Third Workshop on
Quality of Protection
Workshop co-located with CCS-2007

Mon. Oct. 29 - Alexandria VA, USA
Hilton Alexandria Mark Center



Invited Speaker

Accepted papers

Call For Papers

Call For Participation




QoP 2005

QoP 2006

QoP 2008

MetriSec 2009

QoP List of Accepted Papers

Title: AMBRA - Automated Model-Based Risk Analysis
Author(s): Marco Domenico Aime, Andrea Atzeni and Paolo Carlo Pomi

Abstract: Risk analysis is the starting baseline to choose what technical and procedural security measure an agency must employ. In spite of its importance, due to its complexity and its relative immaturity, up to now burdens on the arm of security experts, with little automation of the process. In this work we show a methodology based on existing standards, highlight tasks automatically-performable, and describe how automating them in our model.

Title: Program Obfuscation: A Quantitative Approach.
Author(s): Bertrand Anckaert, Matias Madou, Bjorn De Sutter, Bruno De Bus, Koen De Bosschere and Bart Preneel

Abstract: Despite the recent advances in the theory underlying obfuscation, there still is a need to evaluate the quality of practical obfuscating transformations more quickly and easily. This paper presents the first steps toward a comprehensive evaluation suite consisting of a number of deobfuscating transformations and complexity metrics that can be readily applied on existing and future transformations in the domain of binary obfuscation. In particular, a framework based on software complexity metrics measuring four program properties: code, control flow, data and data flow is suggested. A number of well-known obfuscating and deobfuscating transformations are evaluated based upon their impact on a set of complexity metrics. This enables us to quantitatively evaluate and compare the potency of the obfuscating and deobfuscating transformations.

Title: Experimental verification of DoS counter-measure performance.
Author(s): Daniel Boteanu, Edouard Reich, Jose M. Fernandez and John McHugh

Abstract: Among the different quality attributes of software artifacts, security has lately gained a lot of interest. However, both qualitative and quantitative methodologies to assess security are still missing. This is possibly due to the lack of knowledge about which properties must be considered when it comes to evaluate security. The above-mentioned gap is even larger when one considers key software development phases such as architectural and detailed design. This position paper highlights the fundamental questions that need to be answered in order to bridge the gap and proposes an initial approach.

Title: A technique for self-certifying tamper resistant software
Author(s): Hongxia Jin and Ginger Myles

Abstract: Until recently the use of software tamper resistance was rather limited. However, as the music and movie industries have increased their reliance on content protection systems, the importance placed on and the use of tamper resistance has also increased. Unfortunately, the nature of tamper resistance can make it difficult for developers to determine if a protection mechanism is actually robust and which attacks it can protect against. To address this issue we have designed a tool for self-certifying the strength of a tamper resistance implementation that is based on a hybrid attack-defense graph. This approach to tamper resistance evaluation is advantageous in that it enables certification without leaking confidential implementation details and it assists developers in designing more robust implementations.

Title: An algorithm for the security appraisal for complex business processes
Author(s): Fabio Massacci and Artsiom Yautsiukhin

Abstract: In order to provide certified security services we must provide indicators that can measure the level of assurance that a complex business process can offer. Unfortunately the standard formulation of security indicators is not amenable to efficient algorithms able to evaluate the level of assurance of complex process from its components. In this paper we show an algorithm based on FD-Graphs (a variant of directed hyper-graphs) that can be used to compute in polynomial time i) the overall assurance indicator of a complex business process from its components for arbitrary monotone composition functions, ii) the subpart of the business process that is responsible for such assurance indicator (i.e. the weakest security link).

