References of "Gadyatskaya, Olga 50001817"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailNew Directions in Attack Tree Research: Catching up with Industrial Needs
Gadyatskaya, Olga UL; Trujillo Rasua, Rolando UL

in Mauw, Sjouke (Ed.) Proceedings of the 4th International Workshop on Graphical Models for Security (in press)

Attack trees provide a systematic way of characterizing diverse system threats. Their strengths arise from the combination of an intuitive representation of possible attacks and availability of formal ... [more ▼]

Attack trees provide a systematic way of characterizing diverse system threats. Their strengths arise from the combination of an intuitive representation of possible attacks and availability of formal mathematical frameworks for analyzing them in a qualitative or a quantitative manner. Indeed, the mathematical frameworks have become a large focus of attack tree research. However, practical applications of attack trees in industry largely remain a tedious and error-prone exercise. Recent research directions in attack trees, such as attack tree generation, attempt to close this gap and to improve the attack tree state-of-thepractice. In this position paper we outline the recurrent challenges in manual tree design within industry, and we overview the recent research results in attack trees that help the practitioners. For the challenges that have not yet been addressed by the community, we propose new promising research directions. [less ▲]

Detailed reference viewed: 53 (2 UL)
Full Text
Peer Reviewed
See detailRefinement-Aware Generation of Attack Trees
Gadyatskaya, Olga UL; Ravi, Jhawar; Mauw, Sjouke UL et al

in Livraga, Giovanni; Mitchell, Chris J. (Eds.) Security and Trust Management - 13th International Workshop (2017, September)

Detailed reference viewed: 50 (3 UL)
Full Text
Peer Reviewed
See detailSmall changes, big changes: an updated view on the Android permission system
Zhauniarovich, Yury; Gadyatskaya, Olga UL

in Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19-21, 2016, Proceedings (2016, September)

Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. was immutably used in ... [more ▼]

Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. was immutably used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model. To our surprise, the permission system evolved with almost every release. After analysis of 16 Android versions, we can con firm that the modi fications, especially introduced in Android 6.0, considerably impact the aptness of old conclusions and tools for newer releases. For instance, since Android 6.0 some signature permissions, previously granted only to apps signed with a platform certi cate, can be granted to third-party apps even if they are signed with a non-platform certi cate; many permissions considered before as threatening are now granted by default. In this paper, we review in detail the updated system, introduced changes, and their security implications. We highlight some bizarre behaviors, which may be of interest for developers and security researchers. We also found a number of bugs during our analysis, and provided patches to AOSP where possible. [less ▲]

Detailed reference viewed: 30 (1 UL)
Full Text
Peer Reviewed
See detailBridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees
Gadyatskaya, Olga UL; Harpes, Carlo; Mauw, Sjouke UL et al

in Proc. of GraMSec (2016)

Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC ... [more ▼]

Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC 27001, risk treatment relies on catalogues of countermeasures, and the analysts are expected to estimate the residual risks. At the same time, recent advancements in attack tree theory provide elegant solutions to this optimization problem. In this short paper we propose to bridge the gap between these two worlds by introducing optimal countermeasure selection problem on attack-defense trees into the TRICK security risk assessment methodology. [less ▲]

Detailed reference viewed: 57 (5 UL)
Full Text
Peer Reviewed
See detailEvaluation of Resource-based App Repackaging Detection in Android
Gadyatskaya, Olga UL; Lezza, A.-L.; Zhauniarovich, Y.

in Proc. of NordSec (2016)

Android app repackaging threatens the health of application markets, as repackaged apps, besides stealing revenue for honest developers, are also a source of malware distribution. Techniques that rely on ... [more ▼]

Android app repackaging threatens the health of application markets, as repackaged apps, besides stealing revenue for honest developers, are also a source of malware distribution. Techniques that rely on visual similarity of Android apps recently emerged as a way to tackle the repackaging detection problem, as code-based detection techniques often fail in terms of effi ciency, and e ffectiveness when obfuscation is applied [19,21]. Among such techniques, the resource-based repackaging detection approach that compares sets of files included in apks has arguably the best performance [20,17,10]. Yet, this approach has not been previously validated on a dataset of repackaged apps. In this paper we report on our evaluation of the approach, and present substantial improvements to it. Our experiments show that the state-of-art tools applying this technique rely on too restrictive thresholds. Indeed, we demonstrate that a very low proportion of identical resource files in two apps is a reliable evidence for repackaging. Furthermore, we have shown that the Overlap similarity score performs better than the Jaccard similarity coe fficient used in previous works. By applying machine learning techniques, we give evidence that considering separately the included resource fi le types signi cantly improves the detection accuracy of the method. Experimenting with a balanced dataset of more than 2700 app pairs, we show that with our enhancements it is possible to achieve the F-measure of 0.9919. [less ▲]

Detailed reference viewed: 37 (3 UL)
Full Text
Peer Reviewed
See detailUsing attack-defense trees to analyze threats and countermeasures in an ATM: a case study
Fraile, Marlon; Ford, Margaret; Gadyatskaya, Olga UL et al

in IFIP Working Conference on The Practice of Enterprise Modeling (2016)

Detailed reference viewed: 56 (1 UL)
Full Text
Peer Reviewed
See detailAttack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0
Gadyatskaya, Olga UL; Jhawar, Ravi UL; Kordy, Piotr UL et al

in Quantitative Evaluation of Systems - 13th International Conference (2016)

