SlideShare a Scribd company logo
1 of 70
Download to read offline
Inhyuk Seo(inhack), Jisoo Park(J.Sus), Seungjoo Kim
SANE(Security Analysis aNd Evaluation) Lab
Korea University(高麗大學校)
Using the CGC’s fully automated
vulnerability detection tools in
security evaluation and its
effectiveness
Contents
• Who are we?
• Introduction
• Security Engineering, the Way to Information Assurance
• High-Assurance, the Key of CPS
• Tools for Security Testing & Evaluation
- Tools for Design Assurance / Tools for Code Assurance
• Demo (Design / Code)
• Conclusion
• Acknowledgement
• Q&A
• Reference
Who are we?
Inhyuk Seo (徐寅赫)
E-mail : jisoo8881@korea.ac.kr
Jisoo Park received his B.S (2015) in Computer Science Engineering from Dongguk University in
Korea. He worked at antivirus company Ahnlab as S/W QA trainee for 6 month. Also he
completed high-quality information security education course “Best of the Best” hosted by
KITRI(Korea Information Technology Research Institute). Now, He is a M.S course student at CIST
SANE Lab, Korea University and interested in Common Criteria, Security Engineering(Especially
Threat modeling).
Jisoo Park (朴志洙)
E-mail : inhack@korea.ac.kr
My name is Inhyuk Seo(Nick: inhack). I graduated B.S. in Computer Science and Engineering at
Hanyang University(ERICA) in 2015. Now I’m a researcher and M.S. of SANE(Security Analaysis aNd
Evaluation) Lab at Korea University. In 2012, I completed high-quality information security
education course “the Best of the Best(BoB)” hosted by KITRI(Korea Information Technology
Research Institute) and participated in many projects related with vulnerability analysis. I’m
interested in Programming Language, Software Testing, Machine Learning, Artificial Intelligence.
Seungjoo Gabriel Kim (金昇柱)
E-mail: skim71@korea.ac.kr
Homepage : www.kimlab.net
Facebook, Twitter : @skim71
Prof. Seungjoo Gabriel Kim received his B.S, M.S and Ph.D. from Sungkyunkwan University(SKKU)
of Korea, in 1994, 1996, and 1999, respectively. Prior to joining the faculty at Korea University (KU)
in 2011, he served as Assistant & Associate Professor at SKKU for 7 years. Before that, he served
as Director of the Cryptographic Technology Team and the (CC-based) IT Security Evaluation Team
of the Korea Internet & Security Agency(KISA) for 5 years. He is currently a Professor in the
Graduate School of Information Security Technologies(CIST). Also, He is a Founder and Advisory
director of hacker group, HARU and an international security & hacking conference, SECUINSIDE.
Prof. Seungjoo Gabriel Kim’s research interests are mainly on cryptography, Cyber Physical Security,
IoT Security, and HCI Security. He is a corresponding author.
Who are we?
Intro
Level of trust that it really does!
Assurance
The User’s degree of trust
in that information
Information
Assurance
Intro
Rise of the Information Assurance
Gulf War has often
been called the first
information war.
“The harbinger of IA”
1991
U.S. DoD Directive
5-3600.1 :
The first standardized
definition of IA
1996
Information Security
(INFOSEC) Era
1980 ~
“The communication network that supported Operation Desert Storm was the largest joint
theater system ever established. It was built in record time and maintained a phenomenal 98
percent availability rate. At the height of the operation, the system supported 700,000
telephone calls and 152,000 messages per day. More than 30,000 radio frequencies were
managed to provide the necessary connectivity and to ensure minimum interference.”
Debra S. Herrmann, “Security Engineering and Information Assurance”
Intro
Information Assurance
“Measures that protect and defend information and information systems by
ensuring their availability, integrity, authentication, confidentiality, and non-
repudiation. This includes providing for restoration of information systems by
incorporating protection, detection, and reaction capabilities.”
DoD Directive 8500.01E
Rise of the Information Assurance
Gulf War has often
been called the first
information war.
“The harbinger of IA”
1991
U.S. DoD Directive
5-3600.1 :
The first standardized
definition of IA
1996
Information Security
(INFOSEC) Era
1980 ~
What are the differences between
Information Security and Information Assurance?
Intro
Intro
Information Security (情報保護) Information Assurance (情報保證)
Dates Since 1980s Since 1998
Subject of protection Information and Information system Business as a whole
Goal Confidentiality, Integrity, Availability
Confidentiality, Integrity, Availability, Non-
repudiation, Accountability, Auditability,
Transparency, Cost-effectiveness, Efficiency
Type of information Primarily electronic All types
Approach
Domination of the technical approach, initial
attempts to consider soft aspects
All-encompassing multi-disciplinary
systematic approach
Security Mechanism
Primary focus is on technical security
mechanism; initial consideration of
organizational and human-oriented
mechanism
All available
(technical, organizational, human-oriented,
legal)
Role within a business
Supporting system, often inducing some
restrictions on business
An integral aspect of business, business
enabler
Flow of security
decision
Bottom-Top Top-Bottom
Intro
Information Security (情報保護) Information Assurance (情報保證)
Dates Since 1980s Since 1998
Subject of protection Information and Information system Business as a whole
Goal Confidentiality, Integrity, Availability
Confidentiality, Integrity, Availability, Non-
repudiation, Accountability, Auditability,
Transparency, Cost-effectiveness, Efficiency
Type of information Primarily electronic All types
Approach
Domination of the technical approach, initial
attempts to consider soft aspects
All-encompassing multi-disciplinary
systematic approach
Security Mechanism
Primary focus is on technical security
mechanism; initial consideration of
organizational and human-oriented
mechanism
All available
(technical, organizational, human-oriented,
legal)
Role within a business
Supporting system, often inducing some
restrictions on business
An integral aspect of business, business
enabler
Flow of security
decision
Bottom-Top Top-Bottom
Protecting information and information
systems from unauthorized access, use,
disclosure, disruption, modification, or
destruction
Validating that the information is
authentic, trustworthy, and
accessible
Security Engineering,
the Way to Information Assurance
What is Information Assurance’s Goal?
Security Engineering
Security Engineering
Goal of Information Assurance
Dependability
The ability of the system
to deliver services when
requested
Availability
The ability of the system
to deliver services as
specified
Reliability
The ability of the system
to protect itself against
accidental or deliberate
intrusion
The ability of the system
to operate without
catastrophic failure
Safety Security
Reflect the extent of the user’s confidence that
it will operate as users expects that it will not ‘fail’ in normal use
Domain Reliability Security Safety
Financial System Medium High No
DB of Medical Records Medium Medium Medium
Air Traffic Control System Medium High High
Automobile High Medium High
Defcon 23 – Charlie Miller & Chris Valasek “Remote
Exploitation of an Unaltered Passenger Vehicle”
It was ‘Low’ at first,
Security Engineering
Goal of Information Assurance
How can we achieve Information Assurance?
Security Engineering
How can we achieve Information Assurance?
Security Engineering
Security Engineering
Security Engineering is about building systems to remain dependable in the
face of malice, error and mischance. As a discipline, it focuses on the tools,
needed to design, implement and test complete systems and to adapt
existing systems as their environment evolves.
– Ross Anderson, Computer Laboratory in University of Cambridge -
What is Security Engineering?
Security Engineering
Policy
Assurance
Mechanisms
Policy Assurance
Design Assurance
Implementation Assurance
Operational Assurance
Assurance needed at all stage of
System life cycle
Ultimate Goal of Security Engineering
Security Engineering
What is Security Engineering?
Requirements Design Implementation Release Maintenance
System Engineering Life Cycle Process (ISO/IEC/IEEE 15288 : 2015)
• Business or
Mission Analysis
• Stakeholder Needs and
Requirements Definitions
• System Requirements
Definition
• Architecture
Definition
• Design Definition • System Analysis • Implementation • Integration
• Verification • Transition • Validation • Operation
• Maintenance • Disposal
Security Engineering
What is Security Engineering?
Provide Security Engineering throughout the Life Cycle
Case Study : Microsoft Security Development Life Cycle
Security Engineering
Case Study : Microsoft Security Development Life Cycle
Does it really work?
34
3
187
SQL Server 2000 SQL Server 2005 Competing
commercial DB
Total Vulnerabilities Disclosed
36 Month after Release
46%
reductio
n
119
66
400
242
157
Windows
XP
Windows
Vista
OS A OS B OS C
Total Vulnerabilities
Disclosed On year after Release
46%
reduction
After SDLBefore SDL After SDLBefore SDL
91%
reduction
Analysis by Jeff Jones(Microsoft technet security blogWindows Vista One year Vulnerability Report, Microsoft Security Blog 23 Jan 2008
Security Engineering
High-Assurance, the Key of CPS
High Assurance, the Key of CPS
What is “High-Assurance”?
High-Assurance means that it can be mathematically
proven that the system works precisely as intended and
designed.
and High-Assurance development means that
there are clear and compelling evidences in each
development phase.
What is “CPS”?
Cyber Physical Systems(CPS) are co-
engineered interacting network of
physical and computational
components. CPS will provide the
foundation of our critical infrastructure,
form the basis of emerging and future
smart services, and improve our quality
of life in many areas.
Internet of Things Cyber Physical System
AssuranceSecurity VS
High Assurance, the Key of CPS
Where “High-Assurance” needed
Information
Assurance
Security
Engineering
Critical Infrastructure
Finance
Aviation
Government
Medical
Automotive
Railway
Energy
.
.
High-
Assurance
Apply & Guarantee
High Assurance, the Key of CPS
