False Positives
Recently Published Documents





2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-28
Robert Brotzman ◽  
Danfeng Zhang ◽  
Mahmut Taylan Kandemir ◽  
Gang Tan

The high-profile Spectre attack and its variants have revealed that speculative execution may leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data. However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels. Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-29
Florian Lanzinger ◽  
Alexander Weigl ◽  
Mattias Ulbrich ◽  
Werner Dietl

Type systems and modern type checkers can be used very successfully to obtain formal correctness guarantees with little specification overhead. However, type systems in practical scenarios have to trade precision for decidability and scalability. Tools for deductive verification, on the other hand, can prove general properties in more cases than a typical type checker can, but they do not scale well. We present a method to complement the scalability of expressive type systems with the precision of deductive program verification approaches. This is achieved by translating the type uses whose correctness the type checker cannot prove into assertions in a specification language, which can be dealt with by a deductive verification tool. Type uses whose correctness the type checker can prove are instead turned into assumptions to aid the verification tool in finding a proof.Our novel approach is introduced both conceptually for a simple imperative language, and practically by a concrete implementation for the Java programming language. The usefulness and power of our approach has been evaluated by discharging known false positives from a real-world program and by a small case study.

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-30
Jialu Zhang ◽  
Ruzica Piskac ◽  
Ennan Zhai ◽  
Tianyin Xu

The behavior of large systems is guided by their configurations: users set parameters in the configuration file to dictate which corresponding part of the system code is executed. However, it is often the case that, although some parameters are set in the configuration file, they do not influence the system runtime behavior, thus failing to meet the user’s intent. Moreover, such misconfigurations rarely lead to an error message or raising an exception. We introduce the notion of silent misconfigurations which are prohibitively hard to identify due to (1) lack of feedback and (2) complex interactions between configurations and code. This paper presents ConfigX, the first tool for the detection of silent misconfigurations. The main challenge is to understand the complex interactions between configurations and the code that they affected. Our goal is to derive a specification describing non-trivial interactions between the configuration parameters that lead to silent misconfigurations. To this end, ConfigX uses static analysis to determine which parts of the system code are associated with configuration parameters. ConfigX then infers the connections between configuration parameters by analyzing their associated code blocks. We design customized control- and data-flow analysis to derive a specification of configurations. Additionally, we conduct reachability analysis to eliminate spurious rules to reduce false positives. Upon evaluation on five real-world datasets across three widely-used systems, Apache, vsftpd, and PostgreSQL, ConfigX detected more than 2200 silent misconfigurations. We additionally conducted a user study where we ran ConfigX on misconfigurations reported on user forums by real-world users. ConfigX easily detected issues and suggested repairs for those misconfigurations. Our solutions were accepted and confirmed in the interaction with the users, who originally posted the problems.

2021 ◽  
Ben Lafreniere ◽  
Tanya R. Jonker ◽  
Stephanie Santosa ◽  
Mark Parent ◽  
Michael Glueck ◽  

2021 ◽  
Vol 43 (S19) ◽  
pp. 29-29

2021 ◽  
Cristiano Antonio de Souza ◽  
João Vitor Cardoso ◽  
Carlos Becker Westphall

The Internet of Things (IoT) systems have limited resources, making it difficult to implement some security mechanisms. It is important to detect attacks against these environments and identify their type. However, existing multi-class detection approaches present difficulties related to false positives and detection of less common attacks. Thus, this work proposes an approach with a two-stage analysis architecture based on One-Vs-All (OVA) and Artificial Neural Networks (ANN) to detect and identify intrusions in fog and IoT computing environments. The results of experiments with the Bot-IoT dataset demonstrate that the approach achieved promising results and reduced the number of false positives compared to state-of-the-art approaches and machine learning techniques.

