상세정보
Export to Refworks부가기능
Modeling Security Weaknesses to Enable Practical Run-time Defenses
상세 프로파일
| 자료유형 | 학위논문 |
|---|---|
| 서명/저자사항 | Modeling Security Weaknesses to Enable Practical Run-time Defenses. |
| 개인저자 | Melicher, William. |
| 단체저자명 | Carnegie Mellon University. Electrical and Computer Engineering. |
| 발행사항 | [S.l.]: Carnegie Mellon University., 2019. |
| 발행사항 | Ann Arbor: ProQuest Dissertations & Theses, 2019. |
| 형태사항 | 138 p. |
| 기본자료 저록 | Dissertations Abstracts International 81-05B. Dissertation Abstract International |
| ISBN | 9781088351994 |
| 학위논문주기 | Thesis (Ph.D.)--Carnegie Mellon University, 2019. |
| 일반주기 |
Source: Dissertations Abstracts International, Volume: 81-05, Section: B.
Advisor: Bauer, Lujo. |
| 이용제한사항 | This item must not be sold to any third party vendors. |
| 요약 | Security weaknesses are sometimes caused by patterns in human behaviors. However, it can be difficult to identify such patterns in a practical, yet accurate way. In order to fix security weaknesses, it is crucial to identify them. Useful systems to identify security weaknesses must be accurate enough to guide users' decisions, but also be lightweight enough to produce results in a reasonable time frame. In this thesis, we show how machine-learning techniques allow us to detect security weaknesses that result from patterns in human behavior faster and more efficiently than current approaches, enabling new, practical run-time defenses. We present two applications to support this thesis.First, we use neural networks to identify users' weak passwords and show how to make this approach practical for fully client-side password feedback. One problem with current password feedback is that users can get either quick but often incorrect feedback by using heuristics or accurate but slow feedback by simulating adversarial guessing. In contrast, we found that our approach to password guessing is both more accurate and more compact in implementation than previous ones, which enables us to more practically estimate resistance to password-guessing attacks in real time on client machines.Second, we use deep learning models to identify client-side cross-site scripting vulnerabilities in JavaScript code. We collected JavaScript functions from hundreds of thousands of web pages and using a taint-tracking-enabled browser labeled them according to whether they were vulnerable to cross-site scripting. We trained deep neural networks to classify source code as safe or as potentially vulnerable. We demonstrate how our models can be used as a lightweight building block to selectively enable other defenses, e.g., taint tracking. |
| 일반주제명 | Computer science. |
| 언어 | 영어 |
| 바로가기 | 
: 이 자료의 원문은 한국교육학술정보원에서 제공합니다. |