Some standards or regulations for critical infrastructure
are not enough for achieving dependability.
• Most of them don’t have Security feature.
Domain Standard / Regulation
Road Vehicles ISO 26262
Aviation DO-178B, 178C, 254, 278A ….
Medical IEC 62304
Railways EN 50128
High Assurance, the Key of CPS
ISO/IEC 29128 and ISO/IEC 15408 have “Reliability” and “Security”
ISO 26262, DO-254 : Mainly focusing on “Safety” and “Reliability”
Standard / Regulation Assurance Level
ISO 26262 ASIL A ASIL B ASIL C ASIL D
DO-254 DAL E DAL D DAL C DAL B DAL A
ISO/IEC 29128 PAL 1 PAL 2 PAL 3 PAL 4
ISO/IEC 15408 EAL1 EAL 2 EAL 3 EAL 4 EAL 5 EAL 6 EAL 7
HighLow
High Assurance, the Key of CPS
ISO/IEC 29128 and ISO/IEC 15408 have “Reliability” and “Security”
ISO 26262, DO-254 : Mainly focusing on “Safety” and “Reliability”
Standard / Regulation Assurance Level
ISO/IEC 29128 PAL 1 PAL 2 PAL 3 PAL 4
ISO/IEC 15408 EAL1 EAL 2 EAL 3 EAL 4 EAL 5 EAL 6 EAL 7
HighLow
High Assurance, the Key of CPS
Example : ISO/IEC 29128
Verification of Cryptographic Protocol
Protocol
Assurance Level
PAL1 PAL2 PAL3 PAL4
Protocol
Specification Semiformal
description of
protocol specification
Formal description
of protocol
specification
Formal description of protocol specification
in a tool-specific specification language,
whose semantics is mathematically defined
Adversarial Model
Security Property
Self-assessment
evidence
Informal argument or
mathematically formal
paper-and-pencil
proof that the
cryptographic
protocol satisfies the
given objectives and
properties with
respect to the
adversarial model
Tool-aided bounded
verification that the
specification of the
cryptographic
protocol satisfies the
given objectives and
properties with
respect to the
adversarial model
Tool-aided
unbounded
verification that the
specification of the
cryptographic
protocol satisfies the
given objectives and
properties with
respect to the
adversarial model
Tool-aided
unbounded
verification that the
specification of the
cryptographic
protocol in its
adversarial model
achieves and satisfies
its objectives and
properties.
High Assurance, the Key of CPS
Example : Common Criteria ISO/IEC 15408
Evaluation criteria for IT security
Evaluation
Assurance Level
Description
EAL 7 Formally verified design and tested
EAL 6 Semiformally verified design and tested
EAL 5 Semiformally designed and tested
EAL 4 Methodically designed, tested, and reviewed
EAL 3 Methodically tested and checked
EAL 2 Structurally tested
EAL 1 Functionally tested
Gerwin Klein, Operating System Verification – An Overview
High Assurance, the Key of CPS
Example : Common Criteria ISO/IEC 15408
Corresponding assurance levels in ISO/IEC 29128
High Assurance, the Key of CPS
How to Get it?
• Measurable & Mathematically provable
 Formal Verification
• By using Tools
High Assurance, the Key of CPS
How to Get it?
Established in March 2012, as a Research Association, which headquarters is located in Tagajo City of
Miyagi Prefecture. CSSC’s testbed is composed of 9-types of simulated plants and it is capable to organize
cybersecurity hands-on exercises which simulate cyber attack
Control System Security Center (CSSC)
Major operation plans – System security verification
High Assurance, the Key of CPS
How to Get it?
“The goal of the HACMS program is to create technology for the construction of high-assurance cyber-
physical systems, where high assurance is defined to mean functionally correct and satisfying
appropriate safety and security properties.”
Dr. Raymond Richards, Information Innovation Office
Program Manager of HACMS
High-Assurance Cyber Military System (HACMS)
High Assurance, the Key of CPS
Tools for
Security Testing & Evaluation
Tools for Security Testing & Evaluation
Automation Tools for Hacker & Bug Hunters
• Automation Vulnerability Detection Tools developed by
hacker/bug hunter are only for the purpose of finding 0-day
(Unknown Vulnerability) easily.
Automation Tools for Evaluation
Ultimate goal of Security testing & evaluation
There are no mistakes in security testing process and
Guarantee objective analysis reports or evaluation results
Independent from evaluator’s capability or expertise. So anyone
who uses the same tools should be able to make same results.
What should we consider when we choose
Automated security testing tools in evaluation?
Tools for Security Testing & Evaluation
Assessment Features for Automated Tools
User-Friendly Effectiveness Scalability
Tools for Security Testing & Evaluation
Tools for
Design Assurance
Tools for Design Assurance
Assessment items to choose Automated Tools for
Design Assurance
(1) User-Friendly
• Usability
• Analysis Report
• Requirement to Evaluator (Expertise, Background Knowledge)
(2) Effectiveness
• Automation Level
• Model Description Method
• Licensing & Cost
(3) Scalability
• Supported Platforms
Cryptographic Protocol
Model Checking
Theorem Proving Based
• NRL
• FDR
• SCYTHER
• ProVerif • AVISPA(TA4SP)
• CryptoVerif • EBMC
…….
• Isabelle/HOL
• BPW
• Game-based Security Proof
• VAMPIRE • …….
Tools for Design Assurance
Tools for Design Assurance
Cryptographic Protocol (Model Checking)
• The Maude NRL Protocol Analyzer (Maude-NPA)
Assessment Items Description
Usability GUI(Graphic User Interface)
Analysis Report O
Requirement to Evaluator Protocol Design & Modeling Ability
Automation Level Interactive
Model Description Method
Maude-PSL (Maude Protocol Specification
Language)
Licensing & Cost Non-Commercial (University of Illinois)
Supported Platform Mac OS X
Cryptographic Protocol (Model Checking)
• FDR(Failure-Divergence-Refinement)
Assessment Items Description
Usability GUI
Analysis Report O
Requirement to Evaluator Protocol Design & Modeling Ability
Automation Level Interactive
Model Description Method Formal Language (CSP)
Licensing & Cost Non-Commercial (University of Oxford)
Supported Platform Linux / Mac OS X
Tools for Design Assurance
Cryptographic Protocol (Model Checking)
• Syther
Assessment Items Description
Usability GUI
Analysis Report O
Requirement to Evaluator Protocol Design & Modeling Ability
Automation Level Interactive
Model Description Method SPDL (Standard Page Description Language)
Licensing & Cost Non-Commercial (University of Oxford)
Supported Platform Linux / Windows / Mac OS X
Tools for Design Assurance
Cryptographic Protocol (Model Checking)
• ProVerif
Assessment Items Description
Usability CLI (but Easy to Use)
Analysis Report O
Requirement to Evaluator Protocol Design & Modeling Ability
Automation Level Interactive
Model Description Method PV Script (ProVerif Script)
Licensing & Cost Non-Commercial (PROSECCO)
Supported Platform Linux / Windows / Mac OS X
Tools for Design Assurance
Cryptographic Protocol (Theorem Proving)
• Isabelle/HOL(Higher-Order Logic)
Assessment Items Description
Usability GUI, IDE(Integrated Development Environment)
Analysis Report O
Requirement to Evaluator Protocol Design & Modeling Ability
Automation Level Interactive
Model Description Method Functional & Logic Language (HOL)
Licensing & Cost Non-Commercial (University of Cambridge)
Supported Platform Linux / Windows / Mac OS X
Tools for Design Assurance
Tools for
Code Assurance
Tools for Code Assurance
Assessment Items to choose Automated Tools for Code
Assurance
(1) User-Friendly
• Usability
• Analysis Report
• Requirement to Evaluator (Expertise, Background Knowledge)
(2) Effectiveness
• Automation Level
• Analysis Method
• Detectable Vulnerability Type
• Code Coverage
• Licensing & Cost
(3) Scalability
• Supported Languages
• Supported Platforms
CGC(Cyber Grand Challenge) Finalist
• Mayhem CRS (ForAllSecure)
• Xandra (TECHx)
• Mechanical Phish (Shellphish)
• Rebeus (Deep Red)
• Crspy (Disekt)
• Galactic (Codejitsu)
• Jima (CSDS)
Tools for Code Assurance
CGC (Cyber Grand Challenge)
• CRS (Cyber Reasoning System)
• Fully Automated Security Testing for Software
(no human intervention!)
Generate
Input
(Random, Mutation,
Model-Based, … )
Input
Generation
Software
Analysis
&
Excavate
Vulnerability
Vulnerability
Scanning
Crash is
Exploitable?
Crash
Anaylsis
Generate
Exploit Code
Automatically
Exploit
Generation
Patched
Binary
Automatic
Patching
Tools for Code Assurance
Fortify SCA
Assessment Items Description
Usability GUI(Graphic User Interface), Easy to Use
Analysis Report XML Report
Requirement to Evaluator X
Automation Level Fully Automated
Analysis Method Static / Source Code Analyzer
Detectable Vulnerability Type Hundreds of Vulnerability
Code Coverage High Code Coverage
Licensing & Cost Commercial (HP Enterprise)
Supported Languages
Java, .NET, C/C++, JSP, PL/SQL, TSQL, Javascript/Ajax,
PHP, ASP, VB6, COBOL
Supported Platforms Windows, Linux, Solaris, Mac OS X
Tools for Code Assurance
CodeSonar
Assessment Items Description
Usability GUI, Easy to use
Analysis Report HTML, XML, CSV Report
Requirement to Evaluator X
Automation Level Fully Automated
Analysis Method Static / Source Code Analyzer / Binary Anaylzer
Detectable Vulnerability Type Hundreds of Vulnerability
Code Coverage High Code Coverage
Licensing & Cost Commercial (Grammatech)
Supported Languages C, C++, Java
Supported Platforms Windows, Linux, Solaris
Tools for Code Assurance
CheckMarx SAST
Assessment Items Description
Usability GUI, Easy to Use (Just throw the source code!)
Analysis Report Dashboard Report (PDF, RTF, CSV, XML)
Requirement to Evaluator X
Automation Level Fully Automated
Analysis Method Static / Source Code Analyzer
Detectable Vulnerability Type Hundreds of Vulnerability
Code Coverage High Code Coverage
Licensing & Cost Commercial (CheckMarx)
Supported Languages
Java , Javascript , PHP , C# , VB.NET , VB6 , ASP.NET ,
C/C++ , Apex , Ruby , Perl , Objective-C , Python ,
Groovy , HTML5 , Swift , APEX , J2SE , J2EE
Supported Platforms Android , iOS , Windows
Tools for Code Assurance
KLEE
Assessment Items. Description
Usability CLI
Analysis Report X
Requirement to Evaluator O
Automation Level Interactive
Analysis Method Dynamic / Concolic Execution
Detectable Vulnerability Type Memory Corruption
Code Coverage High Code Coverage
Licensing & Cost Non-Commercial (Researched by Stanford University)
