Logic Flaws Research Articles

Advanced Security Auditing Methods for Solidity-Based Smart Contracts

The development of smart contracts remains in its early stages, with significant differences in underlying programming languages and application platforms resulting in a lack of standardization. This lack of standardization increases the susceptibility to vulnerabilities and associated financial losses. To address security vulnerabilities in smart contracts on the Ethereum blockchain platform, this paper proposes a security audit method based on formal verification. The method integrates an input module, static analysis module, formal verification module, analog execution module, and report and recommendation module, which can accurately discover the security vulnerabilities and logical flaws of smart contracts through formal verification and other analysis techniques, thus realizing correctness detection. During the experiment, the method detects 8 types of common vulnerabilities in 148 smart contracts and marks 21 smart contracts with vulnerabilities. After manual review and analysis, it is found that 17 of these 21 marked smart contracts do have security vulnerabilities. The experimental results show that the proposed method can accurately detect security vulnerabilities and logic flaws in smart contracts through formal verification and other analysis techniques before smart contracts are deployed, thus significantly improving the security of smart contracts and reducing the economic losses that may be caused by code defects.

Deep learning for detecting logic-flaw-exploiting network attacks: An end-to-end approach

Network attacks have become a major security concern for organizations worldwide. A category of network attacks that exploit the logic (security) flaws of a few widely-deployed authentication protocols has been commonly observed in recent years. Such logic-flaw-exploiting network attacks often do not have distinguishing signatures, and can thus easily evade the typical signature-based network intrusion detection systems. Recently, researchers have applied neural networks to detect network attacks with network logs. However, public network data sets have major drawbacks such as limited data sample variations and unbalanced data with respect to malicious and benign samples. In this paper, we present a new end-to-end approach based on protocol fuzzing to automatically generate high-quality network data, on which deep learning models can be trained for network attack detection. Our findings show that protocol fuzzing can generate data samples that cover real-world data, and deep learning models trained with fuzzed data can successfully detect the logic-flaw-exploiting network attacks.

POTENTIAL DISGUISING ATTACK VECTORS ON SECURITY OPERATION CENTERS AND SIEM SYSTEMS

In this article we highlight several potential vectors of attacks that can be carried out on a monitoring capacities powered by SOC SIEM using its common features and misconfigurations. Widely spread problems like excessive amounts of false positive alerts or not absolutely accurate configuration of the correlation rules may lead to situation where an attacker is able to trigger an undesired state of the monitoring system. We’ve find three potential vectors for evasion the SIEM powered SOCs monitoring. The first vector grounds on mechanisms used to collect event data – log collectors: the malfunctioning SIEM state can be achieved with generating and submitting the bogus event data to the processing party like SIEM. Fake data flow may cause generation of mistaken alerts which can confuse the analytics stuff. The second vector employs some of the attacker’s knowledge about actual SIEM configuration – exploitation of correlation rule flaws. Taking into account the fact that correlation rules are mostly hand-written, they are prone to some logic flaws – certain detection rules may not be triggered by all of the malicious attack indicators. An attacker with knowledge about that feature may fulfill the unrecorded conditions and trick the SIEM to treat the attack flow as benign activity. The last researched vector is based on redundantly sensitive detection rules which produce a lot of false positive alarms but are not removed. An attacker may trigger the malfunctioning alarm continuously to distract the analytics stuff and perform its actions under the cover of noise. Those discussed vectors are derived from analysis of the actual SIEM installations and SOC processes used as best practices. We have no actual indicators that those attacks are carried out “in wild” at the moment of issuing of this article, but it is highly probable that those tactics may be used in the future. The purpose of this research is to highlight the possible risks for the security operation centers connected with actual processes and practices used in industry and to develop the remediation strategy in perspective.

Static Detection of File Access Control Vulnerabilities on Windows System

SummaryTraditional applications have been developed for decades. Most of the security research around them have focused on the detection of memory corruption vulnerabilities, such as buffer overflow, double fetch, and integer overflow. On the contrary, logic bugs, a kind of flaws caused by unreasonable application logic, attract much less attention.Files are the most common media for programs to persist their data in the system. As the file owners, programs are responsible for protecting their files from malicious users' tampering by leveraging access control mechanisms. However, if a program configures their access control mechanisms in wrong ways and causes evil users to bypass security checks to access files, there exists a file access control vulnerability. As a branch of logic flaws, file access control vulnerabilities are less popular with researchers. Thus, to mitigate the harm of the file access control vulnerabilities on Windows system, our team conducted first‐step research on them. We first classified file access control bugs into two types and codified some bug patterns. Then we formalized file access control vulnerabilities to propose a scalable detection method and implemented a lightweight analysis system StaticFAC. After evaluating StaticFAC in real‐world Windows software, we discovered 15 0‐day bugs.

