基于关键路径测试的安全补丁存在性检测

漏洞的修复对于应用软件的安全至关重要。为了能够及时地修复所有已知漏洞,安全防护人员需要准确地检测一个安全补丁是否被应用。提出一个基于关键路径的语义层面的漏洞补丁存在性检测工具PatchChecker,通过找寻一条在漏洞修复前后发生改变的路径,分析其语义特征,生成能代表漏洞补丁的签名信息;利用这一签名信息,在目标程序中找出对应路径进行比较,判断漏洞补丁的应用情况。PatchChecker通过聚焦于单一路径,在提升对细节变化检测能力的同时,避免了未知代码修改带来的干扰。实验表明,PatchChecker能够以较高的准确率检测漏洞补丁是否被应用。     

Managing vulnerabilities in networked systems

Most organizations recognize the importance of cyber security and are implementing various forms of protection. However, many are failing to find and fix known security problems in the software packages they use as the building blocks of their networks and systems, a vulnerability that a hacker can exploit to bypass all other efforts to secure the enterprise. The Common Vulnerabilities and Exposures (CVE) initiative seeks to avoid such disasters and transform this area from a liability to a key asset in the fight to build and maintain secure systems. Coordinating international, community-based efforts from industry, government and academia, CVE strives to find and fix software product vulnerabilities more rapidly, predictably, and efficiently. The initiative seeks the adoption of a common naming practice for describing software vulnerabilities. Once adopted, these names will be included within security tools and services and on the fix sites of commercial and open source software package providers. As vendors respond to more users requests for CVE-compatible fix sites, securing the enterprise will gradually include the complete cycle of finding, analyzing, and fixing vulnerabilities     

一种基于动态偏好扫描的网络免疫策略

复杂网络中各种自组织现象的涌现给网络脆弱性挖掘和网络免疫自推进带来了启示.一个完整的免疫资源配置过程可以分为4个阶段:信息收集、扫描、漏洞修复和自我推进.网络主机脆弱性分布的实证分析表明,脆弱主机在网络中呈现明显的幂律分布特性,这就意味着盲目扫描将耗费大量资源在非脆弱或不存在的主机上,而一个有效的网络免疫策略应该利用这种非均匀的网络脆弱性分布特性.静态偏好性的扫描方法在初期能取得良好的推进效果,但并不能将这种有效性贯穿整个免疫过程.为此,提出了一种新的基于扫描方式的网络免疫自推进策略.该策略能够在不知道网络结构的条件下,通过一种动态适应的偏好扫描方法,高效命中脆弱主机实施免疫修复.经过传播模型推导及计算机仿真分析,设计的网络免疫策略能够很好地抑制危害传播,提高网络的安全性.     

Experience report: investigating bug fixes in machine learning frameworks/libraries

Machine learning (ML) techniques and algorithms have been successfully and widely used in various areas including software engineering tasks. Like other software projects, bugs are also common in ML projects and libraries. In order to more deeply understand the features related to bug fixing in ML projects, we conduct an empirical study with 939 bugs from five ML projects by manually examining the bug categories, fixing patterns, fixing scale, fixing duration, and types of maintenance. The results show that (1) there are commonly seven types of bugs in ML programs; (2) twelve fixing patterns are typically used to fix the bugs in ML programs; (3) 68.80% of the patches belong to micro-scale-fix and small-scale-fix; (4) 66.77% of the bugs in ML programs can be fixed within one month; (5) 45.90% of the bug fixes belong to corrective activity from the perspective of software maintenance. Moreover, we perform a questionnaire survey and send them to developers or users of ML projects to validate the results in our empirical study. The results of our empirical study are basically consistent with the feedback from developers. The findings from the empirical study provide useful guidance and insights for developers and users to effectively detect and fix bugs in MLprojects.     

基于高斯过程的缺陷定位方法

在软件系统中,缺陷定位是缺陷修复的一个关键环节,如果能将缺陷自动定位到很小的范围,将会极大地降低缺陷修复的难度.基于高斯过程提出了一种缺陷定位方法（GPBL）,即针对每个缺陷,向开发人员推荐这个缺陷可能存在于哪些源文件中,从而帮助开发人员快速修复缺陷.为了验证方法的有效性,采集了开源软件Eclipse 和Argouml 中的数据,实验结果表明,高斯过程缺陷定位的查全率和查准率平均分别为87.16%和78.90%.与基于LDA的缺陷定位方法进行比较,表明高斯过程更能准确定位缺陷的位置.     

