Working across borders for secure systems

Dashboard 1

Research Snapshot



Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis*

The future of bug hunting is proactive instead of reactive. SCP Ph.D. student Carter Yagemann and his co-authors developed a method that will provide software developers with the information they need to fix bugs in their software.

Carter designed, Bunkerbuster, a prototype designed to use data gathered by Tech researchers to identify bugs in software.

Bunkerbuster was implemented in Linux and evaluated 15 programs. It found 39 instances of targeted bug classes, 8 of which had never been reported before, leading to patches being issued.



Don’t Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password*

Typo-Tolerant password authentication systems are more user-friendly, but do they pose a security risk?  SCP Ph.D. student Sena Sahin says absolutely. 

Prior security analysis of these systems has demonstrated they do not afford a significant advantage to password spraying attacks. Sena re-evaluated the security implications of typo-tolerant password schemes, expanding the threat model to include credential stuffing and tweaking attacks. She demonstrated that bad actors combining these attacks are 45% more likely to succeed in breaking through a typo-tolerant password design. 

What does this mean? The security risk of typo-tolerance is severe, exceedingly more so than previously understood. To fix this problem, Sena has developed machine learning models to predict if a password would be vulnerable to credential stuffing attacks once a typo-tolerance policy is enabled. 

The models exhibit suitable operating points on the functionality-security tradeoff spectrum. This allows online services the opportunity to deploy typo-tolerance in a safer capacity. These models also help mitigate the security costs of typo-tolerant password authentication while keeping its functionality.



C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration*

In a collaboration with industry and government research labs, ECE Ph.D. student Jonathan Fuller spearheaded a team that built a framework that automatically identifies over-permissioned bots in a botnet and extracts key information.

Dubbed C3PO, the framework was able to spy on Command and Control (C&C) servers gleaning information about botnet operations to support disruption and take down attempts.

Of the 200k malware analyzed, C3PO found 62,202 malware using over-permissioned protocols. Notably, C3PO was targeted at two live C&C servers demonstrating the efficacy of their approach.


These three papers, along with seven others written by Georgia Tech authors, will be presented this week at the ACM Conference on Computer and Communications Security. The daily schedule of events can be found here. To view a map of all papers in CCS 2021, click here.


Sources:
*C. Yagemann, S. Chung, B. Saltaformaggio, W. Lee, Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis. In Proceedings of the 2021 ACM Conference on Computer and Communications Security (CCS’21). Seoul, Republic of Korea. November 15–19, 2021.

*S. Sahin and F. Li, Don’t Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21), November 15–19, 2021, Virtual Event, Republic of Korea. ACM, New York, NY, USA, 19 pages.

*J. Fuller, R. Pai Kasturi, A. Sikder, B. Arik, H. Xu, V. Verma, E. Asdar, B. Saltaformaggio, C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration. In Proceedings of the 2021 ACM Conference on Computer and Communications Security (CCS’21), Seoul, South Korea, 2021