SARS-CoV-2 Vaccine Acceptance: We May Need to Choose Our Battles.

In this issue, Fisher and colleagues report the results of a nationally representative U.S. survey that found that only approximately 6 in 10 respondents said that they will get vaccinated when a vaccine for coronavirus disease 2019 becomes available. The editorialist discusses the findings and why closing the intention-to-behavior gap for those willing to be vaccinated rather than focusing on those hesitant about vaccination is likely to have the population health benefit.

Compulsory Schooling and Returns to Education: A Re-Examination

This paper re-examines the instrumental variable (IV) approach to estimating returns to education by use of compulsory school law (CSL) in the US. We show that the IV-approach amounts to a change in model specification by changing the causal status of the variable of interest. From this perspective, the IV-OLS (ordinary least square) choice becomes a model selection issue between non-nested models and is hence testable using cross validation methods. It also enables us to unravel several logic flaws in the conceptualisation of IV-based models. Using the causal chain model specification approach, we overcome these flaws by carefully distinguishing returns to education from the treatment effect of CSL. We find relatively robust estimates for the first effect, while estimates for the second effect are hindered by measurement errors in the CSL indicators. We find reassurance of our approach from fundamental theories in statistical learning.

Falcon: Differential fault localization for SDN control plane

The control plane of Software-Defined Networking (SDN) is the key component for overseeing and managing networks. As a software entity, the control plane is inevitable to involve design or logic flaws in its policy enforcement and network control, which can cause it to behave incorrectly and induce network anomalies. Existing approaches mainly focus on policy verification or fault troubleshooting, which have little fault localization capabilities for locating these flaws in production environments. In this paper, we present Falcon, the first Fault localization tool for the SDN control plane. We design a novel causal inference mechanism based on differential checking, which symmetrically compares two system behaviors with similar processes and identifies the causality in related code execution paths with concrete contexts to explain why a fault happened in the SDN network. Our main contributions include (1) a lightweight rule-based hybrid tracing mechanism for recording system behaviors of the SDN control plane, (2) a context-aware modeling mechanism for modeling these behaviors, and (3) a differential checking mechanism for diagnosing controller faults according to formulated symptoms. Our evaluation shows that Falcon is capable of diagnosing faults in the SDN control plane with low overhead on performance.

DetLogic: A black-box approach for detecting logic vulnerabilities in web applications

Web applications are subject to attacks by malicious users owing to the fact that the applications are implemented by software developers with insufficient knowledge about secure programming. The implementation flaws arising due to insecure coding practices allow attackers to exploit the application in order to perform adverse actions leading to undesirable consequences. These flaws can be categorized into injection and logic flaws. As large number of tools and solutions are available for addressing injection flaws, the focus of the attackers is shifting towards exploitation of logic flaws. The logic flaws allow attackers to compromise the application-specific functionality against the expectations of the stakeholders, and hence it is important to identify these flaws in order to avoid exploitation. Therefore, a prototype called DetLogic is developed for detecting different types of logic vulnerabilities such as parameter manipulation, access-control, and workflow bypass vulnerabilities in web applications. DetLogic employs black-box approach, and models the intended behavior of the application as an annotated finite state machine, which is subsequently used for deriving constraints related to input parameters, access-control, and workflows. The derived constraints are violated for simulating attack vectors to identify the vulnerabilities. DetLogic is evaluated against benchmark applications and is found to work effectively.

Lom: Discovering logic flaws within MongoDB-based web applications

Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query language (SQL) statement construction and cannot be applied to the new generation of web applications that use not only structured query language (NoSQL) databases as the storage tier. In this paper, we present Lom, a black-box approach for discovering many categories of logic flaws within MongoDBbased web applications. Our approach introduces a MongoDB operation model to support new features of MongoDB and models the application logic as a mealy finite state machine. During the testing phase, test inputs which emulate state violation attacks are constructed for identifying logic flaws at each application state. We apply Lom to several MongoDB-based web applications and demonstrate its effectiveness.