Supported Languages C, C++, Objective C
Supported Platforms Linux
Tools for Code Assurance
Mayhem (Research Paper Ver.)
Assessment Items Description
Usability CLI, Write Input Specification
Analysis Report
O
(Exploit Type, Input Source, Symbolic Input Size,
Precondition, Adivsory ,Exploit Generation Time)
Requirement to Evaluator O
Automation Level Interactive
Analysis Method Dynamic / Concolic Execution
Detectable Vulnerability Type Memory Corruption
Code Coverage High Code Coverage
Licensing & Cost Non-Commercial (Carnegie Mellon University)
Supported Languages Raw Binary Code
Supported Platforms Linux, Windows
Tools for Code Assurance
SAGE
Assessment Items Description
Usability Unknown
Analysis Report Unknown
Requirement to Evaluator O
Automation Level Interactive
Analysis Method Dynamic / Whitebox Fuzz Testing
Detectable Vulnerability Type Hundreds of Vulnerability
Code Coverage Limited Code Coverage
Licensing & Cost Restriced-Commercial (Microsoft)
Supported Languages Raw Binary Code
Supported Platforms Windows
Tools for Code Assurance
Triton
Assessment Items Description
Usability CLI, Write Program based Triton
Analysis Report X
Requirement to Evaluator O
Automation Level Interactive
Analysis Method Dynamic / Concolic Execution / Framework
Detectable Vulnerability Type Memory Corruption
Code Coverage High Code Coverage
Licensing & Cost Non-Commercial (Carnegie Mellon University)
Supported Languages Raw Binary Code (Bordeaux University, Qarkslab)
Supported Platforms Linux, Windows, Mac OS X
Tools for Code Assurance
AFL (American Fuzzy Lop)
Assessment Items Description
Usability
CLI(Command Line Interface)
Install & Setup process is a little complexed.
But provide colorful user interface and statistics.
Analysis Report Crash/Vulnerability Type by Address Sanitizer
Requirement to Evaluator O (Crash Analysis, Exploit Generation, Patching)
Automation Level Interactive
Analysis Method Dynamic / Guided Fuzz Testing
Detectable Vulnerability Type Memory Corruption
Code Coverage High Code Coverage (More time, More Coverage)
Licensing & Cost Open Source (Michael Zalewski)
Supported Languages C, C++, Objective C
Supported Platforms
Linux, *BSD, Solaris, Mac OS X
On Linux, Only Binary(Blackbox) Testing Possible
Tools for Code Assurance
IoTcube
Assessment Items Description
Usability Easy to Use (Web Interface, Drag & Drop)
Analysis Report O
Requirement to Evaluator X
Automation Level Fully Automated
Analysis Method
Source Code Analysis (Code Clone Detection)
Binary Fuzz Testing
Network Vulnrability Testing (TLS)
Detectable Vulnerability Type Hundreds of Vulnerability
Code Coverage High Code Coverage
Licensing & Cost Non-Commercial (CSSA, cssa.korea.ac.kr, iotcube.net)
Supported Languages C/C++, Raw Binary Code
Supported Platforms Linux, Windows, Mac OS X
Tools for Code Assurance
Mechanical Phish (Shellphish CRS)
Assessment Items Description
Usability
CLI, Install & Setup process is a little complexed but
Easy to Use
Analysis Report -
Requirement to Evaluator
X (Vulnerability Excavation, Crash Analysis, Exploit
Generation, Patch)
Automation Level Fully Automated
Analysis Method
Dynamic, Concolic Execution, Guided Fuzz Testing,
Automatic Exploit Generation, Automatic Patching
Detectable Vulnerability Type Memory Corruption
Code Coverage High Code Coverage
Licensing & Cost Non-Commercial (Shellphish)
Supported Languages Raw Binary Code
Supported Platforms Linux-Like Platforms(Custom by CGC), Intel x86
Tools for Code Assurance
Demo (Design / Code)
Conclusion
Conclusion
There are many kind of Vulnerability Detection Tools developed by hackers,
researchers.
In present, we use these tools for security testing and evaluation.
But there are some limits.
• Objectivity
• Coverage
Recently, many of hackers research and develop automation tools that can
find unknown vulnerability easily.
We can’t apply these tools to security evaluation immediately.
But if fully automated security testing techniques are developed and
we make an effort to apply it for evaluation continuously, achieving high-
assurance is not too far.
Acknowledgement
This work was supported by Institute for Information & communications
Technology Promotion(IITP) grant funded by the Korea government(MSIP)
(R7117-16-0161,Anomaly detection framework for autonomous vehicles)
Q&A
Reference
Reference
[1] Debra S. Herrmann, “A practical guide to Security Engineering and Information Assurance”
[2] Sommerville, “Software Engineering, 9ed. 11 & 12, Dependability and Security Specification”
[3] Charlie Miller, Chris Valasek, “Remote Exploitation of an Unaltered Passenger Vehicle”
[4] Ross Anderson, “Security Engineering”
[5] ISO/IEC/IEEE 15288 : 2015, “Systems and Software engineering-System life cycle process”,
[6] Joe Jarzombek, “Software & Supply Chain Assurance : A Historical Perspective of Community Collaboration”,
Homeland Security
[7] David Burke, Joe Hurd and Aaron Tomb, “High Assurance Software Development”, 2010
[8] Ron Ross, Michael McEilley and Janet Carrier Oren, “NIST SP 800-160 : Systems Security Engineering – Consideration
for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”, 2016
[9] Scott A.Lintelman, Krishna Sampigethaya, Mingyan Li, Radha Poovendran, Richard V. Robinson, “High Assurance
Aerospace CPS & Implications for the Automotive Industry”, 2015
[10] NIAP, “Common Criteria-Evaluation and Validation Scheme, Publication #3, Guidance to Validators version 3”, 2014
[11] ISO/IEC 27034-2, “Information technology – Security techniques – Application Security”, 2015
[12] Paul R. Croll, “ISO/IEC/IEEE 15026, Systems and Software Assurance”, 21st Annual Systems and Software Technology
Conference, 2009
Reference
[13] EURO-MILS, “Secure European Virtualisation for Trustworthy Applications in Critical Domains, Used Formal Methods”,
2015
[14] Vijay D’Silva, Daniel Kroening, and Georg Weissenbacher, “A Survey of Automated Techniques for Formal Software
Verification”, 2008
[15] Daniel Potts, Rene Bourquin, Lesile Andresen, “Mathematically Verified Software Kernals: Rasing the Bar for High
Assurance Implementation
[16] Bernhard Beckert, Daniel Bruns, Sarah Grebing, “Mind the Gap : Formal Verification and the Common Criteria“, 2010
[17] Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai
Engelhardt, Rafal Kolankski, Michel Norrich, Thomas Sewell, Harvey Tuch, Simon Winwood, “seL4 : Formal Verification of
an OS Kernel”, 2009
[18] Gerwin Klein, NICTA, “Operating System Verification – An Overview”, 2009
[19] Jesus Diaz, David Arroyo, Francisco B. Rodriguez, “A formal methodology for integral security design and verification
of network protocols”, 2012
[20] Yoshikazu Hanatanil, Miyako Ohkubo, Sinichiro Matsuo, Kazuo Sakiyama, and Kazuo Ohta, “A Study on
Computational Formal Verification for Practical Cryptographic Protocol: The Case of Synchronous RFID Authentication”,
2011
[21] Alexandre Melo Braga, Ricardo Hahab, “A Survey on Tools and Techniques for the Programming and Verification of
Secure Cryptographic Software”, 2015
Reference
[22] Shinichiro Matsuo, Kunihiko Miyazaki, Akira Otsuka, David Basin, “How to Evaluate the Security of Real-life
Cryptographic Protocol? The cases of ISO/IEC 29128 and CRYPTREC, 2010
[23] Bruno Blanchet, Ben Smyth, and Vincent Cheval, “ProVerif 1.94pl1: Automatic Cryptographic Protocol Verifier, User
Manual and Tutorial”, 2016
[24] Charles B. Weinstock, John B. Goodennough, “Toward an Assurance Case Practice for Medical Devices”, 2009
[25] CISCO, “Building Trustworthy Systems with Cisco Secure Development Lifecycle”, 2016
[26] Yannick Moy, Emmanuel Ledinot, Herve Delseny, Virginie Wiels, Benjamin Monte, “Testing or Formal Verification :
DC-178C Alternatives and Industrial Experience”, 2013
[27] Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh, “NIST SP 800-115, Technical Guide to
Information Security Testing and Assessment – Recommandations of the National Institue of Standards and Technology”,
2008
[28] Steve Lipner, Microsoft, “The Security Development Lifecycle”, 2010
[29] Michael Felderer, Ruth Breu, Matthias Buchler, “Security Testing : A Survey”, 2016
[30] Vijay D’Silva, Daniel Kroening, George Weissenbacher, “A Survey of Automated Techniques for Formal Software
Verification”
[31] John Rushby, Xidong Xu, Rangarajan and Thomas L. Weaver, “Understanding and Evaluating Assurance Case”, 2015
[32] David J.Rinehart, John C. Knight, Jonathan Rowanhill, “Current Practices in Constructing and Evaluating Assurance
Case with Application to Aviation”, 2015
[33] The Government of Japan, “Cybersecurity Strategy 2015”
Reference
[34] Yasu Taniwaki, Deputy Director-General National Information Security Center, “Cybersecurity Strategy in Japan”, 2014
[35] “The NRL Protocol Analyzer : An Overview”, 1994
[36] Bruno Blanchet, “Automatic Verification of security protocols : the tools ProVerif and CryptoVerif”, 2011
[37] Tobias Nipkow, “Programming and Proving in Isabelle/HOL”, 2016
[38] Assistant Secretary of the Navy Chief System Engineer, “Software Security Assessment Tools Review”, 2009
[39] S.Santiago, C.Talcott, S.Escobar, C.Meadows, J.Meseguer, “A Graphical User Interface for Maude-NPA”, 2009
[40] NIST, "Source Code Security Analyzers"
[41] Cadar, Cristian, "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs",
2008
[42] Cha, Sang Kil, "Unleashing MAYHEM on Binary Code", 2012
[43] Giovanni Vigna, "Autonomous Hacking: The New Frontiers of Attack and Defense", 2016
[44] Antonio Bianchi, "A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge", 2015
[45] Jonathan Salwan, "Triton: Concolic Execution Framework", 2016
[46] Godefroid, "SAGE: Whitebox Fuzzing for Security Testing", 2012
[47] Michael Zalewski, "American Fuzzy Lop (http://lcamtuf.coredump.cx/afl/)", 2015
[48] Vegard Nossum, Oracle, "Filesystem Fuzzing with American Fuzzy Lop", 2016
[49] Hongzhe Li, "CLORIFI: software vulnerability discovery using code clone verification", 2015
[50] Stephens, "Driller: Augmenting Fuzzing Through Selective Symbolic Execution", 2016
[51] John Rushby, “The Interpretation and Evaluation of Assurance Cases”, SRI International Technical Report, 2015

