-
Do Large Code Models Understand Programming Concepts? A Black-box Approach
Authors:
Ashish Hooda,
Mihai Christodorescu,
Miltiadis Allamanis,
Aaron Wilson,
Kassem Fawaz,
Somesh Jha
Abstract:
Large Language Models' success on text generation has also made them better at code generation and coding tasks. While a lot of work has demonstrated their remarkable performance on tasks such as code completion and editing, it is still unclear as to why. We help bridge this gap by exploring to what degree auto-regressive models understand the logical constructs of the underlying programs. We prop…
▽ More
Large Language Models' success on text generation has also made them better at code generation and coding tasks. While a lot of work has demonstrated their remarkable performance on tasks such as code completion and editing, it is still unclear as to why. We help bridge this gap by exploring to what degree auto-regressive models understand the logical constructs of the underlying programs. We propose Counterfactual Analysis for Programming Concept Predicates (CACP) as a counterfactual testing framework to evaluate whether Large Code Models understand programming concepts. With only black-box access to the model, we use CACP to evaluate ten popular Large Code Models for four different programming concepts. Our findings suggest that current models lack understanding of concepts such as data flow and control flow.
△ Less
Submitted 23 February, 2024; v1 submitted 8 February, 2024;
originally announced February 2024.
-
Burning the Adversarial Bridges: Robust Windows Malware Detection Against Binary-level Mutations
Authors:
Ahmed Abusnaina,
Yizhen Wang,
Sunpreet Arora,
Ke Wang,
Mihai Christodorescu,
David Mohaisen
Abstract:
Toward robust malware detection, we explore the attack surface of existing malware detection systems. We conduct root-cause analyses of the practical binary-level black-box adversarial malware examples. Additionally, we uncover the sensitivity of volatile features within the detection engines and exhibit their exploitability. Highlighting volatile information channels within the software, we intro…
▽ More
Toward robust malware detection, we explore the attack surface of existing malware detection systems. We conduct root-cause analyses of the practical binary-level black-box adversarial malware examples. Additionally, we uncover the sensitivity of volatile features within the detection engines and exhibit their exploitability. Highlighting volatile information channels within the software, we introduce three software pre-processing steps to eliminate the attack surface, namely, padding removal, software strip**, and inter-section information resetting. Further, to counter the emerging section injection attacks, we propose a graph-based section-dependent information extraction scheme for software representation. The proposed scheme leverages aggregated information within various sections in the software to enable robust malware detection and mitigate adversarial settings. Our experimental results show that traditional malware detection models are ineffective against adversarial threats. However, the attack surface can be largely reduced by eliminating the volatile information. Therefore, we propose simple-yet-effective methods to mitigate the impacts of binary manipulation attacks. Overall, our graph-based malware detection scheme can accurately detect malware with an area under the curve score of 88.32\% and a score of 88.19% under a combination of binary manipulation attacks, exhibiting the efficiency of our proposed scheme.
△ Less
Submitted 4 October, 2023;
originally announced October 2023.
-
Identifying and Mitigating the Security Risks of Generative AI
Authors:
Clark Barrett,
Brad Boyd,
Elie Burzstein,
Nicholas Carlini,
Brad Chen,
Jihye Choi,
Amrita Roy Chowdhury,
Mihai Christodorescu,
Anupam Datta,
Soheil Feizi,
Kathleen Fisher,
Tatsunori Hashimoto,
Dan Hendrycks,
Somesh Jha,
Daniel Kang,
Florian Kerschbaum,
Eric Mitchell,
John Mitchell,
Zulfikar Ramzan,
Khawaja Shams,
Dawn Song,
Ankur Taly,
Diyi Yang
Abstract:
Every major technical invention resurfaces the dual-use dilemma -- the new technology has the potential to be used for good as well as for harm. Generative AI (GenAI) techniques, such as large language models (LLMs) and diffusion models, have shown remarkable capabilities (e.g., in-context learning, code-completion, and text-to-image generation and editing). However, GenAI can be used just as well…
▽ More
Every major technical invention resurfaces the dual-use dilemma -- the new technology has the potential to be used for good as well as for harm. Generative AI (GenAI) techniques, such as large language models (LLMs) and diffusion models, have shown remarkable capabilities (e.g., in-context learning, code-completion, and text-to-image generation and editing). However, GenAI can be used just as well by attackers to generate new attacks and increase the velocity and efficacy of existing attacks.
