Reverse-engineering systems to identify security flaws and understand behaviour

Lead Research Organisation: University of Sheffield
Department Name: Computer Science

Abstract

This PhD will consider how to reverse engineer models from underlying Erlang-based systems, with a particular emphasis on security questions. Erlang and security. Erlang is not conceived for a hostile environment, but rather for a firewall protected internal network. While this assumption is still valid for the domain where Erlang was conceived, the use of Erlang has been shifting to provide widely accessible online services, where security threads are more likely to occur. Today, exploiting a security vulnerability that compromises a single Erlang node automatically compromises them all. If two Erlang nodes are connected, there is nothing one node cannot do on the other one. This PhD focuses on developing techniques (and tools) to detect security threads in existing Erlang code. Distributed systems and EFSM. FSM inference has been used very successfully for both analysing test sets and for generating test sets for general system testing. However, FSM models do not contain data, either as parameters of operation, or as a less finite way to store information in the system state. EFSMs include data parameters and data registers that allow for events to include guards over the data that influence control flow decisions, and to include data values in the computation of results and outputs. There is a body of work focusing on EFSM inference, however these techniques often simply include all of the available data and require overly complex or overly general inferred expressions to account for data that is not directly relevant to the properties of interest. In previous work that has been directed at security property testing, the aim has been to abstract away as much data as need in order to be able to verify security properties of interest. In this PhD we focus on inferring EFSMs for distributed systems in order to produce models that include the flow and use of data. This will make use of the inference techniques developed in the department. This PhD will develop language and practises for expressing security properties and then will apply these to models built from industrial case studies.

Studentship Projects

Project Reference Relationship Related To Start End Student Name
EP/N509735/1 30/09/2016 29/09/2021
2112618 Studentship EP/N509735/1 30/09/2017 23/10/2020 John Foster
 
Description During the course of this project, I have developed a technique to infer extended finite state machine (EFSM) models from software execution traces. These models improve on those inferred by existing techniques in that they include register update functions which dictate how individual variables are changed during model execution. I have also developed infrastructure for both SAL (a model checking tool) and Isabelle/HOL (a proof assistant) such that properties of the inferred models can be proven. As a result of this, I have proven several key properties about linear temporal logic, which have been added to the development version Isabelle/HOL which will be released later this year.
Exploitation Route The inference tool developed here are still too premature to be industrially applicable. In an academic context, there are several directions of future research. Currently, the tool only supports software traces which contain inputs/outputs that are either integers or strings. It is desirable to support more complex datatypes such as floats and lists. It is also desirable to extend the technique to support indirect referencing such that we might be able to model simple databases.

In terms of using the inferred models, it would be good to put in place infrastructure to generate software tests from the models. It is also desirable to put in place further infrastructure in Isabelle/HOL to ease proofs over the models.
Sectors Other

URL https://github.com/jmafoster1/efsm-inference
 
Title EFSM Inference Tool 
Description Given a set of traces in JSON format, this tool will infer an EFSM models which describes and generalises the behaviour of those traces. 
Type Of Technology Software 
Year Produced 2019 
Impact Currently, this tool has not been used outside of academia. 
URL https://github.com/jmafoster1/efsm-inference