Advertisement

Cybernetics and Systems Analysis

, Volume 55, Issue 5, pp 840–850 | Cite as

An Overview of the Modern Methods of Security and Protection of Software Systems

  • O. O. LetychevskyiEmail author
  • V. S. Peschanenko
  • Y. V. Hryniuk
  • V. Yu. Radchenko
  • V. M. Yakovlev
SOFTWARE–HARDWARE SYSTEMS
  • 9 Downloads

Abstract

Security and protection of software resources are one of the most important issues in the IT industry since attackers’ actions become increasingly sophisticated and losses caused by cyberattacks are growing. Traditional methods of cyberattack prevention become inefficient; therefore, development of new methods and tools to secure software resources becomes of essential need. The studies that are based on formal methods with the use of modern algebraic theories are especially interesting and promising.

Keywords

algebraic modeling behavior algebra cybersecurity insertion programming formal methods symbolic methods symbolic modeling vulnerability detection 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Cybercrime Magazine. URL: https://cybersecurityventures.com/.
  2. 2.
    Nwokedi Idika and Aditya P. Mathur, A Survey of Malware Detection Techniques, Department of Computer Science, Purdue University, West Lafayette, IN 47907 (2007).Google Scholar
  3. 3.
  4. 4.
    Check Point Software Technologies Ltd., Software Blade Architecture. URL: https://ww.checkpoint.com/downloads/product-related/brochure/Software-Blades-Architecture.pdf.
  5. 5.
    DARPA, “Cyber Grand Challenge.” URL: https://www.cybergrandchallenge.com/.
  6. 6.
    S. K. Cha, T. Avgerinos, A. Rebert, and D. Brumley, “Unleashing Mayhem on binary code,” Proc. IEEE Symp. on Security and Privacy (2012), pp. 380–394.Google Scholar
  7. 7.
    A. Nguyen-Tuong, D. Melski, J. W. Davidson, M. Co, W. Hawkins, J. D. Hiser, D. Morris, D. Nguen, and E. Rizzi, “Xandra: An autonomous cyber battle system for the cyber grand challenge,” IEEE Security & Privacy, Vol. 16, No. 2, 42–53 (2008).CrossRefGoogle Scholar
  8. 8.
    Mechaphish Github Repository. URL: https://github.com/mechaphish/mecha-docs.
  9. 9.
    American Fuzzy Lop. URL: http://lcamtuf.coredump.cx/afl/.
  10. 10.
    B. Kolosnjaji, A. Zarras, G. Webster, and C. Eckert, “Deep learning for classification of malware system call sequence,” AI 2016: Advances in Artificial Intelligence, Proc. 29th Australasian Joint Conference, Hobart, TAS, Australia, December 5–8 (2016), pp. 137–149.Google Scholar
  11. 11.
    M. Cova, V. Felmetsger, and G. Banks, “Static detection of vulnerabilities in x86 executables,” 22nd Annual Computer Security Applications Conference (ACSAC’06) (2006).  https://doi.org/10.1109/ACSAC.2006.50.
  12. 12.
    M. Mouzarani, B. Sadeghiyan, and M. Zolfaghari, “Detecting injection vulnerabilities in executable codes with concolic execution,” Proc. 8th IEEE Intern. Conf. on Software Engineering and Service Science (ICSESS) (2017).  https://doi.org/10.1109/ICSESS.2017.8342862.
  13. 13.
    S. K. Cha, T. Avgerinos, A. Rebert, and D. Brumley, “Unleashing MAYHEM on binary code,” SP’12 Proc. IEEE Symp. on Security and Privacy (2012).  https://doi.org/10.1109/SP.2012.31.
  14. 14.
    Z. Li, D. Zou, S. Xu, H. Jin, H. Qi, and J. Hu, “Vulpecker: An automated vulnerability detection system based on code similarity analysis,” Proc. 32nd Annual Conf. on Computer Security Applications, ACSAC’16 (2016), pp. 201–213.Google Scholar
  15. 15.