This paper reports the findings of a workshop held at Google (co-organized by Stanford University and the University of Wisconsin-Madison) on the dual-use dilemma posed by GenAI. This paper is not meant to be comprehensive, but is rather an attempt to synthesize some of the interesting findings from the workshop. We discuss short-term and long-term goals for the community on this topic. We hope this paper provides both a launching point for a discussion on this important topic as well as interesting problems that the research community can work to address.
△ Less
Submitted 28 December, 2023; v1 submitted 28 August, 2023;
originally announced August 2023.
-
Formal Analysis of the API Proxy Problem
Authors:
Somesh Jha,
Mihai Christodorescu,
Anh Pham
Abstract:
Implementing a security mechanism on top of APIs requires clear understanding of the semantics of each API, to ensure that security entitlements are enforced consistently and completely across all APIs that could perform the same function for an attacker. Unfortunately, APIs are not designed to be "semantically orthogonal" and they often overlap, for example by offering different performance point…
▽ More
Implementing a security mechanism on top of APIs requires clear understanding of the semantics of each API, to ensure that security entitlements are enforced consistently and completely across all APIs that could perform the same function for an attacker. Unfortunately, APIs are not designed to be "semantically orthogonal" and they often overlap, for example by offering different performance points for the same functionality. This leaves it to the security mechanism to discover and account for API proxies, i.e., groups of APIs which together approximate the functionality of some other API. Lacking a complete view of the structure of the API-proxy relationship, current security mechanisms address it in an ad-hoc and reactive manner, by updating the implementation when new API proxies are uncovered and abused by attackers.
We analyze the problem of discovering API-proxy relationships and show that its complexity makes it NP-complete, which makes computing exact information about API proxies prohibitively expensive for modern API surfaces that consist of tens of thousands of APIs. We then propose a simple heuristic algorithm to approximate the same API-proxy information and argue that this overapproximation can be safely used for security purposes, with only the downside of some utility loss. We conclude with a number of open problems of both theoretical and practical interest and with potential directions towards new solutions for the API-proxy problem.
△ Less
Submitted 27 February, 2023;
originally announced February 2023.
-
Privacy-Preserving Application-to-Application Authentication Using Dynamic Runtime Behaviors
Authors:
Mihai Christodorescu,
Maliheh Shirvanian,
Shams Zawoad
Abstract:
Application authentication is typically performed using some form of secret credentials such as cryptographic keys, passwords, or API keys. Since clients are responsible for securely storing and managing the keys, this approach is vulnerable to attacks on clients. Similarly a centrally managed key store is also susceptible to various attacks and if compromised, can leak credentials. To resolve suc…
▽ More
Application authentication is typically performed using some form of secret credentials such as cryptographic keys, passwords, or API keys. Since clients are responsible for securely storing and managing the keys, this approach is vulnerable to attacks on clients. Similarly a centrally managed key store is also susceptible to various attacks and if compromised, can leak credentials. To resolve such issues, we propose an application authentication, where we rely on unique and distinguishable application's behavior to lock the key during a setup phase and unlock it for authentication. Our system add a fuzzy-extractor layer on top of current credential authentication systems. During a key enrollment process, the application's behavioral data collected from various sensors in the network are used to hide the credential key. The fuzzy extractor releases the key to the server if the application's behavior during the authentication matches the one collected during the enrollment, with some noise tolerance. We designed the system, analyzed its security, and implemented and evaluated it using 10 real-life applications deployed in our network. Our security analysis shows that the system is secure against client compromise, vault compromise, and feature observation. The evaluation shows the scheme can achieve 0 percent False Accept Rate with an average False Rejection Rate 14 percent and takes about 51 ms to successfully authenticate a client. In light of these promising results, we expect our system to be of practical use, since its deployment requires zero to minimal changes on the server.
