Runtime Detection of Zero-Day Vulnerability Exploits in Contemporary Software Systems

Pieczul, Olgierd; Foley, Simon N.

doi:10.1007/978-3-319-41483-6_24

Cited by 9 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This compromise allows the attacker to inject malicious code into the software or hardware [16], leading to the infection of downstream components in the supply chain. Another common threat is the exploitation of zero-day vulnerabilities in software (ZDS) [47], [48]. Zero-day vulnerabilities refer to unknown vulnerabilities in software that are not yet patched or mitigated by the software vendor.…”

Section: A Supply Chainsmentioning

confidence: 99%

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Tan,

Marnerides,

Anagnostopoulos

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

Section: A Supply Chainsmentioning

confidence: 99%

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Tan,

Marnerides,

Anagnostopoulos

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…However, discovering the other types of vulnerabilities in an automated way is a field that has not been explored yet in depth [4]. As we can observe in the cases of Apache Struts [5], Shellshock [6], and Heartbleed [2], security design flaws do not affect the functionality of software systems, but they can cause serious security accidents such as remote code executions [7][8][9]. However, these vulnerabilities are difficult to detect and there have not been many research efforts conducted to develop effective, automated approaches that can find such security vulnerabilities [10].…”

Section: Introductionmentioning

confidence: 99%

SMINER: Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases

Sim¹,

Yi²,

Cho³

2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Despite the advances in automated vulnerability detection approaches, security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems. Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage. Therefore, it is an essential task to discover unrestricted and misimplemented behaviors of a system. However, it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in detail. Also, most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities. This paper proposes SMINER, a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors. SMINER first collects unit test cases for the target system from the official repository. Next, preprocess the collected code fragments. SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing. To demonstrate the effectiveness of SMINER, this paper evaluates SMINER against Robot Operating System (ROS), a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration (NASA). From the evaluation, we discovered two real-world vulnerabilities in ROS.

show abstract

“…System calls are a widely used feature for this [12,13]. Anomaly detection systems are highly interesting in this context, specially to fight against zero-day attacks and vulnerability exploitation [14].…”

Section: Introductionmentioning

confidence: 99%

Anomaly‐based exploratory analysis and detection of exploits in android mediaserver

et al. 2018

View full text Add to dashboard Cite

show abstract

Runtime Detection of Zero-Day Vulnerability Exploits in Contemporary Software Systems

Cited by 9 publications

References 18 publications

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

SMINER: Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases

Anomaly‐based exploratory analysis and detection of exploits in android mediaserver

Contact Info

Product

Resources

About