Login | Register

Common Attack Surface Detection


Common Attack Surface Detection

Xin, Yue (2018) Common Attack Surface Detection. Masters thesis, Concordia University.

[thumbnail of Xin_MASc_W2018.pdf]
Text (application/pdf)
Xin_MASc_W2018.pdf - Accepted Version
Available under License Spectrum Terms of Access.


In the current software development market, many software is being developed using a copy-paste mechanism with little to no change made to the reused code. Such a practice has the potential of causing severe security issues since one fragment of code containing a vulnerability may cause the same vulnerability to appear in many other software with the same cloned fragment. The concept of relying on software diversity for security may also be compromised by such a trend, since seemingly different software may in fact share vulnerable code fragments. Although there exist efforts on detecting cloned code fragments, there lack solutions for formally characterizing the specific impact on security.

In this thesis, we revisit the concept of software diversity from a security viewpoint. Specifically, we define the novel concept of common attack surface to model the relative degree to which a pair of software may be sharing potentially vulnerable code fragments. To implement the concept, we develop an automated tool, Dupsec, in order to efficiently identify common attack surface between any given pair of software applications with minimum human intervention. Finally, we conduct experiments by applying our tool to a large number of open source software. Our results demonstrate many seemingly unrelated real-world software indeed share significant
common attack surface.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Xin, Yue
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:26 March 2018
Thesis Supervisor(s):Wang, Lingyu
ID Code:983612
Deposited By: YUE XIN
Deposited On:11 Jun 2018 03:07
Last Modified:01 Dec 2019 01:00
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top