Managing software security risks

Most organizations manage computer security risk reactively by investing in technologies designed to protect against known system vulnerabilities and monitor intrusions as they occur. However, firewalls, cryptography, and antivirus protection address the symptoms, not the root cause, of most security problems. Buying and maintaining a firewall, for example, is ineffective if external users can access remotely exploitable Internet-enabled applications through it. Because hackers attack software, improving computer security depends on proactively managing risks associated with software and software development. The current "penetrate and patch" approach of fixing broken software only after it has been compromised is insufficient to control the problem     

Stopping intruders outside the gates

As networks have grown in size and complexity, connecting a vast array of business functions, intrusion threats have increased in frequency and sophistication. Network administrators and vendors are thus looking beyond traditional intrusion detection technology, which catches problems only after they have occurred, to a new, proactive approach: intrusion prevention. Intrusion prevention offers active, threat-handling capabilities that stop hackers before they enter a computer system. There appears to be demand for the technology, and this has inspired participation by numerous vendors and predictions of increased sales. The paper discusses the intrusion prevention market. Because today's hackers combine attack types, intrusion-prevention vendors have had to combine approaches in individual products.     

Internet holes — Part 6: Automated attack and defence

Automated attack tools appear to present a substantial threat to the Internet environment. If more than half of all Internet-based computers are vulnerable to attack by a few widely available automated tools, how can we help but be concerned about the existence of these tools?Many may try to blame the weaknesses of systems on these tools and the people who write them, but for the most part, the people who write these tools do so as the only means at hand to test the vulnerability and the effectiveness of countermeasures. Without testing using these tools, we would be in far worse shape.Ultimately, the solution to automated attack tools is proper defences. There are many effective defences available today, but as a community, the people using the Internet have simply failed to use them. If we use the defences available to us, we can be safe from all but the newest and most sophisticated threats, but as long as we refuse to take appropriate protective action, we will be vulnerable.     

Assessing the health of open source communities

Before contributing to a free or open source software project, understand the developers, leaders, and active users behind it. The computing world lauds many Free/Libre and open source software offerings for both their reliability and features. Successful projects such as the Apache httpd Web server and Linux operating system kernel have made FLOSS a viable option for many commercial organizations. While FLOSS code is easy to access, understanding the communities that build and support the software can be difficult. Despite accusations from threatened proprietary vendors, few continue to believe that open source programmers are all amateur teenaged hackers working alone in their bedrooms. But neither are they all part of robust, well-known communities like those behind Apache and Linux.     

General Theory of security and a study of hacker’s behavior in big data era

Big data brings great value as well as a lot of network security problems, which makes the hacker possess more and more attack strategies. This paper precisely describes the static form of hackers, and proposes the best dynamic hackers attack tactics under certain assumptions. When the proportion of the hacker’s resource input is its static probability distribution value, the hacker income reaches maximum. In particular, on the premise of uniform ratio of input and output, if the entropy of hacker reduces 1 bit, the hacker income will be double. Furthermore, this paper studies the optimal combination of hacker attacks and proposes a logarithmic optimal combination attack strategy that the hacker attacks several systems simultaneously. This strategy not only can maximize the hacker’s overall income, but also can maximize the income of each round attack. We find that the input-output ratio of each system will not change at the end of this round attack when hacker adopts the logarithmic optimal combination strategy, and find the growth rate of additional hacker income does not exceed the mutual information between the input-output ratio of the attacked system and the inedge information if an attacker can get some inedge information through other ways. Moreover, there is an optimum attack growth rate of hackers if time-varying attacked system is a stationary stochastic process. We can conclude that, in Big Data era, the more information the hacker gets, the more hacker income.     

Web主页的监控与恢复

目前屡有黑客攻击Web服务器,篡改页面或图片,如不能及时发现并恢复,会给所有网站造成不良影响,针对这种问题,本文提出并实现了一种解决方法,能对服务器进行监控,及时发现文件是否被非法修改,如[被修改则及时恢复并通知管理员。     

Interdicting attack graphs to protect organizations from cyber attacks: A bi-level defender–attacker model

Today's organizations are inherently open and connected, sharing knowledge and ideas in order to remain innovative. As a result, these organizations are also more vulnerable to information theft through different forms of security breaches caused by hackers and competitors. One way of understanding the vulnerability of an information system is to build and analyze the attack graph of that system. The attack graph of an information system contains all the paths that can be used to penetrate the system in order to breach critical assets. Although existing literature provides an abundance of attack graph generation algorithms, more methods are required to help analyze the attack graphs. In this paper, we study how best to deploy security countermeasures to protect an organization by analyzing the vulnerability of the organization through the use of its attack graph. In particular, we present an approach to find an optimal affordable subset of arcs, called an interdiction plan, on an attack graph that should be protected from attack to minimize the loss due to security breaches. We formulate this problem as a bi-level mixed-integer linear program and develop an exact algorithm to solve it. Experiments show that the algorithm is able to solve relatively large problems. Two heuristic methods, one with and the other without a heuristic to solve the master problem and both limiting the master problem branch-and-bound tree to only one node solve the large problems remarkably well. Experiments also reveal that the quality of an interdiction plan is relatively insensitive with respect to the error in the estimate of the attacker's budget, and that the breach loss drops sharply at the beginning, then levels off before finally dropping sharply again with increases in the security budget.     

