Cybernetics And Systems Analysis logo
Editorial Board Announcements Abstracts Authors Archive
Cybernetics And Systems Analysis
International Theoretical Science Journal
Volume 55 >>> № 5 SEPTEMBER — OCTOBER 2019
UDC 004.05, 004.4[2+9], 004.94, 519.7
O.O. Letychevskyi1, V.S. Peschanenko2, Y.V. Hryniuk3,
V.Yu. Radchenko4, V.M. Yakovlev5


1 V.M. Glushkov Institute of Cybernetics, National Academy
of Sciences of Ukraine, Kyiv, Ukraine

oleksandr.letychevskyi@garuda.ai

2 Kherson State University, Kherson, Ukraine

volodymyr.peschanenko@garuda.ai

3 V.M. Glushkov Institute of Cybernetics, National Academy
of Sciences of Ukraine, Kyiv, Ukraine

yaroslav.hryniuk@garuda.ai

4 Garuda AI, Kyiv, Ukraine

viktor.radchenko@garuda.ai

5 V.M. Glushkov Institute of Cybernetics, National Academy
of Sciences of Ukraine, Kyiv, Ukraine

victor.yakovlev@garuda.ai, victor.yakovlev@ukr.net

OVERVIEW OF THE MODERN METHODS OF PROTECTION
AND SECURITY OF SOFTWARE SYSTEMS

Abstract. Security and protection of software resources are one of the most important problems in the IT industry since attackers’ actions become increasingly sophisticated and losses caused by cyberattacks are growing. Traditional methods of cyberattack prevention become inefficient; therefore, development of new methods and tools to secure software resources becomes of essential need. The studies that are based on formal methods with the use of modern algebraic theories are especially interesting and promising.

Keywords: algebraic modeling, behavior algebra, cybersecurity, formal methods, insertion programming, symbolic methods, symbolic modeling, vulnerability detection.



FULL TEXT

REFERENCES

  1. Cybercrime magazine. URL: https://cybersecurityventures.com/.

  2. Nwokedi Idika, Aditya P. Mathur. A survey of malware detection techniques. 2007. Department of Computer Science, Purdue University, West Lafayette, IN 47907. 48 p.

  3. Mohan V. Pawar, Anuradha J. Network security and types of attacks in network. ICCC-2015. URL: https://ac.els-cdn.com/S1877050915006353/1-s2.0-S1877050915006353-main.pdf?_tid=21866302- 2e58-4f1e-88d0-7d3b9825e011&acdnat=1543497106_74f03131d7fc65a2469e9708a18cc54c.

  4. Check Point Software Technologies Ltd. Software Blade Architecture. URL: https://ww.checkpoint.com/ downloads/product-related/brochure/Software-Blades-Architecture.pdf.

  5. DARPA, “Cyber Grand Challenge.” URL: https://www.cybergrandchallenge.com/.

  6. Cha S.K., Avgerinos T., Rebert A., Brumley D. Unleashing Mayhem on binary code. Proc. IEEE Symposium on Security and Privacy. 2012. P. 380–394.

  7. Nguyen-Tuong A., Melski D., Davidson J.W., Co M., Hawkins W., Hiser J. D., Morris D., Nguen D., Rizzi E. Xandra: An autonomous cyber battle system for the cyber grand challenge. IEEE Security & Privacy. 2008. Vol. 16, N 2. P. 42–53.

  8. Mechaphish Github repository. URL: https://github.com/mechaphish/mecha-docs.

  9. American Fuzzy Lop. URL: http://lcamtuf.coredump.cx/afl/.

  10. Kolosnjaji B., Zarras A., Webster G., Eckert C. Deep learning for classification of malware system call sequences. AI 2016: Advances in Artificial Intelligence. Proc. 29th Australasian Joint Conference, Hobart, TAS, Australia. December 5–8, 2016. P. 137–149.

  11. Cova M., Felmetsger V., Banks G. Static detection of vulnerabilities in x86 executables. 22nd Annual Computer Security Applications Conference (ACSAC’06). 2006. https://doi.org/10.1109/ACSAC.2006.50.

  12. Mouzarani M., Sadeghiyan B., Zolfaghari M. Detecting injection vulnerabilities in executable codes with concolic execution. Proc. 8th IEEE International Conference on Software Engineering and Service Science (ICSESS). 2017. https://doi.org/10.1109/ICSESS.2017.8342862.