Securing web applications from injection and logic vulnerabilities: Approaches and challenges

Context: Web applications are trusted by billions of users for performing day-to-day activities. Accessibility, availability and omnipresence of web applications have made them a prime target for attackers. A simple implementation flaw in the application could allow an attacker to steal sensitive information and perform adversary actions, and hence it is important to secure web applications from attacks. Defensive mechanisms for securing web applications from the flaws have received attention from both academia and industry.Objective: The objective of this literature review is to summarize the current state of the art for securing web applications from major flaws such as injection and logic flaws. Though different kinds of injection flaws exist, the scope is restricted to SQL Injection (SQLI) and Cross-site scripting (XSS), since they are rated as the top most threats by different security consortiums.Method: The relevant articles recently published are identified from well-known digital libraries, and a total of 86 primary studies are considered. A total of 17 articles related to SQLI, 35 related to XSS and 34 related to logic flaws are discussed.Results: The articles are categorized based on the phase of software development life cycle where the defense mechanism is put into place. Most of the articles focus on detecting the flaws and preventing the attacks against web applications.Conclusion: Even though various approaches are available for securing web applications from SQLI and XSS, they are still prevalent due to their impact and severity. Logic flaws are gaining attention of the researchers since they violate the business specifications of applications. There is no single solution to mitigate all the flaws. More research is needed in the area of fixing flaws in the source code of applications.

Re-imagining Justice for Girls: A New Agenda for Research

This article argues that justice for girls has been narrowly conceived as the delivery of gender-specific interventions within a correctional framework. I contend that the translation of feminist pathways research into gender-specific programming (GSP) has inherent logic flaws and that GSP makes unwarranted assumptions about girls’ routes into and out of offending. In addition, by translating girls’ victimisation histories into individualised intervenable risks/needs, state welfare (non-)responses to them are ignored. I argue that a new feminist research agenda is required which implies a more expansive conceptualisation of justice and which investigates meso-level welfare institutional cultures and practices with troubled girls.

Effective detection of vulnerable and malicious browser extensions

Unsafely coded browser extensions can compromise the security of a browser, making them attractive targets for attackers as a primary vehicle for conducting cyber-attacks. Among others, the three factors making vulnerable extensions a high-risk security threat for browsers include: i) the wide popularity of browser extensions, ii) the similarity of browser extensions with web applications, and iii) the high privilege of browser extension scripts. Furthermore, mechanisms that specifically target to mitigate browser extension-related attacks have received less attention as opposed to solutions that have been deployed for common web security problems (such as SQL injection, XSS, logic flaws, client-side vulnerabilities, drive-by-download, etc.). To address these challenges, recently some techniques have been proposed to defend extension-related attacks. These techniques mainly focus on information flow analysis to capture suspicious data flows, impose privilege restriction on API calls by malicious extensions, apply digital signatures to monitor process and memory level activities, and allow browser users to specify policies in order to restrict the operations of extensions.This article presents a model-based approach to detect vulnerable and malicious browser extensions by widening and complementing the existing techniques. We observe and utilize various common and distinguishing characteristics of benign, vulnerable, and malicious browser extensions. These characteristics are then used to build our detection models, which are based on the Hidden Markov Model constructs. The models are well trained using a set of features extracted from a number of browser extensions together with user supplied specifications. Along the course of this study, one of the main challenges we encountered was the lack of vulnerable and malicious extension samples. To address this issue, based on our previous knowledge on testing web applications and heuristics obtained from available vulnerable and malicious extensions, we have defined rules to generate training samples. The approach is implemented in a prototype tool and evaluated using a number of Mozilla Firefox extensions. Our evaluation indicated that the approach not only detects known vulnerable and malicious extensions, but also identifies previously undetected extensions with a negligible performance overhead.

Evolving into science advocates

Evolving into science advocates

What juxtaposition, tradition and parsimony can do to vertical shifts in drug self-administration dose?response functions

In their Letter to the Editor, Zernig et al. (2003) analyzed the possible origins of the escalation of drug use observed in drug addicts. Two alternative interpretations of this phenomenon are confronted: tolerance and sensitization of drug reinforcing effects. The major message of Zernig et al. is that a “parsimonious interpretation” of the experimental literature “in accordance with the traditional clinical description” indicates “tolerance as a major factor in drug dependence.” The letter of Zernig et al. is affected by three major problems: (1) a series of sequential logic flaws that makes their demonstration not convincing, (2) a love for tradition so strong that brings the authors to support outdated ideas, (3) a so parsimonious vision of the literature that it appears unbalanced and self-serving. In our reply, we will first analyze each of these three affections from the letter of Zernig et al.. Then, we will provide an alternative interpretation of the role played by tolerance and sensitization in determining escalation of drug use.