More Related Content

What's hot

Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin LeeLG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin LeeCODE BLUE
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeDenim Group
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Matthew Rosenquist
 
LK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, граблиLK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, граблиPositive Hack Days
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
Kaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksMighty Guides, Inc.
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why	You’ll Care More About Mobile Security in 2020 - Tom BainWhy	You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security TeamRishabh Gupta
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On TrainingTonex
 
API Vulnerabilties and What to Do About Them
API Vulnerabilties and What to Do About ThemAPI Vulnerabilties and What to Do About Them
API Vulnerabilties and What to Do About ThemEoin Woods
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 

What's hot (20)

Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin LeeLG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist Attacks
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security Knowledge
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
 
LK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, граблиLK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, грабли
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
 
Kaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise Portfolio
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why	You’ll Care More About Mobile Security in 2020 - Tom BainWhy	You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security Team
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On Training
 
API Vulnerabilties and What to Do About Them
API Vulnerabilties and What to Do About ThemAPI Vulnerabilties and What to Do About Them
API Vulnerabilties and What to Do About Them
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 

Viewers also liked

[CB16] 基調講演: セキュリティはどれくらいが適量? – How much security is too much? – by Karsten Nohl
[CB16] 基調講演: セキュリティはどれくらいが適量? – How much security is too much? – by Karsten Nohl[CB16] 基調講演: セキュリティはどれくらいが適量? – How much security is too much? – by Karsten Nohl
[CB16] 基調講演: セキュリティはどれくらいが適量? – How much security is too much? – by Karsten NohlCODE BLUE
 
Practical attacks on commercial white-box cryptography solutions
Practical attacks on commercial white-box cryptography solutionsPractical attacks on commercial white-box cryptography solutions
Practical attacks on commercial white-box cryptography solutionsLINE Corporation
 
libinjection : SQLi から XSS へ by ニック・ガルブレス
libinjection : SQLi から XSS へ by ニック・ガルブレスlibinjection : SQLi から XSS へ by ニック・ガルブレス
libinjection : SQLi から XSS へ by ニック・ガルブレスCODE BLUE
 
[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...
[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...
[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...CODE BLUE
 
[CB16] WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel by Ja...
[CB16] WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel by Ja...[CB16] WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel by Ja...
[CB16] WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel by Ja...CODE BLUE
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...CODE BLUE
 
[CB16] (P)FACE :アップルのコアへ、そしてルート権限へのエクスプロイト by Moony Li & Jack Tang
[CB16] (P)FACE :アップルのコアへ、そしてルート権限へのエクスプロイト by Moony Li & Jack Tang[CB16] (P)FACE :アップルのコアへ、そしてルート権限へのエクスプロイト by Moony Li & Jack Tang
[CB16] (P)FACE :アップルのコアへ、そしてルート権限へのエクスプロイト by Moony Li & Jack TangCODE BLUE
 
[CB16] Who put the backdoor in my modem? by Ewerson Guimaraes
[CB16] Who put the backdoor in my modem? by Ewerson Guimaraes[CB16] Who put the backdoor in my modem? by Ewerson Guimaraes
[CB16] Who put the backdoor in my modem? by Ewerson GuimaraesCODE BLUE
 
[CB16] 私のモデムに誰がバックドアを仕掛けたのか? by Ewerson Guimaraes
[CB16] 私のモデムに誰がバックドアを仕掛けたのか? by Ewerson Guimaraes[CB16] 私のモデムに誰がバックドアを仕掛けたのか? by Ewerson Guimaraes
[CB16] 私のモデムに誰がバックドアを仕掛けたのか? by Ewerson GuimaraesCODE BLUE
 
[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés Riancho
[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés Riancho[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés Riancho
[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés RianchoCODE BLUE
 
第一回バイナリゆるゆる勉強会スライド
第一回バイナリゆるゆる勉強会スライド第一回バイナリゆるゆる勉強会スライド
第一回バイナリゆるゆる勉強会スライドRyosuke Shimizu
 
Azureで始めるDevOps
Azureで始めるDevOpsAzureで始めるDevOps
Azureで始めるDevOpsAtsushi Kojima
 
[CB16] EXOTIC DATA RECOVERY & PARADAIS by しもがいとだい
[CB16] EXOTIC DATA RECOVERY & PARADAIS by しもがいとだい[CB16] EXOTIC DATA RECOVERY & PARADAIS by しもがいとだい
[CB16] EXOTIC DATA RECOVERY & PARADAIS by しもがいとだいCODE BLUE
 
第3回長崎デジタルコンテストLT『リバースエンジニアリング入門』
第3回長崎デジタルコンテストLT『リバースエンジニアリング入門』第3回長崎デジタルコンテストLT『リバースエンジニアリング入門』
第3回長崎デジタルコンテストLT『リバースエンジニアリング入門』Saya Katafuchi
 
[CB16] IoTとしての自動車とセキュリティ: リモートサービスのセキュリティ評価とその対策の検討 - by 和栗直英
[CB16] IoTとしての自動車とセキュリティ: リモートサービスのセキュリティ評価とその対策の検討 - by 和栗直英[CB16] IoTとしての自動車とセキュリティ: リモートサービスのセキュリティ評価とその対策の検討 - by 和栗直英
[CB16] IoTとしての自動車とセキュリティ: リモートサービスのセキュリティ評価とその対策の検討 - by 和栗直英CODE BLUE
 
マルウェア解析講座そのいち〜仮想環境下では暴れないけど質問ある?〜
マルウェア解析講座そのいち〜仮想環境下では暴れないけど質問ある?〜マルウェア解析講座そのいち〜仮想環境下では暴れないけど質問ある?〜
マルウェア解析講座そのいち〜仮想環境下では暴れないけど質問ある?〜Saya Katafuchi
 
Edomae 2015 - マルウェアを解析してみよう
Edomae 2015 - マルウェアを解析してみようEdomae 2015 - マルウェアを解析してみよう
Edomae 2015 - マルウェアを解析してみようSatoshi Mimura
 