基于模板匹配的BPEL程序故障修复及优化技术

BPEL (business process execution language)是一种可执行的Web服务组合语言. 与传统程序相比, BPEL程序在编程模型、执行方式等方面存在较大差异. 这些新特点使得如何定位并修改测试阶段发现的BPEL程序故障成为挑战, 面向传统软件的故障修复技术难以直接应用于BPEL程序. 从变异分析角度出发, 提出一种基于模板匹配的BPEL程序故障修复方法BPELRepair. 为了克服基于变异分析的故障修复技术计算开销高的缺点, 从补丁生成、测试用例选择以及终止条件3个角度提出多种优化策略. 开发一个BPEL故障修复支持工具, 提高故障修复的自动化程度与效率. 采用经验研究的方式, 评估所提故障修复技术及优化策略的有效性. 实验结果表明, 所提故障修复方法能够成功修复约53%的BPEL程序故障; 所提优化策略能够显著降低搜索匹配、补丁程序验证、测试用例执行与故障修复等方面的开销.     

计算机漏洞库系统的设计、实现与应用

如何发现、修补和利用计算机漏洞，是网络攻防研究的焦点问题之一。本文首先对国内外的研究现状进行分析与综述，然后介绍了如何设计、实现计算机漏洞库系统，提出了运用CORBA分布对象技术定义和实现漏洞库信息的应用程序访问接口，基于事件模型完成漏洞补丁程序或应对措施在可信任计算机之间的自动推送，实现动态的系统漏洞分析与应对。     

Just-in-time defect prediction for software hunks

Just-in-time defect prediction can remind software developers and managers to verify and fix bugs at the moment they appeared, thus improving the effectiveness and validity of bug fixing. Existing studies mainly focus on just-in-time prediction for software files (JIT-F). JIT-F is a binary classification problem, which classifies (hence predicts) a file change as buggy or clean. This article provides a detailed analysis of just-in-time defect prediction for software hunks (JIT-H), which predicts bugs at a finer level of granularity, and hence further improves the efficiency of bug fixing. Classification is performed using the ensemble technique of bagging—aggregated combinations of random under sampling plus multiple classifiers (J48 and Random Forest). An empirical study with 10 open source projects was conducted to validate the effectiveness of JIT-H. Experimental results show that JIT-H is effective at predicting defects in software hunk changes. Compared with JIT-F, JIT-H is more cost effective. Additionally, analysis on the change features indicates that Text Vector features and hunk change level features are of more importance than features in other groups and levels.     

面向软件安全性缺陷的开发者推荐方法

软件开发与维护过程中常会出现一些安全性缺陷,这些安全性缺陷会给软件和用户带来很大的风险.安全性缺陷在修复过程中,其修复级别和质量要求往往高于一般性的缺陷,因此,推荐出富有安全性经验的开发者及时有效地修复这些安全性缺陷非常重要.现有的开发者推荐技术在推荐开发者时仅仅考虑了开发者的历史开发内容,很少考虑到开发人员的安全性缺陷修复经验和修复质量等因素,所以这些技术不适用于安全性缺陷的开发者推荐.本文针对安全性缺陷的修复提出了一种有效的软件开发者推荐方法SecDR.SecDR在推荐开发者时不仅考虑了开发者的历史开发内容（与安全性相关）,还分析了开发者的修复质量和历史修复缺陷的复杂度等因素.此外,SecDR还实现了开发者的多经验级别推荐：推荐初级开发者修复简单的安全性缺陷,高级开发者修复复杂的安全性缺陷.本文在三个开源项目（Mozilla,Libgdx,ElasticSearch）上分别对SecDR推荐开发者进行有效性验证.通过对比实验证明,SecDR针对安全性缺陷推荐开发者相比于其他方法（如：DR_PSF）的推荐精度平均高出19%~42%.另外,实验对比了SecDR与实际开发人员的分配情况,结果显示SecDR可以更好地规避不合理的软件开发者的推荐.     

