Rock Stevens scite author profile

Identifying security vulnerabilities in software is a critical task that requires significant human effort. Currently, vulnerability discovery is often the responsibility of software testers before release and white-hat hackers (often within bug bounty programs) afterward. This arrangement can be ad-hoc and far from ideal; for example, if testers could identify more vulnerabilities, software would be more secure at release time. Thus far, however, the processes used by each group -and how they compare to and interact with each other -have not been well studied. This paper takes a first step toward better understanding, and eventually improving, this ecosystem: we report on a semi-structured interview study (n=25) with both testers and hackers, focusing on how each group finds vulnerabilities, how they develop their skills, and the challenges they face. The results suggest that hackers and testers follow similar processes, but get different results due largely to differing experiences and therefore different underlying knowledge of security concepts. Based on these results, we provide recommendations to support improved security training for testers, better communication between hackers and developers, and smarter bug bounty policies to motivate hacker participation.1 The way people think and the perspectives and previous experiences they bring to bear on a problem [24, pg. 40-65].

show abstract

Investigations of the Nonlinear LMC Cepheid Period‐Luminosity Relation with Testimator and Schwarz Information Criterion Methods

Kanbur

Ngeow

Nanthakumar

et al. 2007

PUBL ASTRON SOC PAC

View full text Add to dashboard Cite

In this paper, we investigate the linearity versus non-linearity of the Large Magellanic Cloud (LMC) Cepheid period-luminosity (P-L) relation using two statistical approaches not previously applied to this problem: the testimator method and the Schwarz Information Criterion (SIC). The testimator method is extended to multiple stages for the first time, shown to be unbiased and the variance of the estimated slope can be proved to be smaller than the standard slope estimated from linear regression theory. The Schwarz Information Criterion (also known as the Bayesian Information Criterion) is more conservative than the Akaike Information Criterion and tends to choose lower order models. By using simulated data sets, we verify that these statistical techniques can be used to detect intrinsically linear and/or non-linear P-L relations. These methods are then applied to independent LMC Cepheid data sets from the OGLE project and the MACHO project, respectively. Our results imply that there is a change of slope in longer period ranges for all of the data sets. This strongly supports previous results, obtained from independent statistical tests, that the observed LMC P-L relation is non-linear with a break period at/around 10 days.

show abstract

User Interactions and Permission Use on Android

Micinski

Votipka

Stevens

et al. 2017

View full text Add to dashboard Cite

Android and other mobile operating systems ask users for authorization before allowing apps to access sensitive resources such as contacts and location. We hypothesize that such authorization systems could be improved by becoming more integrated with the app's user interface. In this paper, we conduct two studies to test our hypothesis. First, we use App-Tracer, a dynamic analysis tool we developed, to measure to what extent user interactions and sensitive resource use are related in existing apps. Second, we conduct an online survey to examine how different interactions with the UI affect users' expectations about whether an app accesses sensitive resources. Our results suggest that user interactions such as button clicks can be interpreted as authorization, reducing the need for separate requests; but that accesses not directly tied to user interactions should be separately authorized, possibly when apps are first launched.

show abstract

A Tier-Testing Strategy for Managing Programs of Environmental Effects Monitoring

Hodson

Munkittrick

Stevens

et al. 1996

View full text Add to dashboard Cite

A good environmental effects monitoring program (EEM) provides answers to clear, well-defined questions. The answers should be quantitative and lead directly to decisions about the effluent being studied and about further EEM studies. Preliminary studies should trigger more in-depth monitoring only when predefined thresholds are exceeded. When in-depth work suggests that further studies are unnecessary, there should be a return to a lower level of effort. These criteria lead directly to a tiered strategy for managing EEM that defines the sequence and choice of studies through successive cycles. The benefits of a tiered approach are (1) rules that all stakeholders can understand and comply with; (2) monitoring limited to that which is essential; and (3) assurance that all appropriate elements are included, but only when necessary. Within the context of the new pulp and paper EEM program, tier testing is an efficient, logical and systematic strategy for managing monitoring.

show abstract

Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning

Stevens¹,

Suciu²,

Ruef³

et al. 2017

Preprint

View full text Add to dashboard Cite

Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency. However, by cleverly corrupting a subset of data used as input to a target's ML algorithms, an adversary can perturb outcomes and compromise the effectiveness of ML technology. While prior work in the field of adversarial machine learning has studied the impact of input manipulation on correct ML algorithms, we consider the exploitation of bugs in ML implementations. In this paper, we characterize the attack surface of ML programs, and we show that malicious inputs exploiting implementation bugs enable strictly more powerful attacks than the classic adversarial machine learning techniques. We propose a semi-automated technique, called steered fuzzing, for exploring this attack surface and for discovering exploitable bugs in machine learning programs, in order to demonstrate the magnitude of this threat. As a result of our work, we responsibly disclosed five vulnerabilities, established three new CVE-IDs, and illuminated a common insecure practice across many machine learning systems. Finally, we outline several research directions for further understanding and mitigating this threat.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Rock Stevens

Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes

Investigations of the Nonlinear LMC Cepheid Period‐Luminosity Relation with Testimator and Schwarz Information Criterion Methods

User Interactions and Permission Use on Android

A Tier-Testing Strategy for Managing Programs of Environmental Effects Monitoring

Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning

Contact Info

Product

Resources

About