23,627 Hits in 5.1 sec

Finding Security Vulnerabilities in Network Protocol Implementations [article]

Kaled Alshmrany, Lucas Cordeiro
2020 arXiv   pre-print
Our experimental results show that ESBMC can be further developed within our verification framework called FuSeBMC, to efficiently and effectively detect intricate security vulnerabilities in network protocol  ...  Finding practical approaches for checking the security of network protocol implementations has proven to be a challenging problem.  ...  Techniques such as fuzzing [20] , symbolic execution [16] , static code analysis [12] , and taint tracking [22] are the most common techniques to detect security vulnerabilities in network protocol  ... 
arXiv:2001.09592v1 fatcat:gwhsnn23ircg7cikfkksdir6ui

Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey [article]

Purathani Praitheeshan, Lei Pan, Jiangshan Yu, Joseph Liu, Robin Doss
2020 arXiv   pre-print
And we have explored many software tools to detect the security vulnerabilities of smart contracts in terms of static analysis, dynamic analysis, and formal verification.  ...  We also investigated the limitations of the tools or analysis methods with respect to the identified security vulnerabilities of the smart contracts.  ...  We thank to Loi Luu, Antoine Delignat-Lavaud, Ivica Nikolić and Yuxiao Zhu for their coordination.  ... 
arXiv:1908.08605v3 fatcat:c3byi3iubfacpbgt4uh3xts5oq

ForASec: Formal Analysis of Security Vulnerabilities in Sequential Circuits [article]

Faiq Khalid, Imran Hafeez Abbassi, Semeen Rehman, Awais Mehmood Kamboh, Osman Hasan, Muhammad Shafique
2021 arXiv   pre-print
We analyze multiple ISCAS89 and trust-hub benchmarks to demonstrate the efficacy of our framework in identifying security vulnerabilities.  ...  Security vulnerability analysis of Integrated Circuits using conventional design-time validation and verification techniques (like simulations, emulations, etc.) is generally a computationally intensive  ...  ACKNOWLEDGMENT This work is supported in parts by the Austrian Research Promotion Agency (FFG) and the Austrian Federal Ministry for Transport, Innovation, and Technology (BMVIT) under the ICT of the Future  ... 
arXiv:1812.05446v3 fatcat:qjcwkhsegnegpmatzckak3fedm

Emerging Threats and Vulnerabilities [chapter]

Malcolm Harkins
2013 Managing Risk and Information Security  
Some of these hybrid attacks have shown they can circumvent new security features.  ...  Interoperability between programs has resulted in a new category of hybrid attacks where malicious objects are concealed in innocent-looking ones to thwart detection.  ... 
doi:10.1007/978-1-4302-5114-9_6 fatcat:7zxrpnshlnh7pgfjbi4dzega7e

A Review on C3I Systems' Security: Vulnerabilities, Attacks, and Countermeasures [article]

Hussain Ahmad, Isuru Dharmadasa, Faheem Ullah, M. Ali Babar
2022 arXiv   pre-print
Furthermore, our survey has enabled us to: (i) propose a taxonomy for security vulnerabilities, attack vectors and countermeasures; (ii) interrelate attack vectors with security vulnerabilities and countermeasures  ...  Consequently, cyber adversaries leverage highly sophisticated attack vectors to exploit security vulnerabilities in C3I systems.  ...  ACKNOWLEDGMENTS The work has been supported by the Cyber Security Research Centre Limited whose activities are partially funded by the Australian Government's Cooperative Research Centres Programme.  ... 
arXiv:2104.11906v2 fatcat:nvz3bssy55fwlcwqzkd7n3zism

An Automated Vulnerability Detection and Remediation Method for Software Security

Jeesoo Jurn, Taeeun Kim, Hwankuk Kim
2018 Sustainability  
We propose an automated vulnerability detection method based on binary complexity analysis to prevent a zero-day attack.  ...  This paper introduces a trend of techniques and tools related to automated vulnerability detection and remediation.  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/su10051652 fatcat:752sfczsgrdwniw4nlez6jfzaq

Availability Assessment of Embedded Systems with Security Vulnerabilities

Andrew J. Kornecki, Janusz Zalewski, Wendy F. Stevenson
2011 2011 IEEE 34th Software Engineering Workshop  
The results of the study obtained for availability assessment due to security lapses show that a modeling technique may be used to evaluate the need for appropriate mitigation mechanisms allowing the system  ...  to withstand the attacks still assuring desired level of availability.  ...  on the level of security to be applied.  ... 
doi:10.1109/sew.2011.12 dblp:conf/sew/KorneckiZS11 fatcat:jtbnsss6gfgx3lmnq6jid6ws6u

Understanding the Quality of Container Security Vulnerability Detection Tools [article]

