• No results found

Tool-based Approaches to Software Security. Prof. Dr. Eric Bodden Andreas Follner

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Tool-based Approaches to Software Security. Prof. Dr. Eric Bodden Andreas Follner"

Copied!
43
0
0

Loading.... (view fulltext now)

Download now ( 43 Page )

Full text

(1)

Tool-based Approaches to Software Security

Prof. Dr. Eric Bodden

Andreas Follner

(2)

Outline

• General Information

• Timeline

• Term Paper / Review / Talk

• Grading

• Next Steps

• Topics

(3)

General Information

• Purpose of this seminar

– Introduce students to the core techniques of scientific work

– Give a scientific talk

– Process of writing and publishing research papers

– Review a paper

(4)

Timeline

• Topics assigned April 22

• Paper submission May 29

• Review submission June 5

• Feedback meetings June 8 - 19

• Camera ready June 26

• Talks July 2

(5)

Term Paper

• Find further references

• Explain technologies using your own words

• Use your own example throughout

• About 6 pages (not a lot don‘t waste much space on basics)

– 8 pages / 2 students; 10 pages / 3 students

(6)

Review

• Summary of the paper(s)

– To show that you understood it

• Suggestions for the author, regarding content and presentation

– Be realistic and concrete

• List positive and negative points

– Be honest and critical! Used to grade YOU, not the

person who wrote the paper.

(7)

Talk

• Blockseminar

• 15 minutes / person (+ 10 minutes for each

additional person)

(8)

Grading

• 40% talk

• 40% paper

• 20% reviews

• Participation in the discussion following the

talks will also be considered

(9)

Next Steps

• Choose topics

– Write a list of your 3 favourite topics (ordered by preference)

– Send me an email ([email protected]) including the list and your name

– Deadline: April 19

• Check the details on the course website

• Topics will be assigned

– We provide you some references as a starting point

(10)

Topics

(11)

Inspecting Google Android for Work

Advisor: Stephan Huber

(12)

Android for Work

• Google smartphone enterprise solution:

– BYOD solution, private and work isolation – System integration and container solution – Special application store

• Research and sum up information about Android for Work – New programing guidelines and policy rules

– Collect information (and examine) system integration

– Give an overview of the Administration and Service system – …

(13)

Android for Work

• Main site for customers: http://www.android.com/work/

and https://www.google.com/work/android

• Developer Guide:

https://developer.android.com/training/enterprise/index .html

• Organisation-specific "instances" of Google Play:

https://support.google.com/a/answer/2494992?hl=de

(14)

Android Malware Evolution

Advisor: Siegfried Rasthofer

(15)

EASY -> Highly Sophisticated

(16)

Requirements: Good Security Background, good knowledge about malware engineering in

general

• Identify the evolution of Android Malware Development

• What will be added in the future?

(17)

An Evaluation of Anti-Analysis

Techniques in Android Applications

Advisor: Siegfried Rasthofer

(18)
(19)

Requirements: Good Security Background, good knowledge about malware engineering in general

1. Identify all the popular anti-analysis techniques 2. Think about possible metrics for evaluating the

effectiveness of such techniques

3. Apply the metrics to the popular anti-analysis

techniques

(20)

An Evaluation of Android Reverse Engineering Frameworks

Advisor: Siegfried Rasthofer

(21)
(22)

Requirements: Android Development + Security Background

• Includes practical hands-on

1. Get familiar with open-source and commercial Reverse Engineering Frameworks

2. Come up with a feature list

3. Evaluate the frameworks based on the feature

list

(23)

Enemy Beyond the Gates: A Study on Intrusion Detection and

Honeypots

Advisor: Kevin Falzon

(24)

A study on intrusion detection and

honeypots

(25)

A study on intrusion detection and

honeypots

(26)

A study on intrusion detection and honeypots

• Look into the various techniques used in detecting and fingerprinting attacks

– Both deployed and experimental

• Compare effectiveness, efficiency, strengths and weaknesses

• Write down findings

(27)

Automatic Exploit Generation

Advisor: Mauro Baluda

(28)

Automated Exploit Generation

Automated Exploit Generation promises to

reduce the cost of assessing software security.

• Goal: Exhibit program inputs that trigger vulnerabilities (exploitability witnesses).

