Windows NT platform. The goals of the research are three fold: first, to develop intelligent robustness testing techniques for commercial Off-The-Shelf (COTS) software; second, to benchmark the robustness of NT software in handling anomalous events; and finally, to identify robustness gaps to permit fortification for fault tolerance. The random and intelligent data design library environment (RIDDLE) is a tool for analyzing operating system software, system utilities, desktop applications, component based software, and network services. RIDDLE was used to assess the robustness of native Windows NT system utilities as well as Win32 ports of the GNU utilities. Experimental results comparing the relative performance of the ported utilities versus the native utilities are presented.

Building software securely from the ground up

0 7 4 0 7 4 5 9 / 0 2 /

An approach to testing COTS software for robustness to operating system exceptions and errors

1 7 . 0 0

Wrapping windows NT software for robustness

One of the least tested but most critical portions of software systems is error and exception handling. Error/exception handling routines are the safety net for any system to handle unexpected circumstances such as when operating system (OS) or hardware failures occur. As more critical systems are developed from commercial off the shelf (COTS) software, the robustness of these applications to operating system failures, and in general, to failures from third party software, becomes increasingly critical. We present an approach and tool for assessing the robustness of COTS applications to failures from OS functions or other third-party COTS software. The approach consists of wrapping executable application software with an instrumentation layer that can capture, record, perturb, and question all interactions with the operating system. The wrapper is used to return error codes and exceptions from calls to operating system functions. The effect of the failure from the OS call is then assessed. If the application crashes under these anomalous conditions, the application is determined to be non-robust to a particular failing OS call. A failure simulation tool has been developed for testing the robustness of Win32 applications to these types of anomalous OS conditions.

Techniques for evaluating the robustness of Windows NT software

As Windows NT workstations become more entrenched in enterprise-critical and even mission-critical applications, the dependability of the Windows 32-bit (Win32) platform is becoming critical. To date, studies on the robustness of system software have focused on Unix-based systems. This paper describes an approach to assessing the robustness for Win32 software and providing robustness wrappers for third party commercial off-the-shelf (COTS) software. The robustness of Win32 applications to failing operating system (OS) functions is assessed by using fault injection techniques at the interface between the application and the operating system. Finally, software wrappers are developed to handle OS failures gracefully in order to mitigate catastrophic application failures.

Reducing uncertainty about common-mode failures

Windows NT is rapidly becoming the platform of choice for organizations engaging in commerce, engineering, and research. The Windows NT operating system and its software are being relied upon for an increasing number of critical applications in both the military and civilian arenas. It is essential that software testing techniques are created that will enable the development of software that is capable of functioning in such roles, This paper presents two approaches that can be used to aid in the robustness testing of Windows NT software. The first approach uses a test data generator to analyze the robustness of Windows NT Dynamic Link Libraries. The second approach uses binary wrapping and fault injection techniques to study the effects of operating system failures on an application. A Failure Simulation Tool has been developed to this end.

On certifying mobile code for secure applications

Multi-version programming is employed in fault-tolerant computer systems in order to provide protection against common-mode failure in software. Multi-version programming involves building diverse software implementations of critical functions. The premise of building diverse versions is that the likelihood of a programming error in one version causing a failure in an identical manner as an error in another version is reduced. Skeptics of multi-version programming have correctly pointed out that common-mode failures between redundant diverse versions can reduce the return on investment in creating diverse versions. To date, other than using historical data from other projects, there has been no way to estimate the potential for a given multi-version programming system to suffer a common-mode failure. This paper presents an algorithm and software analysis prototype to reduce the uncertainty of whether software flaws in diverse versions can result in common-mode failure. The analysis uses software fault-injection techniques to subject one or more versions to anomalous behavior. From this, we can predict how the software will behave if real faults exist in the multiple versions.