Omar Javed, Salman Toor
2021 arXiv   pre-print
Consequently, a number of container scanning tools are available for detecting container security vulnerabilities.  ...  However, the pressing concern with the use of containers is its susceptibility to security attacks.  ...  Therefore, we recommend the usage of a hybrid approach by using metadata to find reported vulnerabilities (as identified from a vulnerability database), and by running static code analysis to detect new  ... 
arXiv:2101.03844v1 fatcat:b4p7itwnhrgwvlhjqb3gmsghj4

Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners [article]

Andrea Valenza, Gabriele Costa, Alessandro Armando
2020 arXiv   pre-print
We developed a working prototype, called RevOK, and we applied it to 78 scanning systems. Out of them, 36 were found vulnerable to XSS.  ...  The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location.  ...  Conclusion In this paper we introduced a new methodology, based on a novel attacker model, to detect vulnerabilities in scanning systems.  ... 
arXiv:2006.09769v1 fatcat:lyaiuqd5yvamnods5n7j4ci6fa

Applied Vulnerability Detection System

Jeffrey Smith, Basil Krikeles, David K. Wittenberg, Mikael Taveniku
2015 2015 IEEE International Symposium on Technologies for Homeland Security (HST)  
In [1], we presented a Vulnerability Detection System (VDS) that can detect emergent vulnerabilities in complex Cyber Physical Systems (CPS).  ...  With a combination of simulation and vehicle instrumented real-time execution, the AAEP confirms each candidate attack. The AAEPs output is used as feedback to refine the Alloy model.  ...  Attack-Centric Analysis and Context The common bottom-up technology-centric perspective promoted by security researchers comes at the expense of understanding how a hacker discovers and exploits vulnerabilities  ... 
doi:10.1109/ths.2015.7225296 fatcat:zw4qmuz3j5dxlp577dp3sqfrfq

The Current and Future of Software Securities and Vulnerabilities

Cuixue Zhang, Meijiao Zhou, Yalian Xie, Xiangli Li
2014 Journal of Software Engineering and Applications  
And then the testing professors take which kinds of methods to test the software with white-box testing or black-box testing to discover the vulnerabilities and flaws.  ...  At the same time, the paper gives some examples to demonstrate why the security of software is pretty important and what we should do to secure that.  ...  The testing site has to analyse the execution trace for vulnerabilities detection. We organize the bit sequences of tested execution paths as a binary decision tree (BDT).  ... 
doi:10.4236/jsea.2014.71001 fatcat:pz77momuw5buvg7z26dnz4ezoi

SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns' Detection

Amir Ali, Zain Ul Abideen, Kalim Ullah, Farhan Ullah
2021 Security and Communication Networks  
Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns.  ...  To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries.  ...  To secure the SC and detect its security vulnerabilities before deployment to blockchain, many researchers have contributed to the static and dynamic analysis of SC.  ... 
doi:10.1155/2021/2897565 fatcat:7gt5efmez5dsph6yezpx5p2xju

A novel hybrid method to analyze security vulnerabilities in Android applications

Junwei Tang, Ruixuan Li, Kaipeng Wang, Xiwu Gu, Zhiyong Xu
2020 Tsinghua Science and Technology  
In addition, our dynamic analysis can be extended to detect more types of vulnerabilities.  ...  We propose a novel hybrid method to analyze the security vulnerabilities in Android applications.  ...  However, the dynamic analysis is not only expensive but also difficult to detect certain types of security vulnerabilities. Our hybrid method can avoid these shortcomings.  ... 
doi:10.26599/tst.2019.9010067 fatcat:udxcnk7pona7rnakt5weqxup5i

Extracting Information about Security Vulnerabilities from Web Text

Varish Mulwad, Wenjia Li, Anupam Joshi, Tim Finin, Krishnamurthy Viswanathan
2011 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology  
The Web is an important source of information about computer security threats, vulnerabilities and cyberattacks.  ...  We present initial work on developing a framework to detect and extract information about vulnerabilities and attacks from Web text.  ...  ACKNOWLEDGMENT This work was partially supported by an grant from the Air Force Office of Scientific Research (MURI FA9550-08-1-0265) and a gift from Northrop Grumman Corporation.  ... 
doi:10.1109/wi-iat.2011.26 dblp:conf/iat/MulwadLJFV11 fatcat:jp7ze5bxergtrh5fsjxsiombva

Secure Coding Practices in Java: Challenges and Vulnerabilities [article]

Na Meng, Stefan Nagy, Daphne Yao, Wenjie Zhuang, Gustavo Arango Argoty
2017 arXiv   pre-print
More interestingly, we identified security vulnerabilities in the suggested code of accepted answers.  ...  However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software.  ...  Detecting Security Vulnerabilities Approaches were built to detect security vulnerabilities caused by API misuse [75, 78, 80, 81, 83, 85, 87, 94] .  ... 
arXiv:1709.09970v1 fatcat:j4m3gjblinfermu737cpheaeum
« Previous Showing results 1 — 15 out of 23,627 results