| LDR | | 00000nam u2200205 4500 |
| 001 | | 000000434224 |
| 005 | | 20200226142903 |
| 008 | | 200131s2019 ||||||||||||||||| ||eng d |
| 020 | |
▼a 9781088351994 |
| 035 | |
▼a (MiAaPQ)AAI22585293 |
| 040 | |
▼a MiAaPQ
▼c MiAaPQ
▼d 247004 |
| 082 | 0 |
▼a 004 |
| 100 | 1 |
▼a Melicher, William. |
| 245 | 10 |
▼a Modeling Security Weaknesses to Enable Practical Run-time Defenses. |
| 260 | |
▼a [S.l.]:
▼b Carnegie Mellon University.,
▼c 2019. |
| 260 | 1 |
▼a Ann Arbor:
▼b ProQuest Dissertations & Theses,
▼c 2019. |
| 300 | |
▼a 138 p. |
| 500 | |
▼a Source: Dissertations Abstracts International, Volume: 81-05, Section: B. |
| 500 | |
▼a Advisor: Bauer, Lujo. |
| 502 | 1 |
▼a Thesis (Ph.D.)--Carnegie Mellon University, 2019. |
| 506 | |
▼a This item must not be sold to any third party vendors. |
| 520 | |
▼a Security weaknesses are sometimes caused by patterns in human behaviors. However, it can be difficult to identify such patterns in a practical, yet accurate way. In order to fix security weaknesses, it is crucial to identify them. Useful systems to identify security weaknesses must be accurate enough to guide users' decisions, but also be lightweight enough to produce results in a reasonable time frame. In this thesis, we show how machine-learning techniques allow us to detect security weaknesses that result from patterns in human behavior faster and more efficiently than current approaches, enabling new, practical run-time defenses. We present two applications to support this thesis.First, we use neural networks to identify users' weak passwords and show how to make this approach practical for fully client-side password feedback. One problem with current password feedback is that users can get either quick but often incorrect feedback by using heuristics or accurate but slow feedback by simulating adversarial guessing. In contrast, we found that our approach to password guessing is both more accurate and more compact in implementation than previous ones, which enables us to more practically estimate resistance to password-guessing attacks in real time on client machines.Second, we use deep learning models to identify client-side cross-site scripting vulnerabilities in JavaScript code. We collected JavaScript functions from hundreds of thousands of web pages and using a taint-tracking-enabled browser labeled them according to whether they were vulnerable to cross-site scripting. We trained deep neural networks to classify source code as safe or as potentially vulnerable. We demonstrate how our models can be used as a lightweight building block to selectively enable other defenses, e.g., taint tracking. |
| 590 | |
▼a School code: 0041. |
| 650 | 4 |
▼a Computer science. |
| 690 | |
▼a 0984 |
| 710 | 20 |
▼a Carnegie Mellon University.
▼b Electrical and Computer Engineering. |
| 773 | 0 |
▼t Dissertations Abstracts International
▼g 81-05B. |
| 773 | |
▼t Dissertation Abstract International |
| 790 | |
▼a 0041 |
| 791 | |
▼a Ph.D. |
| 792 | |
▼a 2019 |
| 793 | |
▼a English |
| 856 | 40 |
▼u http://www.riss.kr/pdu/ddodLink.do?id=T15492926
▼n KERIS
▼z 이 자료의 원문은 한국교육학술정보원에서 제공합니다. |
| 980 | |
▼a 202002
▼f 2020 |
| 990 | |
▼a ***1008102 |
| 991 | |
▼a E-BOOK |