Detailed reference viewed: 91 (7 UL)
Full Text
Peer Reviewed
See detailHow to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems
Gadyatskaya, Olga UL

in Proc. of GraMSec 2015 (2016)

Recently security researchers have started to look into au- tomated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is au ... [more ▼]

Recently security researchers have started to look into au- tomated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is au- tomating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to repre- sent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio- technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to o er basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself. [less ▲]

Detailed reference viewed: 58 (4 UL)
Full Text
Peer Reviewed
See detailTowards Empirical Evaluation of Automated Risk Assessment Methods
Gadyatskaya, Olga UL; Labunets, Katsiaryna; Paci, Federica

in Risks and Security of Internet and Systems (2016)

Security risk assessment methods are numerous, and it might be confusing for organizations to select one. Researchers have conducted empirical studies with established methods in order to find factors ... [more ▼]

Security risk assessment methods are numerous, and it might be confusing for organizations to select one. Researchers have conducted empirical studies with established methods in order to find factors that influence their eff ectiveness and ease of use. In this paper we evaluate the recent TREsPASS semi-automated risk assessment method with respect to the factors identfii ed as critical in several controlled experiments. We also argue that automation of risk assessment raises new research questions that need to be thoroughly investigated in future empirical studies. [less ▲]

Detailed reference viewed: 29 (0 UL)
Full Text
Peer Reviewed
See detailModelling Attack-defense Trees Using Timed Automata
Gadyatskaya, Olga UL; Hansen, R. R.; Larsen, K. G. et al

in Proc. of FORMATS (2016)

Performing a thorough security risk assessment of an organisation has always been challenging, but with the increased reliance on outsourced and off-site third-party services, i.e., ``cloud services ... [more ▼]

Performing a thorough security risk assessment of an organisation has always been challenging, but with the increased reliance on outsourced and off-site third-party services, i.e., ``cloud services'', combined with internal (legacy) IT-infrastructure and -services, it has become a very difficult and time-consuming task. One of the traditional tools available to ease the burden of performing a security risk assessment and structure security analyses in general is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we study an extension of traditional attack trees, called attack-defense trees, in which not only the attacker's actions are modelled, but also the defensive actions taken by the attacked party. In this work we use the attack-defense tree as a goal an attacker wants to achieve, and separate the behaviour of the attacker and defender from the attack-defense-tree. We give a fully stochastic timed semantics for the behaviour of the attacker by introducing attacker profiles that choose actions probabilistically and execute these according to a probability density. Lastly, the stochastic semantics provides success probabilitites for individual actions. Furthermore, we show how to introduce costs of attacker actions. Finally, we show how to automatically encode it all with a network of timed automata, an encoding that enables us to apply state-of-the-art model checking tools and techniques to perform fully automated quantitative and qualitative analyses of the modelled system. [less ▲]

Detailed reference viewed: 42 (5 UL)
Full Text
Peer Reviewed
See detailTowards Black Box Testing of Android Apps
Zhauniarovich, Yury; Philippov, Anton; Gadyatskaya, Olga UL et al

in Proc. of Software Assurance Workshop at the 10th International Conference on Availability, Reliability and Security (ARES) (2015, August)

Many state-of-art mobile application testing frameworks (e.g., Dynodroid, EvoDroid) enjoy Emma or other code coverage libraries to measure the coverage achieved. The underlying assumption for these ... [more ▼]

Many state-of-art mobile application testing frameworks (e.g., Dynodroid, EvoDroid) enjoy Emma or other code coverage libraries to measure the coverage achieved. The underlying assumption for these frameworks is availability of the app source code. Yet, application markets and security researchers face the need to test third-party mobile applications in the absence of the source code. There exists a number of frameworks both for manual and automated test generation that address this challenge. However, these frameworks often do not provide any statistics on the code coverage achieved, or provide coarse-grained ones like a number of activities or methods covered. At the same time, given two test reports generated by different frameworks, there is no way to understand which one achieved better coverage if the reported metrics were different (or no coverage results were provided). To address these issues we designed a framework called BBOXTESTER that is able to generate code coverage reports and produce uniform coverage metrics in testing without the source code. Security researchers can automatically execute applications exploiting current stateof- art tools, and use the results of our framework to assess if the security-critical code was covered by the tests. In this paper we report on design and implementation of BBOXTESTER and assess its efficiency and effectiveness. [less ▲]

Detailed reference viewed: 36 (1 UL)
Full Text
Peer Reviewed
See detailStaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications
Zhauniarovich, Yury; Ahmad, Maqsood; Gadyatskaya, Olga UL et al

in Proceedings of CODASPY '15 (2015, March)

Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use ... [more ▼]

Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These techniques defuse even the most recent static analyzers that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA. [less ▲]

Detailed reference viewed: 46 (0 UL)
Full Text
Peer Reviewed
See detailFSquaDRA: Fast Detection of Repackaged Applications
Zhauniarovich, Yury; Gadyatskaya, Olga UL; Crispo, Bruno et al

in Data and Applications Security and Privacy XXVIII (2014, July)

The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of ... [more ▼]

The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the “look and feel” of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score. [less ▲]

Detailed reference viewed: 66 (3 UL)