Microsoft Antimalware for Azure による Azure 仮想マシンの簡易的なマルウェア対策
Microsoft Antimalware for Azure による Azure 仮想マシンの簡易的なマルウェア対策Microsoft Antimalware for Azure による Azure 仮想マシンの簡易的なマルウェア対策
Microsoft Antimalware for Azure による Azure 仮想マシンの簡易的なマルウェア対策wintechq
 
Elastic{on}オープンな世界へようこそ
Elastic{on}オープンな世界へようこそElastic{on}オープンな世界へようこそ
Elastic{on}オープンな世界へようこそMasamitsu Maehara
 
Elastic stack 世界にさらしたサーバを可視化してみた
Elastic stack 世界にさらしたサーバを可視化してみたElastic stack 世界にさらしたサーバを可視化してみた
Elastic stack 世界にさらしたサーバを可視化してみたMasamitsu Maehara
 

Viewers also liked (20)

[CB16] 基調講演: セキュリティはどれくらいが適量? – How much security is too much? – by Karsten Nohl
[CB16] 基調講演: セキュリティはどれくらいが適量? – How much security is too much? – by Karsten Nohl[CB16] 基調講演: セキュリティはどれくらいが適量? – How much security is too much? – by Karsten Nohl
[CB16] 基調講演: セキュリティはどれくらいが適量? – How much security is too much? – by Karsten Nohl
 
Practical attacks on commercial white-box cryptography solutions
Practical attacks on commercial white-box cryptography solutionsPractical attacks on commercial white-box cryptography solutions
Practical attacks on commercial white-box cryptography solutions
 
libinjection : SQLi から XSS へ by ニック・ガルブレス
libinjection : SQLi から XSS へ by ニック・ガルブレスlibinjection : SQLi から XSS へ by ニック・ガルブレス
libinjection : SQLi から XSS へ by ニック・ガルブレス
 
[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...
[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...
[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...
 
[CB16] WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel by Ja...
[CB16] WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel by Ja...[CB16] WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel by Ja...
[CB16] WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel by Ja...
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
 
[CB16] (P)FACE :アップルのコアへ、そしてルート権限へのエクスプロイト by Moony Li & Jack Tang
[CB16] (P)FACE :アップルのコアへ、そしてルート権限へのエクスプロイト by Moony Li & Jack Tang[CB16] (P)FACE :アップルのコアへ、そしてルート権限へのエクスプロイト by Moony Li & Jack Tang
[CB16] (P)FACE :アップルのコアへ、そしてルート権限へのエクスプロイト by Moony Li & Jack Tang
 
[CB16] Who put the backdoor in my modem? by Ewerson Guimaraes
[CB16] Who put the backdoor in my modem? by Ewerson Guimaraes[CB16] Who put the backdoor in my modem? by Ewerson Guimaraes
[CB16] Who put the backdoor in my modem? by Ewerson Guimaraes
 
[CB16] 私のモデムに誰がバックドアを仕掛けたのか? by Ewerson Guimaraes
[CB16] 私のモデムに誰がバックドアを仕掛けたのか? by Ewerson Guimaraes[CB16] 私のモデムに誰がバックドアを仕掛けたのか? by Ewerson Guimaraes
[CB16] 私のモデムに誰がバックドアを仕掛けたのか? by Ewerson Guimaraes
 
[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés Riancho
[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés Riancho[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés Riancho
[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés Riancho
 
第一回バイナリゆるゆる勉強会スライド
第一回バイナリゆるゆる勉強会スライド第一回バイナリゆるゆる勉強会スライド
第一回バイナリゆるゆる勉強会スライド
 
Azureで始めるDevOps
Azureで始めるDevOpsAzureで始めるDevOps
Azureで始めるDevOps
 
[CB16] EXOTIC DATA RECOVERY & PARADAIS by しもがいとだい
[CB16] EXOTIC DATA RECOVERY & PARADAIS by しもがいとだい[CB16] EXOTIC DATA RECOVERY & PARADAIS by しもがいとだい
[CB16] EXOTIC DATA RECOVERY & PARADAIS by しもがいとだい
 
第3回長崎デジタルコンテストLT『リバースエンジニアリング入門』
第3回長崎デジタルコンテストLT『リバースエンジニアリング入門』第3回長崎デジタルコンテストLT『リバースエンジニアリング入門』
第3回長崎デジタルコンテストLT『リバースエンジニアリング入門』
 
[CB16] IoTとしての自動車とセキュリティ: リモートサービスのセキュリティ評価とその対策の検討 - by 和栗直英
[CB16] IoTとしての自動車とセキュリティ: リモートサービスのセキュリティ評価とその対策の検討 - by 和栗直英[CB16] IoTとしての自動車とセキュリティ: リモートサービスのセキュリティ評価とその対策の検討 - by 和栗直英
[CB16] IoTとしての自動車とセキュリティ: リモートサービスのセキュリティ評価とその対策の検討 - by 和栗直英
 
マルウェア解析講座そのいち〜仮想環境下では暴れないけど質問ある?〜
マルウェア解析講座そのいち〜仮想環境下では暴れないけど質問ある?〜マルウェア解析講座そのいち〜仮想環境下では暴れないけど質問ある?〜
マルウェア解析講座そのいち〜仮想環境下では暴れないけど質問ある?〜
 
Edomae 2015 - マルウェアを解析してみよう
Edomae 2015 - マルウェアを解析してみようEdomae 2015 - マルウェアを解析してみよう
Edomae 2015 - マルウェアを解析してみよう
 
Microsoft Antimalware for Azure による Azure 仮想マシンの簡易的なマルウェア対策
Microsoft Antimalware for Azure による Azure 仮想マシンの簡易的なマルウェア対策Microsoft Antimalware for Azure による Azure 仮想マシンの簡易的なマルウェア対策
Microsoft Antimalware for Azure による Azure 仮想マシンの簡易的なマルウェア対策
 
Elastic{on}オープンな世界へようこそ
Elastic{on}オープンな世界へようこそElastic{on}オープンな世界へようこそ
Elastic{on}オープンな世界へようこそ
 
Elastic stack 世界にさらしたサーバを可視化してみた
Elastic stack 世界にさらしたサーバを可視化してみたElastic stack 世界にさらしたサーバを可視化してみた
Elastic stack 世界にさらしたサーバを可視化してみた
 

Similar to [CB16] Using the CGC’s fully automated vulnerability detection tools in security evaluation and its effectiveness by InHyuk Seo & Jason Park

Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general attSHIVA101531
 
gkkSecurity essentials domain 1
gkkSecurity essentials   domain 1gkkSecurity essentials   domain 1
gkkSecurity essentials domain 1Anne Starr
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Mobile Device Management And Network Security Automation...
Mobile Device Management And Network Security Automation...Mobile Device Management And Network Security Automation...
Mobile Device Management And Network Security Automation...Jennifer Lord
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingKnoldus Inc.
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptxrabeetkashif
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 

Similar to [CB16] Using the CGC’s fully automated vulnerability detection tools in security evaluation and its effectiveness by InHyuk Seo & Jason Park (20)

Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
 
gkkSecurity essentials domain 1
gkkSecurity essentials   domain 1gkkSecurity essentials   domain 1
gkkSecurity essentials domain 1
 
information security management
information security managementinformation security management
information security management
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
)k
)k)k
)k
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Mobile Device Management And Network Security Automation...
Mobile Device Management And Network Security Automation...Mobile Device Management And Network Security Automation...
Mobile Device Management And Network Security Automation...
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1security
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 

More from CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 

More from CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Recently uploaded

Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 

Recently uploaded (20)

Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 

[CB16] Using the CGC’s fully automated vulnerability detection tools in security evaluation and its effectiveness by InHyuk Seo & Jason Park

