loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: George Stergiopoulos 1 ; Panagiotis Petsanas 1 ; Panagiotis Katsaros 2 and Dimitris Gritzalis 1

Affiliations: 1 Athens University of Economics & Business (AUEB), Greece ; 2 Aristotle University of Thessaloniki, Greece

ISBN: 978-989-758-117-5

Keyword(s): Code Exploits, Software Vulnerabilities, Source Code Classification, Fuzzy Logic, Tainted Object Propagation.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Secure Software Development Methodologies ; Security Engineering ; Security in Information Systems ; Software Security

Abstract: Recent advances in static and dynamic program analysis resulted in tools capable to detect various types of security bugs in the Applications under Test (AUT). However, any such analysis is designed for a priori specified types of bugs and it is characterized by some rate of false positives or even false negatives and certain scalability limitations. We present a new analysis and source code classification technique, and a prototype tool aiming to aid code reviews in the detection of general information flow dependent bugs. Our approach is based on classifying the criticality of likely exploits in the source code using two measuring functions, namely Severity and Vulnerability. For an AUT, we analyse every single pair of input vector and program sink in an execution path, which we call an Information Block (IB). A classification technique is introduced for quantifying the Severity (danger level) of an IB by static analysis and computation of its Entropy Loss. An IB’s Vulnerability is quantified using a tainted object propagation analysis along with a Fuzzy Logic system. Possible exploits are then characterized with respect to their Risk by combining the computed Severity and Vulnerability measurements through an aggregation operation over two fuzzy sets. An IB is characterized of a high risk, when both its Severity and Vulnerability rankings have been found to be above the low zone. In this case, a detected code exploit is reported by our prototype tool, called Entroine. The effectiveness of the approach has been tested by analysing 45 Java programs of NIST’s Juliet Test Suite, which implement 3 different common weakness exploits. All existing code exploits were detected without any false positive. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.210.22.132

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Stergiopoulos, G.; Petsanas, P.; Katsaros, P. and Gritzalis, D. (2015). Automated Exploit Detection using Path Profiling - The Disposition Should Matter, Not the Position.In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 100-111. DOI: 10.5220/0005561101000111

@conference{secrypt15,
author={George Stergiopoulos. and Panagiotis Petsanas. and Panagiotis Katsaros. and Dimitris Gritzalis.},
title={Automated Exploit Detection using Path Profiling - The Disposition Should Matter, Not the Position},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={100-111},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005561101000111},
isbn={978-989-758-117-5},
}

TY - CONF

JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Automated Exploit Detection using Path Profiling - The Disposition Should Matter, Not the Position
SN - 978-989-758-117-5
AU - Stergiopoulos, G.
AU - Petsanas, P.
AU - Katsaros, P.
AU - Gritzalis, D.
PY - 2015
SP - 100
EP - 111
DO - 10.5220/0005561101000111

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.