• Approach: Combine techniques from security

analysis with automatic test case generation.

(29)

Automated Exploit Generation

Review the state of the research:

• Assumptions, Strengths, Limitations

• Propose a classification

• Evaluate the related tools when available

Suggest future research directions

(30)

Automated Exploit Generation

• Starting points:

http://security.ece.cmu.edu/aeg/aeg-current.pdf https://github.com/SQLab/CRAX

http://bitblaze.cs.berkeley.edu/papers/apeg.pdf

(31)

Defense Mechanisms Against Collusion Attacks

Advisor: Alexandre Bartel

(32)

Defense Mechanisms Against Collusion

Attacks

(33)

Collusion Attack

(34)

Your Job

Search for, describe and evaluate

existing solutions to detect and/or prevent application collusion. A solution could be, for

example, a tool to analyze Android applications or a modification of the Android framework.

Suggested number of students: 1-3

(35)

CFI vs ROP

Advisor: Andreas Follner

(36)

CFI vs ROP

• Control-flow integrity (CFI) seemed to be the solution against return-oriented programming (ROP) attacks

• CFI

– Compute control-flow graph ahead of time

(binaries, no source code, debugging symbols, etc.)

– Instrument vulnerable program (statically or

dynamically) to force it to stay on precomputed

paths

(37)

CFI vs ROP

• Problem: approaches sacrifice security for

performance less gadgets but still enough for ROP

• Aim: compare current approaches, find

vulnerable points, make suggestions for

improvement

(38)

ROP vs ARM

Advisor: Andreas Follner

(39)

ROP vs ARM

• Return-oriented programming (ROP) #1 exploitation technique on Windows/x86

• What‘s the situation on Android/ARM?

(40)

ROP vs ARM

• What‘s the situation on Android/ARM?

– Real-world exploits in real malware or rather academic?

– Are there any mitigation techniques?

(except for ASLR)

(41)

Evaluating ROP Gadget Finders

Advisor: Andreas Follner

(42)

Evaluating ROP Gadget Finders

• Differences of various gadget finders regarding

– Performance – Configurability

– Automatic payload-creation – …

• In-depth knowledge about ROP essential!

(43)

Questions?

• Contact: [email protected]

• Course information: http://sseblog.ec- spride.de/teaching/tss/

Dates

Paper submission May 29

Review submission June 5

Feedback meetings June 8 - 19

Camera ready June 26

Talks July 2

References

Download now ( PDF - 43 Page - 798.63 KB )

Related documents

Gridlock, innovation and resilience in global health governance.

Type of governance innovation HIV/AIDS Ebola AMR General/Other Creation of new institutions and governance arrangements New institutions and partnerships : UNAIDS, GFATM, Unitaid PDPs

Novice Java Programming Mistakes: Large-Scale Data vs. Educator Beliefs

Our most surprising result was that an educator’s level of experience (as measured by years as an educator, years teaching introductory programming in any language, or years

GRUNDFOS INSTRUCTIONS. DME, A (2-48 l/h) Installation and operating instructions

Monitor doziranja je namenjen da nadgleda doziranje te č nosti koje može da bude prekinuto nagomilavanjem gasa u glavi doziranja, zaustavi proces doziranja iako pumpa radi.. Za

Welcome! You ve come to the right place to learn more about a great education savings plan!

D Attrition value is the term that applies to the share of pooled income that remains in the Heritage Plans after any Beneficiaries in the same group do not qualify for payments.

Mental healthcare pathways for urban Aboriginal children

The second Australian Child and Adolescent Survey of Mental Health and Wellbeing, one of the most current and comprehensive documents concerning the mental health of young people

A review of the Eighth District's banking economy in 1986

Areas that merit particular attention in analyzing risk are the loan and investment portfolios, the level of liquid assets in rela- tion to total assets, the volume and nature of

Review of employee benefits and expenses: final report

2.26 If the income tax exemption was to be applied more widely to termination payments in general, this should remove the current need for employers (and HMRC) to separate out and

Brazilian Perspectives on the 2014 FIFA World Cup and the 2016 Olympic Games

Brazilian Perspectives on the 2014 FIFA World Cup and the 2016 Olympic Games.. Kishan Patel University