  • 1. Inhyuk Seo(inhack), Jisoo Park(J.Sus), Seungjoo Kim SANE(Security Analysis aNd Evaluation) Lab Korea University(高麗大學校) Using the CGC’s fully automated vulnerability detection tools in security evaluation and its effectiveness
  • 2. Contents • Who are we? • Introduction • Security Engineering, the Way to Information Assurance • High-Assurance, the Key of CPS • Tools for Security Testing & Evaluation - Tools for Design Assurance / Tools for Code Assurance • Demo (Design / Code) • Conclusion • Acknowledgement • Q&A • Reference
  • 3. Who are we? Inhyuk Seo (徐寅赫) E-mail : jisoo8881@korea.ac.kr Jisoo Park received his B.S (2015) in Computer Science Engineering from Dongguk University in Korea. He worked at antivirus company Ahnlab as S/W QA trainee for 6 month. Also he completed high-quality information security education course “Best of the Best” hosted by KITRI(Korea Information Technology Research Institute). Now, He is a M.S course student at CIST SANE Lab, Korea University and interested in Common Criteria, Security Engineering(Especially Threat modeling). Jisoo Park (朴志洙) E-mail : inhack@korea.ac.kr My name is Inhyuk Seo(Nick: inhack). I graduated B.S. in Computer Science and Engineering at Hanyang University(ERICA) in 2015. Now I’m a researcher and M.S. of SANE(Security Analaysis aNd Evaluation) Lab at Korea University. In 2012, I completed high-quality information security education course “the Best of the Best(BoB)” hosted by KITRI(Korea Information Technology Research Institute) and participated in many projects related with vulnerability analysis. I’m interested in Programming Language, Software Testing, Machine Learning, Artificial Intelligence.
  • 4. Seungjoo Gabriel Kim (金昇柱) E-mail: skim71@korea.ac.kr Homepage : www.kimlab.net Facebook, Twitter : @skim71 Prof. Seungjoo Gabriel Kim received his B.S, M.S and Ph.D. from Sungkyunkwan University(SKKU) of Korea, in 1994, 1996, and 1999, respectively. Prior to joining the faculty at Korea University (KU) in 2011, he served as Assistant & Associate Professor at SKKU for 7 years. Before that, he served as Director of the Cryptographic Technology Team and the (CC-based) IT Security Evaluation Team of the Korea Internet & Security Agency(KISA) for 5 years. He is currently a Professor in the Graduate School of Information Security Technologies(CIST). Also, He is a Founder and Advisory director of hacker group, HARU and an international security & hacking conference, SECUINSIDE. Prof. Seungjoo Gabriel Kim’s research interests are mainly on cryptography, Cyber Physical Security, IoT Security, and HCI Security. He is a corresponding author. Who are we?
  • 5. Intro Level of trust that it really does! Assurance The User’s degree of trust in that information Information Assurance
  • 6. Intro Rise of the Information Assurance Gulf War has often been called the first information war. “The harbinger of IA” 1991 U.S. DoD Directive 5-3600.1 : The first standardized definition of IA 1996 Information Security (INFOSEC) Era 1980 ~ “The communication network that supported Operation Desert Storm was the largest joint theater system ever established. It was built in record time and maintained a phenomenal 98 percent availability rate. At the height of the operation, the system supported 700,000 telephone calls and 152,000 messages per day. More than 30,000 radio frequencies were managed to provide the necessary connectivity and to ensure minimum interference.” Debra S. Herrmann, “Security Engineering and Information Assurance”
  • 7. Intro Information Assurance “Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” DoD Directive 8500.01E Rise of the Information Assurance Gulf War has often been called the first information war. “The harbinger of IA” 1991 U.S. DoD Directive 5-3600.1 : The first standardized definition of IA 1996 Information Security (INFOSEC) Era 1980 ~
  • 8. What are the differences between Information Security and Information Assurance? Intro
  • 9. Intro Information Security (情報保護) Information Assurance (情報保證) Dates Since 1980s Since 1998 Subject of protection Information and Information system Business as a whole Goal Confidentiality, Integrity, Availability Confidentiality, Integrity, Availability, Non- repudiation, Accountability, Auditability, Transparency, Cost-effectiveness, Efficiency Type of information Primarily electronic All types Approach Domination of the technical approach, initial attempts to consider soft aspects All-encompassing multi-disciplinary systematic approach Security Mechanism Primary focus is on technical security mechanism; initial consideration of organizational and human-oriented mechanism All available (technical, organizational, human-oriented, legal) Role within a business Supporting system, often inducing some restrictions on business An integral aspect of business, business enabler Flow of security decision Bottom-Top Top-Bottom
  • 10. Intro Information Security (情報保護) Information Assurance (情報保證) Dates Since 1980s Since 1998 Subject of protection Information and Information system Business as a whole Goal Confidentiality, Integrity, Availability Confidentiality, Integrity, Availability, Non- repudiation, Accountability, Auditability, Transparency, Cost-effectiveness, Efficiency Type of information Primarily electronic All types Approach Domination of the technical approach, initial attempts to consider soft aspects All-encompassing multi-disciplinary systematic approach Security Mechanism Primary focus is on technical security mechanism; initial consideration of organizational and human-oriented mechanism All available (technical, organizational, human-oriented, legal) Role within a business Supporting system, often inducing some restrictions on business An integral aspect of business, business enabler Flow of security decision Bottom-Top Top-Bottom Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction Validating that the information is authentic, trustworthy, and accessible
  • 11. Security Engineering, the Way to Information Assurance
  • 12. What is Information Assurance’s Goal? Security Engineering
  • 13. Security Engineering Goal of Information Assurance Dependability The ability of the system to deliver services when requested Availability The ability of the system to deliver services as specified Reliability The ability of the system to protect itself against accidental or deliberate intrusion The ability of the system to operate without catastrophic failure Safety Security Reflect the extent of the user’s confidence that it will operate as users expects that it will not ‘fail’ in normal use
  • 14. Domain Reliability Security Safety Financial System Medium High No DB of Medical Records Medium Medium Medium Air Traffic Control System Medium High High Automobile High Medium High Defcon 23 – Charlie Miller & Chris Valasek “Remote Exploitation of an Unaltered Passenger Vehicle” It was ‘Low’ at first, Security Engineering Goal of Information Assurance
  • 15. How can we achieve Information Assurance? Security Engineering
  • 16. How can we achieve Information Assurance? Security Engineering Security Engineering
  • 17. Security Engineering is about building systems to remain dependable in the face of malice, error and mischance. As a discipline, it focuses on the tools, needed to design, implement and test complete systems and to adapt existing systems as their environment evolves. – Ross Anderson, Computer Laboratory in University of Cambridge - What is Security Engineering? Security Engineering
  • 18. Policy Assurance Mechanisms Policy Assurance Design Assurance Implementation Assurance Operational Assurance Assurance needed at all stage of System life cycle Ultimate Goal of Security Engineering Security Engineering What is Security Engineering?
  • 19. Requirements Design Implementation Release Maintenance System Engineering Life Cycle Process (ISO/IEC/IEEE 15288 : 2015) • Business or Mission Analysis • Stakeholder Needs and Requirements Definitions • System Requirements Definition • Architecture Definition • Design Definition • System Analysis • Implementation • Integration • Verification • Transition • Validation • Operation • Maintenance • Disposal Security Engineering What is Security Engineering? Provide Security Engineering throughout the Life Cycle
  • 20. Case Study : Microsoft Security Development Life Cycle Security Engineering
  • 21. Case Study : Microsoft Security Development Life Cycle Does it really work? 34 3 187 SQL Server 2000 SQL Server 2005 Competing commercial DB Total Vulnerabilities Disclosed 36 Month after Release 46% reductio n 119 66 400 242 157 Windows XP Windows Vista OS A OS B OS C Total Vulnerabilities Disclosed On year after Release 46% reduction After SDLBefore SDL After SDLBefore SDL 91% reduction Analysis by Jeff Jones(Microsoft technet security blogWindows Vista One year Vulnerability Report, Microsoft Security Blog 23 Jan 2008 Security Engineering
  • 23. High Assurance, the Key of CPS What is “High-Assurance”? High-Assurance means that it can be mathematically proven that the system works precisely as intended and designed. and High-Assurance development means that there are clear and compelling evidences in each development phase.
  • 24. What is “CPS”? Cyber Physical Systems(CPS) are co- engineered interacting network of physical and computational components. CPS will provide the foundation of our critical infrastructure, form the basis of emerging and future smart services, and improve our quality of life in many areas. Internet of Things Cyber Physical System AssuranceSecurity VS High Assurance, the Key of CPS
  • 25. Where “High-Assurance” needed Information Assurance Security Engineering Critical Infrastructure Finance Aviation Government Medical Automotive Railway Energy . . High- Assurance Apply & Guarantee High Assurance, the Key of CPS
  • 26. Some standards or regulations for critical infrastructure are not enough for achieving dependability. • Most of them don’t have Security feature. Domain Standard / Regulation Road Vehicles ISO 26262 Aviation DO-178B, 178C, 254, 278A …. Medical IEC 62304 Railways EN 50128 High Assurance, the Key of CPS