Evaluation of service management algorithms in a distributed web search system

The World Wide Web interconnected through the internet today offers numerous specialist topic-oriented or regional search engines and systems in a largely federated heterogeneous environment. Old ones continue to exist and new ones appear in spite of the tremendous progress achieved by their generic Web-wide rival competitors, because they produce better results in their areas of specialisation. However, finding and choosing the best specialised search engines or systems for a particular information need is difficult. This is made even more complicated by the fact that these engines and systems would want to carve out a niche market that generates maximum revenue for themselves. The ADSA (Adaptive Distributed Search and Advertising) Web research project has investigated the problem at some depth and had put forward a search architecture which allows many search engines to be independently owned and controlled, offering advantages over existing centralised architectures. One aspect of the architecture has been to evaluate the service management algorithms that were designed to support competing autonomous systems in a cooperative marketplace. Here we present ADSA economic model and the service management strategies that can lead to maximum revenue generation, by making informative and intelligent decisions on search price adjustments of key quantitative parameters, as well as the results of evaluation experiments and briefly discuss the need for standardised interfaces which are required if this concept is to ease development and implementation of such a marketplace in a large scale.     

语义网的研究和发展对未来搜索引擎的影响

目前在全球市场里占据主要份额的谷歌、雅虎、百度等搜索引擎,提供给人们的依旧是比较笨拙的工具,因为它们始终受制于传统Web,对搜索关键字的精确度要求苛刻,处理自然语言的能力很低。语义网(SW)的提出、研究和发展,给搜索引擎带来了新的希望。而基于语义Web的智能搜索引擎,则是下一代搜索引擎的必然选择。     

手机病毒的危害与防治研究

随着信息技术迅猛发展,互联网已越来越深入到了当今社会的各行各业以及人们的生活当中,尤其是当3G网络以及智能手机的投入使用,正式宣告着全民手机上网时代的来临,人们可以随时随地通过手机网络进行各种活动,因此受到广大用户的欢迎。然而网络在带来方便的同时,也不可避免地带来了种种危害,而其中最为危险的便是那些潜伏在网络中的黑客,通过编译病毒和木马攻击广大网络用户,盗取用户的信息账号,造成了巨大的损失。而因为现在的手机在软硬件条件上还不够成熟,对于新出现的那些专门针对手机的病毒木马缺乏有效的防治手段,因此也已经日益成为了黑客病毒攻击的重点目标。如何保护手机的信息安全,防范来自网络黑客的攻击,便是讨论的重点。     

数值稳定性相关漏洞隐患的自动化检测方法

安全漏洞检测是保障软件安全性的重要手段.随着互联网的发展,黑客的攻击手段日趋多样化,且攻击技术不断翻新,使软件安全受到了新的威胁.本文描述了当前软件中实际存在的一种新类型的安全漏洞隐患,我们称之为数值稳定性相关的安全漏洞隐患.由于黑客可以利用该类漏洞绕过现有的防护措施,且已有的数值稳定性分析方法很难检测到该类漏洞的存在,因而这一新类型的漏洞隐患十分危险.面对这一挑战,本文首先从数值稳定性引起软件行为改变的角度定义了数值稳定性相关的安全漏洞隐患,并给出了对应的自动化检测方法.该方法基于动静态相结合的程序分析与符号执行技术,通过数值变量符号式提取、静态攻击流程分析、以及高精度动态攻击验证三个步骤,来检测和分析软件中可能存在的数值稳定性相关安全漏洞.我们在业界多个著名开源软件上进行了实例研究,实验结果表明,本文方法能够有效检测到实际软件中真实存在的数值稳定性相关漏洞隐患.     

电子邮件社会工程学攻击防范研究

社会工程学是信息网络安全中的一个新的分支,其主要特点就是利用人的弱点进行攻击。在正面渗透越来越难的情况下,黑客越来越多地借助社会工程学实现攻击,包括国内出现的密码“泄露门”,以及安全界比较著名的APT攻击,就是典型利用社会工程学的攻击,这种攻击危害巨大,后果严重。文章从社会工程学攻击的现状出发,详细研究电子邮件社会工程学攻击的部分应用手段和方式,并在此基础上,对电子邮件社会工程学攻击的防范措施进行研究和探讨,通过这些安全防范措施可以大大降低被攻击的几率。     

Stronger Domain Name System Thwarts Root-Server Attacks

The DNS is a service that translates easy-to-remember alphabetic URLs into Web sites' actual numerical IP addresses. The system enables users to easily access the Web sites they want to visit and thus is a critical part of Internet operations. DDoS attacks can overwhelm servers with hacker-generated traffic and thereby make them unavailable for legitimate communications. These assaults are a serious threat to the Internet because hackers are developing increasingly sophisticated ways to take over thousands of unsuspecting victims' computers, creating large botnets of zombie machines they can use to launch DDoS attacks. DNS security measures and quick, coordinated responses by Internet engineers, including the filtering of hackers' messages, made the recent attack less effective than a major assault that occurred in 2002. This is important because a significant disruption to the DNS system could slow or limit Internet access for millions of users.     

