Code reusing is a common practice in software development due to its various benefits. Such a practice, however, may also cause large scale security issues since one vulnerability may appear in many different software due to cloned code fragments. The well known concept of relying on software diversity for security may also be compromised since seemingly different software may in fact share vulnerable code fragments. Although there exist efforts on detecting cloned code fragments, there lack solutions for formally characterizing their specific impact on security. In this paper, we revisit the concept of software diversity from a security viewpoint. Specifically, we define the novel concept of common attack surface to model the relative degree to which a pair of software may be sharing potentially vulnerable code fragments. To implement the concept, we develop an automated tool, CASFinder, in order to efficiently identify common attack surface between any given pair of software with minimum human intervention. Finally, we conduct experiments by applying our tool to real world open source software applications. Our results demonstrate many seemingly unrelated software applications indeed share significant common attack surface.
The infrastructure systems of power, natural gas, potable water are important parts of lifeline systems. As the complexity the systems are unavoidably disturbed by external and internal perturbations and may cause great disruptions, amplifying negative consequences. Reliability and vulnerability analysis of critical infrastructures for security considerations has become an important subject and some achievements have been acquired on this area. Since different infrastructure systems have different structures and operation mechanisms. A framework of analysis is necessary and seems to be needed. This paper takes power transmission network in a major city of China as example and develops a framework for the analysis of the vulnerability of the power network.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.