2021 ◽  
pp. 109352662110433
Mikako Warren ◽  
Nishant Tiwari ◽  
Sabrina Sy ◽  
Gordana Raca ◽  
Ryan J Schmidt ◽  

Background The hallmark of lipoblastoma is a PLAG1 fusion. PLAG1 protein overexpression has been reported in sporadic PLAG1-rearranged lipoblastomas. Methods We evaluated the utility of PLAG1 immunohistochemical staining (IHC) in 34 pediatric lipomatous tumors, correlating the results with histology and conventional cytogenetics, FISH and/or next generation sequencing (NGS) results. Results The study included 24 lipoblastomas, divided into 2 groups designated as “Lipoblastoma 1” with both lipoblastoma histology and PLAG1 rearrangement (n = 16) and “Lipoblastoma 2” with lipoblastoma histology but without PLAG1 cytogenetic rearrangement (n = 8), and 10 lipomas with neither lipoblastoma histology nor a PLAG1 rearrangement. Using the presence of a fusion as the “gold standard” for diagnosing lipoblastoma (Lipoblastoma 1), the sensitivity of PLAG1 IHC was 94%. Using histologic features alone (Lipoblastoma 1 + 2), the sensitivity was 96%. Specificity, as defined by the ability to distinguish lipoma from lipoblastoma, was 100%, as there were no false positives in the lipoma group. Conclusions Cytogenetics/molecular testing is expensive and may not be ideal for detecting PLAG1 fusions because PLAG1 fusions are often cytogenetically cryptic and NGS panels may not include all partner genes. PLAG1 IHC is an inexpensive surrogate marker of PLAG1 fusions and may be useful in distinguishing lipoblastomas from lipomas.

2021 ◽  
Shuning Guo

This protocol is used to construct mutant library of target gene with high efficiency and low false positives/negatives rate after subsequent functional screening.

2021 ◽  
Vol 11 (19) ◽  
pp. 9194
Doyoung Kim ◽  
Suwoong Heo ◽  
Jiwoo Kang ◽  
Hogab Kang ◽  
Sanghoon Lee

In recent years, copyright infringement has been one of the most serious problems that hamper the development of the culture and arts industry. Due to the limitations of existing image search services, these infringements have not been properly identified and the number of infringements has been increasing continuously. To uncover these infringements and handle big data extracted from copyright photos, we propose a photo copyright identification framework to accurately handle manipulations of stolen photos. From a collage of cropped photos, regions of interest (RoIs) are detected to reduce the influence of cropping and identify each photo by Image RoI Detection. Binary descriptors for quick database search are generated from the RoIs by Image Hashing robustly to geometric and color manipulations. The matching results of Image Hashing are verified by measuring their similarity using the proposed Image Verification to reduce false positives. Experimental results demonstrate that the proposed framework outperforms other image retrieval methods in identification accuracy and significantly reduces the false positive rate by 2.8%. This framework is expected to identify copyright infringements in practical situations and have a positive effect on the copyright market.

2021 ◽  
Yeongjun Jang ◽  
Milovan Suvakov ◽  
Taejeong Bae ◽  
Liana Fasching ◽  

Accurate discovery of somatic mutations in a cell is a challenge that partially lays in immaturity of dedicated analytical approaches. Approaches comparing cell’s genome to a control bulk sample miss common mutations, while approaches to find such mutations from bulk suffer from low sensitivity. We developed a tool, All 2, which enables accurate filtering of mutations in a cell from exhaustive comparison of cells’ genomes to each other without data for bulk(s). Based on all pair-wise comparisons, every variant call (point mutation, indel, and structural variant) is classified as either a germline variant, mosaic mutation, or false positive. As All 2 allows for considering dropped-out regions, it is applicable to whole genome and exome analysis of cloned and amplified cells. By applying the approach to a variety of available data, we showed that its application reduces false positives, enables sensitive discovery of high frequency mutations, and is indispensable for conducting high resolution cell lineage tracing. All 2 is freely available at https://github.com/abyzovlab/All2 .

Sign in / Sign up

Export Citation Format

Share Document