Software Forensics Overview



Similar documents
Stephen MacDonell Andrew Gray Grant MacLennan Philip Sallis. The Information Science Discussion Paper Series. Number 99/12 June 1999 ISSN X

Mining Authorship

Software Forensics: Can We Track Code to its Authors?

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Domains and Competencies

Computer Forensics Preparation

CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Computer Crime & Security Survey

Incident Object Description and Exchange Format

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Secure By Design: Security in the Software Development Lifecycle

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

How To Monitor The Internet In Idaho

CHAPTER 10: COMPUTER SECURITY AND RISKS

Cyril Onwubiko Networking and Communications Group ncg.kingston.ac.

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS SITE

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Subject: Computers & Electronic Records. Responsible Party: Part C Coordinator

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

ISO Information Security Management Systems Foundation

DATA BREACH COVERAGE

Performing Effective Risk Assessments Dos and Don ts

AUTOMATED PENETRATION TESTING PRODUCTS

CS574 Computer Security. San Diego State University Spring 2008 Lecture #7

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Weighted Total Mark. Weighted Exam Mark

Cracking and Computer Security

Cyber Security Awareness. Internet Safety Intro.

Computer Crime & Security Survey

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

FLORIDA A&M UNIVERSITY BOARD OF TRUSTEES NOTICE OF PROPOSED AMENDED REGULATION

E-Learning Security Models

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

SECURITY. Risk & Compliance Services

Incident categories. Version (final version) Procedure (PRO 303)

Using Data Analytics to Detect Fraud. Other Data Analysis Techniques

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

BE SAFE ONLINE: Lesson Plan

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Security Defense Strategy Basics

A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM

Question: 1 You type a document and you want to insert header from third page. Which of the following technique will you use to accomplish the task?

Acceptable Use of Computing and Information Technology Resources

Managing Cyber Risk through Insurance

Course Forensic Science. Unit II History

Certified Cyber Security Analyst VS-1160

THE BACHELOR S DEGREE IN SPANISH

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

The Four-Step Guide to Understanding Cyber Risk

ARIZONA CTE CAREER PREPARATION STANDARDS & MEASUREMENT CRITERIA SOFTWARE DEVELOPMENT,

(General purpose) Program security. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.

UVic Department of Electrical and Computer Engineering

Certified Cyber Security Analyst VS-1160

HOW TO REFERENCE A GUIDE FOR STUDENTS. Mandy Shaw (2004) Division of Criminology Nottingham Trent University

PTE Academic Recommended Resources

Insurance as Operational Risk Management Tool

NOVA COLLEGE-WIDE COURSE CONTENT SUMMARY ITE INTRODUCTION TO COMPUTER APPLICATIONS & CONCEPTS (3 CR.)

Business Management & Administration Career Cluster Introduction to Business & Technology Course Number

Cybercrimes: A Multidisciplinary Analysis

Penetration Testing Service. By Comsec Information Security Consulting

Incident Reporting Guidelines for Constituents (Public)

PROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS DA-1

Identifying & Managing IT Risks to Your Business

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant

Analysis Of Source Lines Of Code(SLOC) Metric

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

Writing Papers And Essays

MAINE COMMUNITY COLLEGE SYSTEM. SUBJECT: COMPUTER AND NETWORK USE PURPOSE: To promote the responsible use of college and System computers and networks

CS 392/681 - Computer Security. Module 16 Vulnerability Analysis

Introduction to Information Visualization

UNDERGRADUATE DEGREE PROGRAMME IN COMPUTER SCIENCE ENGINEERING SCHOOL OF COMPUTER SCIENCE ENGINEERING, ALBACETE

AUTOMATED PENETRATION TESTING PRODUCTS

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Framework for Live Digital Forensics using Data Mining

Information Security Awareness Training. Course Outline. Provides a brief orientation to the topics covered in the module.

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Information Technology Career Cluster Introduction to Digital Technology Course Number

Chapter 14 Computer Threats

Transcription:

Software Forensics Overview Yanet Manzano Florida State University manzano@cs.fsu.edu manzano@cs.fsu.edu 1 Outline Introduction Computer Programming Language Source Code Flexibility Software Forensics Software Forensics Applications Additional Sources of Information Motivation for Software Forensic Practice of Software Forensics Analyzing Executable Code Analyzing Source Code Forensic Analysis Final Step Review Conclusion Bibliography manzano@cs.fsu.edu 2 1

Introduction computer programs are written in source code Source code produced by programmers or generated by programs written in a computer programming language manzano@cs.fsu.edu 3 Computer Programming Language can be treated as a form of language from a linguistic perspective, and differ in Generation: time that they were devised and reflecting their level of abstraction Type: procedural, declarative, object_oriented, and functional Can be examined from a forensic viewpoint manzano@cs.fsu.edu 4 2