Title: Quantitative Software Security Risk Assessment Model
Author(s): Idongesit Mkpong-Ruffin, David Umphress, John Hamilton and Juan Gilbert

Abstract: Risk analysis is a process for considering possible risks and determining which are the most significant for any particular effort. Determining which risks to address and the optimum strategy for mitigating said risks is often an intuitive and qualitative process. An objective view of the risks inherent in a development effort requires a quantitative risk model. Quantitative risk models used in determining which risk factors to focus on, tend to use a traditional approach of annualized loss expectancy (ALE) which is based on frequency of occurrence and the exposure factor (EF) which is the percentage of asset loss due to the potential threat in question. This research uses empirical data that reflects the security posture of each vulnerability to calculate Loss Expectancy; a risk impact estimator. Data from open source vulnerability databases and results of predicted threat models are used as input to the risk model. Security factors that take into account the innate characteristics of each vulnerability are incorporated into the calculation of the risk model. The result of this model is an assessment of the potential threats to a development effort, and ranking of these threats based on the risk metric calculation.

Title: Effect of Static Analysis Tools on Software Security: Preliminary Investigation
Author(s): Vadim Okun, William F. Guthrie, Romain Gaucher and Paul E. Black

Abstract: Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database. information on submission.

Title: Improving Vulnerability Discovery Models: Problems with definitions and assumptions
Author(s): Andy Ozment

Abstract: Security researchers are applying software reliability models to vulnerability data, in an attempt to model the vulnerability discovery process. I show that most current work on these vulnerability discovery models (VDMs) is theoretically unsound. I propose a standard set of definitions relevant to measuring characteristics of vulnerabilities and their discovery process. I then describe the theoretical requirements of VDMs and highlight the shortcomings of existing work, particularly the assumption that vulnerability discovery is an independent process.

Title: Measuring Up: How to Keep Security Metrics Useful and Realistic
Author(s): Shari Lawrence Pfleeger

Abstract: Software quality measurement has a long and not always happy history. Eager to measure many aspects of software quality, researchers sometimes have measured what was expedient or available instead of what was useful and realistic. In this talk, Shari Lawrence Pfleeger reviews software quality measurement, pointing out lessons that can be applied to current attempts to measure the security of systems and networks. She offers guidelines for effective security measurement that take into account not only the technology but also the business context in which the measurement is done.

Title: Defining Categories to Select Representative Attack Test-Cases.
Author(s): Mohammed S. Gad El Rab, Anas Abou El Kalam and Yves Deswarte

Abstract: To ameliorate the quality of protection provided by intrusion detection systems (IDS) we strongly need an effective evaluation and testing procedures. Evaluating an IDS against all known and unknown attacks is probably impossible. Nevertheless, a sensible selection of representative attacks is necessary to obtain an unbiased evaluation of such systems. To help in this selection, this paper suggests applying the same approach as in software testing: to overcome the problem of an unmanageably large set of possible inputs, software testers usually divide the data input domain into categories (or equivalence classes), and select representative instances from each category as test cases. We believe that the same principle could be applied to IDS testing if we have a reasonable classification. In this paper we make a thorough analysis of existing attack classifications in order to determine whether they could be helpful in selecting attack test cases. Based on our analysis, we construct a new scheme to classify attacks relying on those attributes that appear to be the best classification criteria. The proposed classification is mainly intended to be used for testing and evaluating IDS although it can be used for other purposes such as incident handling and intrusion reporting. We also apply the Classification Tree Method (CTM) to select attack test cases. As far as we know, this is the first time that this method is applied for this purpose.

Title: A Taxonomy for Information Security Metrics Development for ICT Product Industry
Author(s): Reijo Savola

Abstract: Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database.

Title: Measuring Network Security Using Attack Graphs
Author(s): Lingyu Wang, Anoop Singhal and Sushil Jajodia

Abstract: In measuring the overall security of a network, a crucial issue is to correctly compose the measure of individual components. Incorrect compositions may lead to misleading results. For example, a network with less vulnerabilities or a more diversified configuration is not necessarily more secure. To obtain correct compositions of individual measures, we need to first understand the interplay between network components. For example, how vulnerabilities can be combined by attackers in advancing an intrusion. Such an understanding becomes possible with recent advances in modeling network security using attack graphs. Based on our experiences with attack graph analysis, we propose an integrated framework for measuring various aspects of network security. We first outline our principles and methodologies. We then describe concrete examples to build intuitions. Finally, we present our formal framework. It is our belief that metrics developed based on the proposed framework will lead to novel quantitative approaches to vulnerability analysis, network hardening, and attack response.