Increasingly compromised military systems

A Pentagon-sponsored study released this week said military computer and communications systems are “increasingly compromised” and vulnerable to attack by hackers and high-tech enemies. Although the Defense Department is working to improve cybersecurity, the study said that technological advances are outpacing the Pentagon's sluggish moves toprotect vital information used in today's battles.     

Visualizing Web search results in 3D

The exponential growth in Web sites is making it increasingly difficult to extract useful information on the Internet using existing search engines. Despite a wide range of sophisticated indexing and data retrieval features, search engines often deliver satisfactory results only when users know precisely what they are looking for. Traditional textual interfaces present results as a list of links to Web pages. Because most users are unwilling to explore an extensive list, search engines arbitrarily reduce the number of links returned, aiming also to provide quick response times. Moreover, their proprietary ranking algorithms often do not reflect individual user preferences. Those who need comprehensive general information about a topic or have vague initial requirements instead want a holistic presentation of data related to their queries. To address this need, we have developed Periscope, a 3D search result visualization system that displays all the Web pages found in a synthetic, yet comprehensible format.     

On covert channels between virtual machines

Virtualization technology has become very popular because of better hardware utilization and easy maintenance. However, there are chances for information leakage and possibilities of several covert channels for information flow between the virtual machines. Our work focuses on the experimental study of security threats in virtualization, especially due to covert channels and other forms of information leakage. The existence of data leakage during migration shutdown and destruction of virtual machines, is tested on different hypervisors. For empirically showing the possibility of covert channels between virtual machines, three new network based covert channels are hypothesized and demonstrated through implementation, on different hypervisors. One of the covert channels hypothesized is a TCP/IP steganography based covert channel. Other covert channels are a timing covert channel and a new network covert channel having two pairs of socket programs. We propose a VMM (Virtual Machine Monitor) based network covert channel avoidance mechanism, tackling detection resistant covert channel problems. We also address issue of reducing the possibilities of network based covert channels using VMM-level firewalls. In order to emphasize the importance of addressing the issue of information leakage through virtual machines, we illustrate the simplicity of launching network covert channel based attacks, by demonstrating an attack on a virtual machine using covert channels through implementation.     

Automated Instruction Detection

Although a computer system's primary defense is its access controls, it is plain from numerous newspaper accounts of break-ins and computerized thefts that access control mechanisms cannot be relied on in most cases to safeguard against a penetration or insider attack. Most computer systems have security weaknesses that leave them vulnerable to attack and abuse. Finding and fixing all the flaws is not technically feasible, and building systems with no security vulnerabilities is extremely difficult, if not generally impossible. Moreover, even the most secure systems are vulnerable to abuse by insiders who misuse their privileges.

Audit trails can help ensure the accountability of users for their actions. Audit trails have been viewed as the final defense, not only because of their deterrent value but because in theory they can be perused for suspicious events and provide evidence to establish the guilt or innocence of suspected individuals. Moreover, audit trails may be the only means of detecting authorized but abusive user activity.     

Databases deepen the Web

The Web has become the preferred medium for many database applications, such as e-commerce and digital libraries. These applications store information in huge databases that users access, query, and update through the Web. Database-driven Web sites have their own interfaces and access forms for creating HTML pages on the fly. Web database technologies define the way that these forms can connect to and retrieve data from database servers. The number of database-driven Web sites is increasing exponentially, and each site is creating pages dynamically-pages that are hard for traditional search engines to reach. Such search engines crawl and index static HTML pages; they do not send queries to Web databases. The information hidden inside Web databases is called the "deep Web" in contrast to the "surface Web" that traditional search engines access easily. We expect deep Web search engines and technologies to improve rapidly and to dramatically affect how the Web is used by providing easy access to many more information resources.     

无线局域网的常用攻击技术分析

无线局域网由于其可移动性、安装方便、组网灵活和易于扩展等优点,在社会各个领域得到广泛的应用,深刻地影响着人们的工作、学习和生活。随着人们对无线局域网的依赖程度越来越高,无线局域网已成为黑客攻击的主要目标之一,无线攻击手段呈现多样化,无线攻击事件时有发生。通过分析无线局域网的优点和脆弱性,简述了无线局域网的常用攻击技术,以此优化无线局域网的安全配置,从而确保无线局域网的安全。     

运用SPIN对开放授权协议OAuth 2.0的分析与验证

OAuth 2.0协议是一种开放授权协议,主要用于解决用户账号关联与资源共享问题。但是,其弱安全性导致各网络公司海量用户信息泄露,且OAuth 2.0传输数据采用的https通道效率低下,成为黑客攻击对象。提出采用http通道传输OAuth 2.0协议数据,基于Promale语言及Dolev-Yao攻击者模型对OAuth 2.0协议建模,运用SPIN进行模型检测。形式化分析结果表明,采用公钥加密体系对OAuth 2.0协议进行加密不安全。上述建模方法对类似的授权协议形式化分析有重要借鉴意义。