Skip to main content
notice

Master Thesis Defense - March 2, 2018: Common Attack Surface Detection

February 22, 2018
|


 

Yue Xin

Friday, March 2, 2018 at 10:00 a.m.
Room EV011.119

You are invited to attend the following M.A.Sc. (Information Systems Security) thesis examination.

Examining Committee

Dr. Y. Zeng, Chair
Dr. L. Wang, Supervisor
Dr. W. Lucia, CIISE Examiner
Dr. J.X. Zhang, External Examiner (ECE)

Abstract

In the current software development market, many software is being developed using a copy-paste mechanism with little to no change made to the reused code. Such a practice has the potential of causing severe security issues since one fragment of code containing a vulnerability may cause the same vulnerability to appear in many other software with the same cloned fragment. The concept of relying on software diversity for security may also be compromised by such a trend, since seemingly different software may in fact share vulnerable code fragments. Although there exist efforts on detecting cloned code fragments, there lack solutions for formally characterizing the specific impact on security.

In this thesis, we revisit the concept of software diversity from a security viewpoint. Specifically, we define the novel concept of common attack surface to model the relative degree to which a pair of software may be sharing potentially vulnerable code fragments. To implement the concept, we develop an automated tool, Dupsec, in order to efficiently identify common attack surface between any given pair of software applications with minimum human intervention. Finally, we conduct experiments by applying our tool to a large number of open source software. Our results demonstrate many seemingly unrelated real-world software indeed share significant common attack surface.

 

Graduate Program Coordinators

For more information, contact Silvie Pasquarelli or Mireille Wahba.




Back to top

© Concordia University