Vulnerability remediation is a critical task in operational software and network security management. In this paper, an effective vulnerability management strategy, called VULCON (VULnerability CONtrol), is developed and evaluated. The strategy is based on two fundamental performance metrics: i). Time-to-Vulnerability Remediation (TVR) and; ii). Total Vulnerability Exposure (TVE). VULCON takes as input real vulnerability scan reports, metadata about the discovered vulnerabilities, asset criticality, and personnel resources. VULCON uses a mixed integer multi-objective optimization algorithm to prioritize vulnerabilities for patching, such that the above performance metrics are optimized subject to the given resource constraints. VULCON has been tested on multiple months of real scan data from a Cyber-Security Operations Center (CSOC). Results indicate an overall Total Vulnerability Exposure reduction of 8.97\% when VULCON optimizes a realistic security analyst workforce's effort. Additionally, we show how VULCON can determine monthly resources required to maintain a target TVE score. As such, VULCON provides valuable operational guidance for improving vulnerability response processes in CSOCs.
Virtualization-based memory isolation has been widely used as a security primitive in various proposed security systems. Driven by the prevalence of multicore platforms, we first conduct an in-depth analysis of the effectiveness of memory isolation in the multicore setting. Our study reveals that memory isolation by itself is inadequate for security since its design defects can be exploited by the malicious thread running in parallel with the protected thread. We then propose a new isolation approach. In our design, the hypervisor constructs a fully isolated micro-computing environment (FIMCE) that exposes a minimal attack surface to an untrusted OS on a multicore platform. By virtue of its architectural niche, FIMCE offers stronger security assurance and greater versatility than memory isolation. FIMCE features a flexible and composable environment and supports I/O operations, expanding the range of suitable applications. We have built a prototype of FIMCE with a bare-metal hypervisor. To show the benefits of using FIMCE as a building block, we have also implemented four applications which are difficult to construct with strong security by using the current virtualization-based isolation method.
We propose a new approach to conduct static analysis for security vetting of Android apps, and built a general framework, called Amandroid for determining points-to information for all objects in an Android app in a flow and context-sensitive (user-configurable) way across Android apps components. In particular, Amandroid performs data flow and data dependence analysis for each component of the input app. Amandroid also tracks the inter-component communication activities. Amandroid can stitch the component-level information into the app-level information to perform intra-app and inter-app analysis. In this paper, (a) we show that the aforementioned type of comprehensive app analysis is completely feasible in terms of computing resources with modern hardware, (b) we demonstrate that one can easily leverage the results from this general analysis to build various types of specialized security analyses in many cases the amount of additional coding needed is around 100 lines of code, and (c) the result of those specialized analyses leveraging Amandroid is at least on par and often exceeds prior works designed for the specific problems, which we demonstrate by comparing Amandroids results with those of prior works whenever we can obtain the executable of those tools. Since Amandroids analysis directly handles inter-component control and data flows, it can be used to address security problems that result from interactions among multiple components from either the same or different apps.
The significant growth of banking frauds, fueled by the underground economy of malware, raised the need for effective detection systems. Therefore, in last the years, banks have upgraded their security measures to protect transactions from frauds. State-of-the-art solutions detect frauds as deviations from customers spending habits. Unfortunately, almost all existing approaches do not provide an in-depth accuracy and security analysis. Also, the development of such methods is stifled by limited banking data availability for the scientific community. In this paper, we examine Banksealer, a decision support system for banking fraud analysis, evaluating the influence on the detection quality of the granularity at which the spending habits are modeled and its security against evasive attacks. First, we compare user-centric modeling, which builds a model for each user, with system-centric modeling, which builds a model for the entire system. We show advantages and disadvantages of the two modeling strategies from the point of view of the detection effectiveness. Then, we assess the robustness of Banksealer against malicious attackers that are aware of the structure of the models in use. To this end, we design and implement a proof-of-concept attack tool that performs mimicry attacks, emulating a sophisticated attacker that cloaks frauds to avoid detection. We experimentally confirm the feasibility of such attacks, their cost and the effort required to an attacker in order to perform them. In addition, we discuss possible countermeasures. We provide a comprehensive evaluation on a large, real-world dataset obtained from one of the largest Italian banks.
Data usage control provides mechanisms for data owners to remain in control over how their data is used after it has been accessed. We address distributed aspects of this problem, which arise if the protected data resides within multiple systems. While policies can then intuitively be enforced by a centralized infrastructure, such a solution comes with inherent drawbacks. We thus contribute by formalizing, implementing, and evaluating a solution that (i) generically and transparently tracks protected data across systems, (ii) propagates data usage policies along, and (iii) efficiently and preventively enforces those policies in a fully decentralized manner. Our evaluation shows that the overhead introduced for data flow tracking and policy propagation is negligible. It further reveals that our decentralized solution to enforce policies is superior to a centralized approach in many situations.
Managing passwords is a difficult task for users, who must create, remember, and keep track of large numbers of passwords. In this work, we investigated users' coping strategies for password management. Through a series of interviews, we identified a "life cycle" of password use and find that users' central task in coping with their passwords is rationing their effort to best protect their important accounts. We followed up this work by interviewing experts about their password management practices, and found that although experts rely on the same kinds of coping strategies as non-experts, their increased situation awareness of security allows them to better ration their effort into protecting their accounts. Finally, we conducted a survey study to explore how the life cycle model generalizes to the larger population and find that the life cycle and rationing patterns can be seen in the broader population.