scholarly journals Towards Vulnerability Discovery Using Staged Program Analysis

2016 ◽  
pp. 78-97
Author(s):  
Bhargava Shastry ◽  
Fabian Yamaguchi ◽  
Konrad Rieck ◽  
Jean-Pierre Seifert
Keyword(s):  
Program Analysis ◽  
Vulnerability Discovery

scholarly journals Bin2vec: learning representations of binary executable programs for security tasks

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Shushan Arakelyan ◽  
Sima Arasteh ◽  
Christophe Hauser ◽  
Erik Kline ◽  
Aram Galstyan
Keyword(s):  
Program Analysis ◽  
State Of The Art ◽  
Classification Error ◽  
New Approach ◽  
Convolutional Networks ◽  
Computational Program ◽  
Functional Algorithm ◽  
Binary Program ◽  
Vulnerability Discovery ◽  
Executable Programs

AbstractTackling binary program analysis problems has traditionally implied manually defining rules and heuristics, a tedious and time consuming task for human analysts. In order to improve automation and scalability, we propose an alternative direction based on distributed representations of binary programs with applicability to a number of downstream tasks. We introduce Bin2vec, a new approach leveraging Graph Convolutional Networks (GCN) along with computational program graphs in order to learn a high dimensional representation of binary executable programs. We demonstrate the versatility of this approach by using our representations to solve two semantically different binary analysis tasks – functional algorithm classification and vulnerability discovery. We compare the proposed approach to our own strong baseline as well as published results, and demonstrate improvement over state-of-the-art methods for both tasks. We evaluated Bin2vec on 49191 binaries for the functional algorithm classification task, and on 30 different CWE-IDs including at least 100 CVE entries each for the vulnerability discovery task. We set a new state-of-the-art result by reducing the classification error by 40% compared to the source-code based inst2vec approach, while working on binary code. For almost every vulnerability class in our dataset, our prediction accuracy is over 80% (and over 90% in multiple classes).

A Semantic Perspective on Omission Abstraction in ASP

2020 ◽  
Author(s):  
Zeynep G. Saribatur ◽  
Thomas Eiter
Keyword(s):  
Problem Solving ◽  
Program Analysis ◽  
Abstract Level ◽  
Answer Sets

The recently introduced notion of ASP abstraction is on reducing the vocabulary of a program while ensuring over-approximation of its answer sets, with a focus on having a syntactic operator that constructs an abstract program. It has been shown that such a notion has the potential for program analysis at the abstract level by getting rid of irrelevant details to problem solving while preserving the structure, that aids in the explanation of the solutions. We take here a further look on ASP abstraction, focusing on abstraction by omission with the aim to obtain a better understanding of the notion. We distinguish the key conditions for omission abstraction which sheds light on the differences to the well-studied notion of forgetting. We demonstrate how omission abstraction fits into the overall spectrum, by also investigating its behavior in the semantics of a program in the framework of HT logic.

Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage

2020 ◽  
Vol 2 (2) ◽  
Author(s):  
Suzanna Schmeelk ◽  
Lixin Tao
Keyword(s):  
Data Storage ◽  
Program Analysis ◽  
Web Application ◽  
Security Analysis ◽  
Knowledge Graph ◽  
Healthcare Applications ◽  
Sensitive Data ◽  
Knowledge Graphs ◽  
Mobile Malware Detection ◽  
Software Assurance

Many organizations, to save costs, are movinheg to t Bring Your Own Mobile Device (BYOD) model and adopting applications built by third-parties at an unprecedented rate.  Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection, mitigation, and prevention.  This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project (OWASP).  OWASP maintains lists of the top ten security threats to web and mobile applications.  We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.  We analyze 200+ healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten moble threats, the threat of “Insecure Data Storage.”  We find that many of the applications are storing personally identifying information (PII) in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.

JPF-HJ: A Tool for Task Parallel Program Analysis

2019 ◽  
Vol 44 (4) ◽  
pp. 19-19 ◽  
Author(s):  
Joshua Hooker ◽  
Peter Aldous ◽  
Eric Mercer ◽  
Benjamin Ogles ◽  
Kyle Storey ◽  
...  
Keyword(s):  
Program Analysis ◽  
Parallel Program ◽  
Task Parallel
Sign in / Sign up

Export Citation Format

Share Document