Xin, Yue (2018) Common Attack Surface Detection. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
3MBXin_MASc_W2018.pdf - Accepted Version Available under License Spectrum Terms of Access. |
Abstract
In the current software development market, many software is being developed using a copy-paste mechanism with little to no change made to the reused code. Such a practice has the potential of causing severe security issues since one fragment of code containing a vulnerability may cause the same vulnerability to appear in many other software with the same cloned fragment. The concept of relying on software diversity for security may also be compromised by such a trend, since seemingly different software may in fact share vulnerable code fragments. Although there exist efforts on detecting cloned code fragments, there lack solutions for formally characterizing the specific impact on security.
In this thesis, we revisit the concept of software diversity from a security viewpoint. Specifically, we define the novel concept of common attack surface to model the relative degree to which a pair of software may be sharing potentially vulnerable code fragments. To implement the concept, we develop an automated tool, Dupsec, in order to efficiently identify common attack surface between any given pair of software applications with minimum human intervention. Finally, we conduct experiments by applying our tool to a large number of open source software. Our results demonstrate many seemingly unrelated real-world software indeed share significant
common attack surface.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
---|---|
Item Type: | Thesis (Masters) |
Authors: | Xin, Yue |
Institution: | Concordia University |
Degree Name: | M.A. Sc. |
Program: | Information Systems Security |
Date: | 26 March 2018 |
Thesis Supervisor(s): | Wang, Lingyu |
ID Code: | 983612 |
Deposited By: | YUE XIN |
Deposited On: | 11 Jun 2018 03:07 |
Last Modified: | 01 Dec 2019 01:00 |
Repository Staff Only: item control page