  • 27. ISO/IEC 29128 and ISO/IEC 15408 have “Reliability” and “Security” ISO 26262, DO-254 : Mainly focusing on “Safety” and “Reliability” Standard / Regulation Assurance Level ISO 26262 ASIL A ASIL B ASIL C ASIL D DO-254 DAL E DAL D DAL C DAL B DAL A ISO/IEC 29128 PAL 1 PAL 2 PAL 3 PAL 4 ISO/IEC 15408 EAL1 EAL 2 EAL 3 EAL 4 EAL 5 EAL 6 EAL 7 HighLow High Assurance, the Key of CPS
  • 28. ISO/IEC 29128 and ISO/IEC 15408 have “Reliability” and “Security” ISO 26262, DO-254 : Mainly focusing on “Safety” and “Reliability” Standard / Regulation Assurance Level ISO/IEC 29128 PAL 1 PAL 2 PAL 3 PAL 4 ISO/IEC 15408 EAL1 EAL 2 EAL 3 EAL 4 EAL 5 EAL 6 EAL 7 HighLow High Assurance, the Key of CPS
  • 29. Example : ISO/IEC 29128 Verification of Cryptographic Protocol Protocol Assurance Level PAL1 PAL2 PAL3 PAL4 Protocol Specification Semiformal description of protocol specification Formal description of protocol specification Formal description of protocol specification in a tool-specific specification language, whose semantics is mathematically defined Adversarial Model Security Property Self-assessment evidence Informal argument or mathematically formal paper-and-pencil proof that the cryptographic protocol satisfies the given objectives and properties with respect to the adversarial model Tool-aided bounded verification that the specification of the cryptographic protocol satisfies the given objectives and properties with respect to the adversarial model Tool-aided unbounded verification that the specification of the cryptographic protocol satisfies the given objectives and properties with respect to the adversarial model Tool-aided unbounded verification that the specification of the cryptographic protocol in its adversarial model achieves and satisfies its objectives and properties. High Assurance, the Key of CPS
  • 30. Example : Common Criteria ISO/IEC 15408 Evaluation criteria for IT security Evaluation Assurance Level Description EAL 7 Formally verified design and tested EAL 6 Semiformally verified design and tested EAL 5 Semiformally designed and tested EAL 4 Methodically designed, tested, and reviewed EAL 3 Methodically tested and checked EAL 2 Structurally tested EAL 1 Functionally tested Gerwin Klein, Operating System Verification – An Overview High Assurance, the Key of CPS
  • 31. Example : Common Criteria ISO/IEC 15408 Corresponding assurance levels in ISO/IEC 29128 High Assurance, the Key of CPS
  • 32. How to Get it? • Measurable & Mathematically provable  Formal Verification • By using Tools High Assurance, the Key of CPS
  • 33. How to Get it? Established in March 2012, as a Research Association, which headquarters is located in Tagajo City of Miyagi Prefecture. CSSC’s testbed is composed of 9-types of simulated plants and it is capable to organize cybersecurity hands-on exercises which simulate cyber attack Control System Security Center (CSSC) Major operation plans – System security verification High Assurance, the Key of CPS
  • 34. How to Get it? “The goal of the HACMS program is to create technology for the construction of high-assurance cyber- physical systems, where high assurance is defined to mean functionally correct and satisfying appropriate safety and security properties.” Dr. Raymond Richards, Information Innovation Office Program Manager of HACMS High-Assurance Cyber Military System (HACMS) High Assurance, the Key of CPS
  • 36. Tools for Security Testing & Evaluation Automation Tools for Hacker & Bug Hunters • Automation Vulnerability Detection Tools developed by hacker/bug hunter are only for the purpose of finding 0-day (Unknown Vulnerability) easily. Automation Tools for Evaluation Ultimate goal of Security testing & evaluation There are no mistakes in security testing process and Guarantee objective analysis reports or evaluation results Independent from evaluator’s capability or expertise. So anyone who uses the same tools should be able to make same results.
  • 37. What should we consider when we choose Automated security testing tools in evaluation? Tools for Security Testing & Evaluation
  • 38. Assessment Features for Automated Tools User-Friendly Effectiveness Scalability Tools for Security Testing & Evaluation
  • 40. Tools for Design Assurance Assessment items to choose Automated Tools for Design Assurance (1) User-Friendly • Usability • Analysis Report • Requirement to Evaluator (Expertise, Background Knowledge) (2) Effectiveness • Automation Level • Model Description Method • Licensing & Cost (3) Scalability • Supported Platforms
  • 41. Cryptographic Protocol Model Checking Theorem Proving Based • NRL • FDR • SCYTHER • ProVerif • AVISPA(TA4SP) • CryptoVerif • EBMC ……. • Isabelle/HOL • BPW • Game-based Security Proof • VAMPIRE • ……. Tools for Design Assurance
  • 42. Tools for Design Assurance Cryptographic Protocol (Model Checking) • The Maude NRL Protocol Analyzer (Maude-NPA) Assessment Items Description Usability GUI(Graphic User Interface) Analysis Report O Requirement to Evaluator Protocol Design & Modeling Ability Automation Level Interactive Model Description Method Maude-PSL (Maude Protocol Specification Language) Licensing & Cost Non-Commercial (University of Illinois) Supported Platform Mac OS X
  • 43. Cryptographic Protocol (Model Checking) • FDR(Failure-Divergence-Refinement) Assessment Items Description Usability GUI Analysis Report O Requirement to Evaluator Protocol Design & Modeling Ability Automation Level Interactive Model Description Method Formal Language (CSP) Licensing & Cost Non-Commercial (University of Oxford) Supported Platform Linux / Mac OS X Tools for Design Assurance
  • 44. Cryptographic Protocol (Model Checking) • Syther Assessment Items Description Usability GUI Analysis Report O Requirement to Evaluator Protocol Design & Modeling Ability Automation Level Interactive Model Description Method SPDL (Standard Page Description Language) Licensing & Cost Non-Commercial (University of Oxford) Supported Platform Linux / Windows / Mac OS X Tools for Design Assurance
  • 45. Cryptographic Protocol (Model Checking) • ProVerif Assessment Items Description Usability CLI (but Easy to Use) Analysis Report O Requirement to Evaluator Protocol Design & Modeling Ability Automation Level Interactive Model Description Method PV Script (ProVerif Script) Licensing & Cost Non-Commercial (PROSECCO) Supported Platform Linux / Windows / Mac OS X Tools for Design Assurance
  • 46. Cryptographic Protocol (Theorem Proving) • Isabelle/HOL(Higher-Order Logic) Assessment Items Description Usability GUI, IDE(Integrated Development Environment) Analysis Report O Requirement to Evaluator Protocol Design & Modeling Ability Automation Level Interactive Model Description Method Functional & Logic Language (HOL) Licensing & Cost Non-Commercial (University of Cambridge) Supported Platform Linux / Windows / Mac OS X Tools for Design Assurance
  • 48. Tools for Code Assurance Assessment Items to choose Automated Tools for Code Assurance (1) User-Friendly • Usability • Analysis Report • Requirement to Evaluator (Expertise, Background Knowledge) (2) Effectiveness • Automation Level • Analysis Method • Detectable Vulnerability Type • Code Coverage • Licensing & Cost (3) Scalability • Supported Languages • Supported Platforms
  • 49. CGC(Cyber Grand Challenge) Finalist • Mayhem CRS (ForAllSecure) • Xandra (TECHx) • Mechanical Phish (Shellphish) • Rebeus (Deep Red) • Crspy (Disekt) • Galactic (Codejitsu) • Jima (CSDS) Tools for Code Assurance
  • 50. CGC (Cyber Grand Challenge) • CRS (Cyber Reasoning System) • Fully Automated Security Testing for Software (no human intervention!) Generate Input (Random, Mutation, Model-Based, … ) Input Generation Software Analysis & Excavate Vulnerability Vulnerability Scanning Crash is Exploitable? Crash Anaylsis Generate Exploit Code Automatically Exploit Generation Patched Binary Automatic Patching Tools for Code Assurance
  • 51. Fortify SCA Assessment Items Description Usability GUI(Graphic User Interface), Easy to Use Analysis Report XML Report Requirement to Evaluator X Automation Level Fully Automated Analysis Method Static / Source Code Analyzer Detectable Vulnerability Type Hundreds of Vulnerability Code Coverage High Code Coverage Licensing & Cost Commercial (HP Enterprise) Supported Languages Java, .NET, C/C++, JSP, PL/SQL, TSQL, Javascript/Ajax, PHP, ASP, VB6, COBOL Supported Platforms Windows, Linux, Solaris, Mac OS X Tools for Code Assurance
  • 52. CodeSonar Assessment Items Description Usability GUI, Easy to use Analysis Report HTML, XML, CSV Report Requirement to Evaluator X Automation Level Fully Automated Analysis Method Static / Source Code Analyzer / Binary Anaylzer Detectable Vulnerability Type Hundreds of Vulnerability Code Coverage High Code Coverage Licensing & Cost Commercial (Grammatech) Supported Languages C, C++, Java Supported Platforms Windows, Linux, Solaris Tools for Code Assurance
  • 53. CheckMarx SAST Assessment Items Description Usability GUI, Easy to Use (Just throw the source code!) Analysis Report Dashboard Report (PDF, RTF, CSV, XML) Requirement to Evaluator X Automation Level Fully Automated Analysis Method Static / Source Code Analyzer Detectable Vulnerability Type Hundreds of Vulnerability Code Coverage High Code Coverage Licensing & Cost Commercial (CheckMarx) Supported Languages Java , Javascript , PHP , C# , VB.NET , VB6 , ASP.NET , C/C++ , Apex , Ruby , Perl , Objective-C , Python , Groovy , HTML5 , Swift , APEX , J2SE , J2EE Supported Platforms Android , iOS , Windows Tools for Code Assurance
  • 54. KLEE Assessment Items. Description Usability CLI Analysis Report X Requirement to Evaluator O Automation Level Interactive Analysis Method Dynamic / Concolic Execution Detectable Vulnerability Type Memory Corruption Code Coverage High Code Coverage Licensing & Cost Non-Commercial (Researched by Stanford University) Supported Languages C, C++, Objective C Supported Platforms Linux Tools for Code Assurance