  13. Cha S.K., Avgerinos T., Rebert A., Brumley D. Unleashing MAYHEM on binary code. SP ‘12 Proc. IEEE Symposium on Security and Privacy. 2012. https://doi.org/10.1109/SP.2012.31.

  14. Li Z., Zou D., Xu S., Jin H., Qi H., Hu J. VulPecker: An automated vulnerability detection system based on code similarity analysis. Proc. 32nd Annual Conference on Computer Security Applications. ACSAC’16. 2016. P. 201–213.

  15. Flake H. Structural comparison of executable objects. Proc. IEEE Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). 2004. P. 161–173.

  16. Lee G. How to formally model features of network security protocols. International Journal of Security and Its Applications. 2014. Vol. 8, N 1. P. 423–432. URL: formal.hknu.ac.kr/Publi/ijsia.pdf.

  17. Dodds J. Formal methods and the KRACK vulnerability. Galois Inc., 2017. URL: https://galois.com/ blog/2017/10/formal-methods-krack-vulnerability/.

  18. Coron J.-S. Formal verification of side-channel countermeasures via elementary circuit transformations. Proc. 16th International Conference, ACNS 2018. Leuven, Belgium, July 2–4, 2018. P. 65–82. URL: https://eprint.iacr.org/2017/879.pdf/.

  19. Jha S., Sheyner O., Wing J. Two formal analyses of attack graphs. Proc. 15th IEEE Computer Security Foundations Workshop. 2002. URL: https://ieeexplore.ieee.org/document/1021806.

  20. Bhargavan K. et al. Formal methods for analyzing crypto protocols: using legacy crypto: from attacks to proofs. URL: https://cyber.biu.ac.il/wp-content/uploads/2018/02/BIU-Bhargavan-Part1-Slides.pdf.

  21. Ferman V., Hutter D., Monroy R. A model checker for the verification of browser based protocols. Comp. y Sist. 2017. Vol. 21, N 1. URL: http://www.scielo.org.mx/pdf/cys/v21n1/1405-5546-cys- 21-01-00101.pdf.

  22. Bugliesi M., Calzavara S., Focardi R. Formal methods for web security. UniversitЧ Ca’ Foscari Venezia. URL: https://www.researchgate.net/publication/308004472_Formal_methods_for_Web_security.

  23. Tobarra L., Cazorla D., Cuartero F., DЗaz G. Application of formal methods to the analysis of web services security. URL: https://www.semanticscholar.org/paper/Application-of-formal-methods-to- the-analysis-of-Tobarra-Cazorla/544d181da33da5439efcf49f31d50116355410d9.

  24. Ray D., Ligatti J.. Defining injection attacks. Technical Report #CSE-TR-081114, University of South Florida, Department of Computer Science and Engineering. URL: http://www.cse.usf.edu/ ~ligatti/papers/broniesTR.pdf.

  25. Calzavara S. Formal methods for web session security. UniversitЧ Ca’ Foscari Venezia, Dipartimento di Scienze Ambientali, Informatica e Statistica. URL: http://sysma.imtlucca.it/cina/lib/exe/ fetch.php? media=calzavara.pdf.

  26. Bansal C., Bhargavan K., Delignat-Lavaud A., Maffeis S. Keys to the cloud: formal analysis and concrete attacks on encrypted web storage. URL: http://antoine.delignat-lavaud.fr/doc/post13.pdf. URL: https://hal.inria.fr/hal-00863375/file/keys-to-the-cloud-post13.pdf/.

  27. Gilbert D., Letichevsky A. Model for interaction of agents and environments. In: Recent Trends in Algebraic Development Technique. WaDT 1999. LNCS. Bert D., Choppy C. (Eds.). Berlin; Heidelberg: Springer-Verlag, 2000. Vol. 1827. P. 311–328.

  28. Letichevsky A., Letychevskyi O., Peschanenko V. Insertion modeling and its applications. Computer Science Journal of Moldova. 2016. Vol. 24, Iss. 3. P. 357–370.
Editorial Board Announcements Abstracts Authors Archive
about scope office editorial board instructions for authors subscriptions contacts
© 2019 Kibernetika.org. All rights reserved.