Source Code Source code is more formal and restrictive than spoken or written languages However, computer programmers still have a large degree of flexibility when writing a program to achieve a particular function manzano@cs.fsu.edu 5 Flexibility Includes algorithm used to solve the problem code layout spacing, indentation, bordering characters used to set off sections of code, etc. stylistic manner in which the algorithm is implemented particular choice of program statements used, variable names, etc. manzano@cs.fsu.edu 6 3

Flexibility Other flexibilities include selecting: the computer platform programming language compiler text editor to be used etc. These additional decisions may allow the programmer some further degrees of freedom, and expressiveness manzano@cs.fsu.edu 7 Software Forensics Features of a computer program (algorithm, layout, style, and environment) can be specific to certain programmers or types of programmer Particular combinations of features and programming idioms can make up a programmer s problem_solving vocabulary Therefore, computer programs contain some degree of information that provides evidence of the author s identity and characteristics manzano@cs.fsu.edu 8 4

Software Forensic Applications Author discrimination: Authorship Analysis task of deciding whether some pieces of code were written by a single author or by (some number of) different authors. calculation of some similarity between the two or more pieces of code manzano@cs.fsu.edu 9 Software Forensic Applications Author identification: Authorship Analysis determine the likelihood of a particular author having written some piece(s) of code usually based on other code samples from that programmer. Example: a virus manzano@cs.fsu.edu 10 5

Software Forensic Applications Author characterization: Authorship Analysis determining some characteristics of the programmer Example: particular educational background due to the programming style and techniques used manzano@cs.fsu.edu 11 Software Forensic Applications Author intent determination: Authorship Analysis determine whether code that has had an undesired effect was written with deliberate malice, or was the result of an accidental error can be extended to check for negligence manzano@cs.fsu.edu 12 6

Additional Sources of Evidence In addition to analyzing a source code you can also analyze object code/executable code By decompiling it into source code with some information loss (optimization) Info obtain: compiler and/or platform used, from certain features contained in the executable that suggest the Info obtain varies, in general source code is the better source of evidence manzano@cs.fsu.edu 13 Motivation for Software Forensics Threats: virus, worms, Trojan horses, logic bomb, plagiarism (theft of code) Aggregate cost of reported computer crime and security breaches in 2002 CRIME TYPE Theft of proprietary info Financial Fraud Virus Unauthorized insider access LOSSES over 170 million over 115 million over 49 million over 4 million manzano@cs.fsu.edu 14 7

Practice of Software Forensics Psychological analysis of code can be performed A more scientific approach: quantitative and qualitative measurements made on computer program source code and object code automatically extracted by analysis tools calculated by an expert using some combination of these two methods. manzano@cs.fsu.edu 15 Analyzing Executable Code Useful Features Data structure and algorithm Compiler and system information Programming skills and system knowledge Choice of system calls Errors manzano@cs.fsu.edu 16 8

Analyzing Source Code Useful Features Language Formatting Special features like conditional compilation construct specially those involving initialization and declaration files Comment styles Variable names Spelling and grammar Use of language features manzano@cs.fsu.edu 17 Analyzing Source Code Useful Features Scoping ration of global to local identifiers) Execution path Ex: code fully functional but never reference by any execution path) Bugs Metrics software metrics: number of lines of code per function, number of blank lines manzano@cs.fsu.edu 18 9

Final Step of the Forensic Analysis Once these metrics have been extracted, a number of different modeling techniques, such as cluster analysis can be used to derive models The form of the model, the technique used, and the metrics of use all depend greatly on the purpose of the analysis and on the information available manzano@cs.fsu.edu 19 Review The fundamental assumption of software forensics is that programmers tend to have coding styles that are distinct, at least to some degree As such these styles and features are often recognizable in source code analysis Software Forensic Goal: analyzing computer programs authorship for legal reasons manzano@cs.fsu.edu 20 10

Conclusion Software Forensics can be, and has being used for a number of diverse tasks More Common Applications Areas of malicious code analysis Detection of plagiarism (code theft) Less common areas psychological studies of programming assessing source code for quality identifying authors of code for maintenance purposes manzano@cs.fsu.edu 21 Bibliography Andrew Gray, Philip Sallis, and Stephen MacDonell. "Software Forensics: Extending Authorship Analysis Techniques to Computer Programs." Proceedings of the 3rd Biannual Conference of the International Association of Forensic Linguists (IAFL). Durham NC, USA, 1997 Ivan Krsul. "Authorship Analysis: Identifying The Author of a Program." CSD-TR-94-030, Department of Computer Science, Purdue University, 1994 Eugene H. Spafford and Stephen A. Weeber. "Software Forensics: Can We Track Code to its Authors?." Purdue TR CSD-TR92010, SERC TR SERC-TR 110-P, Department of Computer Sciences, Purdue University, 1992 Robert W. Sebesta. Programming Languages Fourth Edition. Addison- Wesley Longman Inc.1999 "2002 CSI/FBI Computer Crime and Security Survey." Computer Security Issues & Trends. CSI Institute manzano@cs.fsu.edu 22 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information