  • 55. Mayhem (Research Paper Ver.) Assessment Items Description Usability CLI, Write Input Specification Analysis Report O (Exploit Type, Input Source, Symbolic Input Size, Precondition, Adivsory ,Exploit Generation Time) Requirement to Evaluator O Automation Level Interactive Analysis Method Dynamic / Concolic Execution Detectable Vulnerability Type Memory Corruption Code Coverage High Code Coverage Licensing & Cost Non-Commercial (Carnegie Mellon University) Supported Languages Raw Binary Code Supported Platforms Linux, Windows Tools for Code Assurance
  • 56. SAGE Assessment Items Description Usability Unknown Analysis Report Unknown Requirement to Evaluator O Automation Level Interactive Analysis Method Dynamic / Whitebox Fuzz Testing Detectable Vulnerability Type Hundreds of Vulnerability Code Coverage Limited Code Coverage Licensing & Cost Restriced-Commercial (Microsoft) Supported Languages Raw Binary Code Supported Platforms Windows Tools for Code Assurance
  • 57. Triton Assessment Items Description Usability CLI, Write Program based Triton Analysis Report X Requirement to Evaluator O Automation Level Interactive Analysis Method Dynamic / Concolic Execution / Framework Detectable Vulnerability Type Memory Corruption Code Coverage High Code Coverage Licensing & Cost Non-Commercial (Carnegie Mellon University) Supported Languages Raw Binary Code (Bordeaux University, Qarkslab) Supported Platforms Linux, Windows, Mac OS X Tools for Code Assurance
  • 58. AFL (American Fuzzy Lop) Assessment Items Description Usability CLI(Command Line Interface) Install & Setup process is a little complexed. But provide colorful user interface and statistics. Analysis Report Crash/Vulnerability Type by Address Sanitizer Requirement to Evaluator O (Crash Analysis, Exploit Generation, Patching) Automation Level Interactive Analysis Method Dynamic / Guided Fuzz Testing Detectable Vulnerability Type Memory Corruption Code Coverage High Code Coverage (More time, More Coverage) Licensing & Cost Open Source (Michael Zalewski) Supported Languages C, C++, Objective C Supported Platforms Linux, *BSD, Solaris, Mac OS X On Linux, Only Binary(Blackbox) Testing Possible Tools for Code Assurance
  • 59. IoTcube Assessment Items Description Usability Easy to Use (Web Interface, Drag & Drop) Analysis Report O Requirement to Evaluator X Automation Level Fully Automated Analysis Method Source Code Analysis (Code Clone Detection) Binary Fuzz Testing Network Vulnrability Testing (TLS) Detectable Vulnerability Type Hundreds of Vulnerability Code Coverage High Code Coverage Licensing & Cost Non-Commercial (CSSA, cssa.korea.ac.kr, iotcube.net) Supported Languages C/C++, Raw Binary Code Supported Platforms Linux, Windows, Mac OS X Tools for Code Assurance
  • 60. Mechanical Phish (Shellphish CRS) Assessment Items Description Usability CLI, Install & Setup process is a little complexed but Easy to Use Analysis Report - Requirement to Evaluator X (Vulnerability Excavation, Crash Analysis, Exploit Generation, Patch) Automation Level Fully Automated Analysis Method Dynamic, Concolic Execution, Guided Fuzz Testing, Automatic Exploit Generation, Automatic Patching Detectable Vulnerability Type Memory Corruption Code Coverage High Code Coverage Licensing & Cost Non-Commercial (Shellphish) Supported Languages Raw Binary Code Supported Platforms Linux-Like Platforms(Custom by CGC), Intel x86 Tools for Code Assurance
  • 61. Demo (Design / Code)
  • 63. Conclusion There are many kind of Vulnerability Detection Tools developed by hackers, researchers. In present, we use these tools for security testing and evaluation. But there are some limits. • Objectivity • Coverage Recently, many of hackers research and develop automation tools that can find unknown vulnerability easily. We can’t apply these tools to security evaluation immediately. But if fully automated security testing techniques are developed and we make an effort to apply it for evaluation continuously, achieving high- assurance is not too far.
  • 64. Acknowledgement This work was supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government(MSIP) (R7117-16-0161,Anomaly detection framework for autonomous vehicles)
  • 65. Q&A
  • 67. Reference [1] Debra S. Herrmann, “A practical guide to Security Engineering and Information Assurance” [2] Sommerville, “Software Engineering, 9ed. 11 & 12, Dependability and Security Specification” [3] Charlie Miller, Chris Valasek, “Remote Exploitation of an Unaltered Passenger Vehicle” [4] Ross Anderson, “Security Engineering” [5] ISO/IEC/IEEE 15288 : 2015, “Systems and Software engineering-System life cycle process”, [6] Joe Jarzombek, “Software & Supply Chain Assurance : A Historical Perspective of Community Collaboration”, Homeland Security [7] David Burke, Joe Hurd and Aaron Tomb, “High Assurance Software Development”, 2010 [8] Ron Ross, Michael McEilley and Janet Carrier Oren, “NIST SP 800-160 : Systems Security Engineering – Consideration for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”, 2016 [9] Scott A.Lintelman, Krishna Sampigethaya, Mingyan Li, Radha Poovendran, Richard V. Robinson, “High Assurance Aerospace CPS & Implications for the Automotive Industry”, 2015 [10] NIAP, “Common Criteria-Evaluation and Validation Scheme, Publication #3, Guidance to Validators version 3”, 2014 [11] ISO/IEC 27034-2, “Information technology – Security techniques – Application Security”, 2015 [12] Paul R. Croll, “ISO/IEC/IEEE 15026, Systems and Software Assurance”, 21st Annual Systems and Software Technology Conference, 2009
  • 68. Reference [13] EURO-MILS, “Secure European Virtualisation for Trustworthy Applications in Critical Domains, Used Formal Methods”, 2015 [14] Vijay D’Silva, Daniel Kroening, and Georg Weissenbacher, “A Survey of Automated Techniques for Formal Software Verification”, 2008 [15] Daniel Potts, Rene Bourquin, Lesile Andresen, “Mathematically Verified Software Kernals: Rasing the Bar for High Assurance Implementation [16] Bernhard Beckert, Daniel Bruns, Sarah Grebing, “Mind the Gap : Formal Verification and the Common Criteria“, 2010 [17] Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolankski, Michel Norrich, Thomas Sewell, Harvey Tuch, Simon Winwood, “seL4 : Formal Verification of an OS Kernel”, 2009 [18] Gerwin Klein, NICTA, “Operating System Verification – An Overview”, 2009 [19] Jesus Diaz, David Arroyo, Francisco B. Rodriguez, “A formal methodology for integral security design and verification of network protocols”, 2012 [20] Yoshikazu Hanatanil, Miyako Ohkubo, Sinichiro Matsuo, Kazuo Sakiyama, and Kazuo Ohta, “A Study on Computational Formal Verification for Practical Cryptographic Protocol: The Case of Synchronous RFID Authentication”, 2011 [21] Alexandre Melo Braga, Ricardo Hahab, “A Survey on Tools and Techniques for the Programming and Verification of Secure Cryptographic Software”, 2015
  • 69. Reference [22] Shinichiro Matsuo, Kunihiko Miyazaki, Akira Otsuka, David Basin, “How to Evaluate the Security of Real-life Cryptographic Protocol? The cases of ISO/IEC 29128 and CRYPTREC, 2010 [23] Bruno Blanchet, Ben Smyth, and Vincent Cheval, “ProVerif 1.94pl1: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial”, 2016 [24] Charles B. Weinstock, John B. Goodennough, “Toward an Assurance Case Practice for Medical Devices”, 2009 [25] CISCO, “Building Trustworthy Systems with Cisco Secure Development Lifecycle”, 2016 [26] Yannick Moy, Emmanuel Ledinot, Herve Delseny, Virginie Wiels, Benjamin Monte, “Testing or Formal Verification : DC-178C Alternatives and Industrial Experience”, 2013 [27] Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh, “NIST SP 800-115, Technical Guide to Information Security Testing and Assessment – Recommandations of the National Institue of Standards and Technology”, 2008 [28] Steve Lipner, Microsoft, “The Security Development Lifecycle”, 2010 [29] Michael Felderer, Ruth Breu, Matthias Buchler, “Security Testing : A Survey”, 2016 [30] Vijay D’Silva, Daniel Kroening, George Weissenbacher, “A Survey of Automated Techniques for Formal Software Verification” [31] John Rushby, Xidong Xu, Rangarajan and Thomas L. Weaver, “Understanding and Evaluating Assurance Case”, 2015 [32] David J.Rinehart, John C. Knight, Jonathan Rowanhill, “Current Practices in Constructing and Evaluating Assurance Case with Application to Aviation”, 2015 [33] The Government of Japan, “Cybersecurity Strategy 2015”
  • 70. Reference [34] Yasu Taniwaki, Deputy Director-General National Information Security Center, “Cybersecurity Strategy in Japan”, 2014 [35] “The NRL Protocol Analyzer : An Overview”, 1994 [36] Bruno Blanchet, “Automatic Verification of security protocols : the tools ProVerif and CryptoVerif”, 2011 [37] Tobias Nipkow, “Programming and Proving in Isabelle/HOL”, 2016 [38] Assistant Secretary of the Navy Chief System Engineer, “Software Security Assessment Tools Review”, 2009 [39] S.Santiago, C.Talcott, S.Escobar, C.Meadows, J.Meseguer, “A Graphical User Interface for Maude-NPA”, 2009 [40] NIST, "Source Code Security Analyzers" [41] Cadar, Cristian, "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs", 2008 [42] Cha, Sang Kil, "Unleashing MAYHEM on Binary Code", 2012 [43] Giovanni Vigna, "Autonomous Hacking: The New Frontiers of Attack and Defense", 2016 [44] Antonio Bianchi, "A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge", 2015 [45] Jonathan Salwan, "Triton: Concolic Execution Framework", 2016 [46] Godefroid, "SAGE: Whitebox Fuzzing for Security Testing", 2012 [47] Michael Zalewski, "American Fuzzy Lop (http://lcamtuf.coredump.cx/afl/)", 2015 [48] Vegard Nossum, Oracle, "Filesystem Fuzzing with American Fuzzy Lop", 2016 [49] Hongzhe Li, "CLORIFI: software vulnerability discovery using code clone verification", 2015 [50] Stephens, "Driller: Augmenting Fuzzing Through Selective Symbolic Execution", 2016 [51] John Rushby, “The Interpretation and Evaluation of Assurance Cases”, SRI International Technical Report, 2015