电磁兼容扫描平台探头及固定架改造

提出了一种基于现有电磁兼容扫描平台的设备改造方案以解决在实际使用中出现的问题。增加了一组水平测试探头,使得探头可以在垂直或水平平面上测试,同时扩大了被测件内部可测纵深,满足更大体积的被测物件的检测。并搭建了对比平台,验证了增设的水平测试探头的测量精确度。同时,在X轴两端增加两个新型冲孔固定支架,可固定各种大小不同的被测物件,通用性固定架为测试时被测件的固定方式提供了多样化的选择。经仿真,选取对空间磁场影响最小的材质来制作固定架。特殊设计的连接件可以有效利用原扫描平台滑轨进行固定架的移动及固定。改造后的平台扩大了被测件的测试范围及其使用灵活性,同时提高了大型设备的利用率。     

Predicting Cyber Risks through National Vulnerability Database

ABSTRACT

Software vulnerabilities are the major cause of cyber security problems. The National Vulnerability Database (NVD) is a public data source that maintains standardized information about reported software vulnerabilities. Since its inception in 1997, NVD has published information about more than 43,000 software vulnerabilities affecting more than 17,000 software applications. This information is potentially valuable in understanding trends and patterns in software vulnerabilities so that one can better manage the security of computer systems that are pestered by the ubiquitous software security flaws. In particular, one would like to be able to predict the likelihood that a piece of software contains a yet-to-be-discovered vulnerability, which must be taken into account in security management due to the increasing trend in zero-day attacks. We conducted an empirical study on applying data-mining techniques on NVD data with the objective of predicting the time to next vulnerability for a given software application. We experimented with various features constructed using the information available in NVD and applied various machine learning algorithms to examine the predictive power of the data. Our results show that the data in NVD generally have poor prediction capability, with the exception of a few vendors and software applications. We suggest possible reasons for why the NVD data have not produced a reasonable prediction model for time to next vulnerability with our current approach, and suggest alternative ways in which the data in NVD can be used for the purpose of risk estimation.     

Monocultures are hard to find in practice

The statement that computer networks executing essentially the same software (for example, a software's various versions and configurations; such as Linux or Windows) present a higher risk of cascading failures than more diversified networks when a serious vulnerability is discovered in that common software has two inherent problems. The first problem is with the concept of "essentially the same software", and the second is with the meaning of "cascading failures".     

面向智能汽车的信息安全漏洞评分模型

随着汽车智能化、网联化的发展,汽车中集成了越来越多的电子器件,数量庞大的硬件、固件和软件中隐藏着各种设计缺陷和漏洞,这从根本上导致了智能汽车信息安全问题.大量汽车漏洞的披露,严重影响了汽车安全,制约了智能汽车的广泛应用.漏洞管理是降低漏洞危害、改善汽车安全的有效手段.在漏洞管理流程中,漏洞评估是决定漏洞处置优先级的重要...     

基于Mozilla的安全性漏洞再修复经验研究

相较于其他类型的漏洞,安全性漏洞更容易发生再修复,这使得安全性漏洞需要更多的开发资源,从而增加了这些安全性漏洞修复的成本。因此,减少安全性漏洞再修复的发生的重要性不言而喻。对安全性漏洞再修复的经验研究有助于减少再修复的发生。首先,通过对Mozilla工程中一些发生再修复的安全性漏洞的安全性漏洞类型、发生再修复的原因、再修复的次数、修改的提交数、修改的文件数、修改的代码行数的增减、初始修复和再修复的对比等数据进行分析,发现了安全性漏洞发生再修复是普遍存在的,且与漏洞发生原因的识别的复杂程度和漏洞修复的复杂程度这两个因素有关;其次,初始修复涉及的文件、代码的集中程度是影响再修复的原因之一,而使用更复杂、更有效的修复过程可有效避免再修复的发生;最后,总结了几种安全性漏洞发生再修复的原因,使开发人员有效地识别不同类型的安全性漏洞再修复。     

求解QAP问题的近似骨架导向快速蚁群算法

QAP(quadratic assignment problem)问题是经典的组合优化问题之一,广泛应用于许多领域中.针对QAP问题,提出了一种新的蚁群算法--近似骨架导向的快速蚁群算法(ABFANT).该算法的基本原理是通过对局部最优解的简单相交操作得到QAP问题实例的近似骨架(approximate-backbone),利用这些近似骨架可以极大地缩小QAP问题的搜索空间,而同时不降低搜索的性能,最后对这个缩小后的搜索空间,直接用当前求解QAP问题最好的启发式算法之一-快速蚁群算法(FANT)求解得到问题的解.在QAPLIB中的典型实例上的实验结果表明,近似骨架导向的快速蚁群算法明显优于快速蚁群算法.此外,指出基于近似骨架的算法思想可以很容易地被移植到其他求解QAP问题的启发式算法中.     