    H. Flake, “Structural comparison of executable objects,” Proc. IEEE Conf. on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) (2004), pp. 161–173.Google Scholar
  16. 16.
    G. Lee, “How to formally model features of network security protocols,” Intern. J. of Security and Its Applications, Vol. 8, No. 1, 423–432 (2014). URL: formal.hknu.ac.kr/Publi/ijsia.pdf.CrossRefGoogle Scholar
  17. 17.
    J. Dodds, “Formal methods and the KRACK vulnerability,” Galois Inc. (2017). URL: https://galois.com/blog/2017/10/formal-methods-krack-vulnerability/.
  18. 18.
    J.-S. Coron, “Formal verification of side-channel countermeasures via elementary circuit transformations,” Proc. 16th Intern. Conf., ACNS 2018, Leuven, Belgium, July 2–4 (2018), pp. 65–82. URL: https://eprint.iacr.org/2017/879.pdf/.
  19. 19.
    S. Jha, O. Sheyner, and J. Wing, “Two formal analyses of attack graphs,” Proc. 15th IEEE Computer Security Foundations Workshop (2002). URL: https://ieeexplore.ieee.org/document/1021806.
  20. 20.
    K. Bhargavan et al., “Formal methods for analyzing crypto protocols: Using legacy crypto: From attacks to proofs,” URL: https://cyber.biu.ac.il/wp-content/uploads/2018/02/Biu-bhargavan-part1-slides.pdf.
  21. 21.
    V. Ferman, D. Hutter, and R. Monroy, “A model checker for the verification of browser based protocols,” Comp. y Sist. Vol. 21, No. 1 (2017). URL: http://www.scielo.org.mx/pdf/cys/v21n1/1405-5546-cys-21-01-00101.pdf.
  22. 22.
    M. Bugliesi, S. Calzavara, and R. Focardi, “Formal methods for web security,” Universitá Ca’ Foscari Venezia. URL: https://www.researchgate.net/publication/308004472_Formal_methods_for_Web_security.
  23. 23.
    L. Tobarra, D. Cazorla, F. Cuartero, and G. Diaz, “Application of formal methods to the analysis of web services security,” URL: https://www.semanticscholar.org/paper/Application-of-formal-methods-to-the-analysis-of-tobarra-cazorla/544d181da33da5439efcf49f31d50116355410d9.
  24. 24.
    D. Ray and J. Ligatti, “Defining injection attacks,” Technical Report #CSE-TR-081114, University of South Florida, Department of Computer Science and Engineering. URL: http://www.cse.usf.edu/~ligatti/papers/broniestr.pdf.
  25. 25.
    S. Calzavara, “Formal methods for web session security,” Universitá Ca’ Foscari Venezia, Dipartimento di Scienze Ambientali, Informatica e Statistica. URL: http://sysma.imtlucca.it/cina/lib/exe/fetch.php?media=calzavara.pdf.
  26. 26.
    C. Bansal, K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis, “Keys to the cloud: Formal analysis and concrete attacks on encrypted web storage,” URL: http://antoine.delignat-lavaud.fr/doc/post13.pdf. URL: https://hal.inria.fr/hal-00863375/file/keys-to-the-cloud-post13.pdf/.
  27. 27.
    D. Gilbert and A. Letichevsky, “Model for interaction of agents and environments,” in: Bert D., Choppy C. (Eds.).Recent Trends in Algebraic Development Technique, Wadt 1999. LNCS, Vol. 1827, Springer-Verlag, Berlin–Heidelberg (2000), pp. 311–328.Google Scholar
  28. 28.
    A. Letichevsky, O. Letychevskyi, and V. Peschanenko, “Insertion modeling and its applications,” Computer Sci. J. of Moldova, Vol. 24, Issue 3, 357–370 (2016).MathSciNetzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  • O. O. Letychevskyi
    • 1
    Email author
  • V. S. Peschanenko
    • 2
  • Y. V. Hryniuk
    • 1
  • V. Yu. Radchenko
    • 3
  • V. M. Yakovlev
    • 1
  1. 1.V. M. Glushkov Institute of Cybernetics, National Academy of Sciences of UkraineKyivUkraine
  2. 2.Kherson Sate UniversityKhersonUkraine
  3. 3.Garuda AIKyivUkraine

Personalised recommendations