Olgierd Stanislaw Pieczul

Collaborating as Normal: Detecting Systemic Anomalies in Your Partner

It is considered whether anomaly detection techniques might be used to determine potentially malicious behavior by service providers. Data mining techniques can be used to derive patterns of repeating behavior from logs of past interactions between service consumers and providers. Consumers may use these patterns to detect anomalous provider behavior, while providers may seek to adapt their behavior in ways that cannot be detected by the consumer. A challenge is deriving a behavioral model that is a sufficiently precise representation of the consumer-provider interactions. Behavioral norms, which model these patterns of behavior, are used to explore these issues in a on-line photograph sharing style service.

Discovering emergent norms in security logs

A model is presented that characterizes security logs as a collection of norms that reflect patterns of emergent behavior. An analysis technique for detecting behavioral norms based on these logs is described and evaluated. The application of behavioral norms is considered, including its use in system security evaluation and anomaly detection.

Runtime Detection of Zero-Day Vulnerability Exploits in Contemporary Software Systems

It is argued that runtime verification techniques can be used to identify unknown application security vulnerabilities that are a consequence of unexpected execution paths in software. A methodology is proposed that can be used to build a model of expected application execution paths during the software development cycle. This model is used at runtime to detect exploitation of unknown security vulnerabilities using anomaly detection style techniques. The approach is evaluated by considering its effectiveness in identifying 19 vulnerabilities across 26 versions of Apache Struts over a 5 year period.

Developer-centered security and the symmetry of ignorance

In contemporary software development anybody can become a developer, sharing, building and interacting with software components and services in a virtual free for all. In this environment, it is not feasible to expect these developers to be expert in every security detail of the software they use, and we discuss how difficult it can be to build secure software. In this respect, the practical challenges of the emerging paradigm of developer-centered security are explored, where developers would be required to consider security from the perspective of those other developers who use their software. We question whether current user-centered security techniques are adequate for this task and suggest that new thinking will be required. Two directions---symmetry of ignorance and security archaeology-are offered as a new way to consider this challenge.

The Evolution of a Security Control

The evolution of security defenses in a contemporary open-source software package is considered over a twelve year period. A qualitative analysis style study is conducted that systematically analyzes security advisories, codebase revisions and related discussions. A number of phenomena emerge from this analysis that provide insights into the process of managing code-level security defenses.

The Evolution of a Security Control or Why Do We Need More Qualitative Research of Software Vulnerabilties? (Transcript of Discussion)

Hi, my name is Olgierd Pieczul and this is a joint work with Simon Foley. Inspired by the theme of today’s workshop we decided to look at evolution of security controls and vulnerabilities.