A comparison of the efficiency and effectiveness of vulnerability discovery techniques

ContextSecurity vulnerabilities discovered later in the development cycle are more expensive to fix than those discovered early. Therefore, software developers should strive to discover vulnerabilities as early as possible. Unfortunately, the large size of code bases and lack of developer expertise can make discovering software vulnerabilities difficult. A number of vulnerability discovery techniques are available, each with their own strengths.ObjectiveThe objective of this research is to aid in the selection of vulnerability discovery techniques by comparing the vulnerabilities detected by each and comparing their efficiencies.MethodWe conducted three case studies using three electronic health record systems to compare four vulnerability discovery techniques: exploratory manual penetration testing, systematic manual penetration testing, automated penetration testing, and automated static analysis.ResultsIn our case study, we found empirical evidence that no single technique discovered every type of vulnerability. We discovered that the specific set of vulnerabilities identified by one tool was largely orthogonal to that of other tools. Systematic manual penetration testing found the most design flaws, while automated static analysis found the most implementation bugs. The most efficient discovery technique in terms of vulnerabilities discovered per hour was automated penetration testing.ConclusionThe results show that employing a single technique for vulnerability discovery is insufficient for finding all types of vulnerabilities. Each technique identified only a subset of the vulnerabilities, which, for the most part were independent of each other. Our results suggest that in order to discover the greatest variety of vulnerability types, at least systematic manual penetration testing and automated static analysis should be performed.     

A framework for attaching personal assistants to existing applications

Personal assistants are computer programs that enhance the functionality provided by a software application by implementing a mixed initiative interaction with the user in which both, the assistant and the user, can execute tasks and initiate the interaction with each other. This kind of software is also known as Interface Agents in the Artificial Intelligence community. A key problem in systems implemented so far is that the interface agent and the application are seen as a unit of software and the code of the agent is embedded in the code of the application resulting in highly coupled and hard to maintain systems. In this paper we present a solution to this problem. We propose a framework that will allow attaching an interface agent to a conventional application without modifying the application in any way. This will allow us to enhance an existent application with an interface agent to assist the user for which we do not have the source code available.     

Standby redundancy: Crash-tolerant computers for distributed computer systems

Distributed systems allow greater overall availability. Standby redundancy can be incorporated into application software to improve availability in the event of a crash. The Tandem-16 is an example of crash-tolerant computers. Other examples include Prosur, intended for a hostile environment, and Demos M/P, which uses a broadcast network and a computer called the ‘recorder’. Local area networks can introduce greater vulnerability.     

处理器微体系结构安全研究综述

在CPU指令流水线中,为了提高计算机系统的执行效率而加入的Cache、TLB等缓存结构是不同进程共享的,因此这些缓存以及相关执行单元在不同进程之间的共享在一定程度上打破了计算机系统中基于内存隔离实现的安全边界,进而打破了计算机系统的机密性和完整性。Spectre和Meltdown等漏洞的披露,进一步说明了处理器微体系结构所采用的乱序执行、分支预测和推测执行等性能优化设计存在着严重的安全缺陷,其潜在威胁将涉及到整个计算机行业的生态环境。然而,对于微体系结构的安全分析,到目前为止尚未形成较为成熟的研究框架。虽然当前针对操作系统内核及上层应用程序的漏洞检测和安全防护方面已经有较为成熟的方法和工具,但这些方法和工具并不能直接应用于对微体系结构漏洞的安全检测之中。一旦微体系结构中出现了漏洞将导致其危害更加广泛并且难以修复。此外,由于各个处理器厂商并没有公布微体系结构的实现细节,对于微体系结构安全研究人员来说,微体系结构仍然处于黑盒状态,并且缺少进行辅助分析的工具。这也使得微体系结构的安全分析变得十分困难。因此本文从当前处理器微体系结构设计中存在的安全威胁入手,分析了其在设计上导致漏洞产生的主要原因,对现有处理器微体系结构的7种主流攻击方法进行了分类描述和总结,分析对比现有的10种软硬件防护措施所采用的保护方法及实用效果,并从微体系结构漏洞研究方法、漏洞防护及安全设计等方面,进一步探讨了处理器微体系结构安全的研究方向和发展趋势。