△ Less
Submitted 23 November, 2022;
originally announced November 2022.
-
Universal Payment Channels: An Interoperability Platform for Digital Currencies
Authors:
Mihai Christodorescu,
Erin English,
Wanyun Catherine Gu,
David Kreissman,
Ranjit Kumaresan,
Mohsen Minaei,
Srinivasan Raghuraman,
Cuy Sheffield,
Arjuna Wijeyekoon,
Mahdi Zamani
Abstract:
With the innovation of distributed ledger technology (DLT), often known as blockchain technology, there has been significant growth of digital tokens in the form of cryptocurrencies, stablecoins, and central bank digital currencies. As the number of DLT networks increases, each with varying design characteristics, the likelihood that transacting parties are on the same network decreases. Thus, it…
▽ More
With the innovation of distributed ledger technology (DLT), often known as blockchain technology, there has been significant growth of digital tokens in the form of cryptocurrencies, stablecoins, and central bank digital currencies. As the number of DLT networks increases, each with varying design characteristics, the likelihood that transacting parties are on the same network decreases. Thus, it is crucial to facilitate payments that are universal across networks, scalable to massive loads, and highly available. We envision a future payment network that may be built on top of DLT networks without being subject to their limitations on interoperability, scalability, and availability faced by DLT payment solutions today. Specifically, we propose a hub-and-spoke payment route, referred to here as Universal Payment Channels (UPC), that can be used to support digital token transfers of funds across different networks through payment channels. We further discuss the potential use cases of the UPC technology to support, and not complicate, an already robust digital payment ecosystem. Finally, through the paper, we share some future directions of the UPC technology.
△ Less
Submitted 28 September, 2021; v1 submitted 24 September, 2021;
originally announced September 2021.
-
Towards a Two-Tier Hierarchical Infrastructure: An Offline Payment System for Central Bank Digital Currencies
Authors:
Mihai Christodorescu,
Wanyun Catherine Gu,
Ranjit Kumaresan,
Mohsen Minaei,
Mustafa Ozdayi,
Benjamin Price,
Srinivasan Raghuraman,
Muhammad Saad,
Cuy Sheffield,
Minghua Xu,
Mahdi Zamani
Abstract:
Digital payments traditionally rely on online communications with several intermediaries such as banks, payment networks, and payment processors in order to authorize and process payment transactions. While these communication networks are designed to be highly available with continuous uptime, there may be times when an end-user experiences little or no access to network connectivity.
The growi…
▽ More
Digital payments traditionally rely on online communications with several intermediaries such as banks, payment networks, and payment processors in order to authorize and process payment transactions. While these communication networks are designed to be highly available with continuous uptime, there may be times when an end-user experiences little or no access to network connectivity.
The growing interest in digital forms of payments has led central banks around the world to explore the possibility of issuing a new type of central-bank money, known as central bank digital currency (CBDC). To facilitate the secure issuance and transfer of CBDC, we envision a CBDC design under a two-tier hierarchical trust infrastructure, which is implemented using public-key cryptography with the central bank as the root certificate authority for generating digital signatures, and other financial institutions as intermediate certificate authorities. One important design feature for CBDC that can be developed under this hierarchical trust infrastructure is an offline capability to create secure point-to-point offline payments through the use of authorized hardware. An offline capability for CBDC as digital cash can create a resilient payment system for consumers and businesses to transact in any situation.
We propose an offline payment system (OPS) protocol for CBDC that allows a user to make digital payments to another user while both users are temporarily offline and unable to connect to payment intermediaries (or even the Internet). OPS can be used to instantly complete a transaction involving any form of digital currency over a point-to-point channel without communicating with any payment intermediary, achieving virtually unbounded throughput and real-time transaction latency.
△ Less
Submitted 14 December, 2020;
originally announced December 2020.
-
Robust and Accurate Authorship Attribution via Program Normalization
Authors:
Yizhen Wang,
Mohannad Alhanahnah,
Ke Wang,
Mihai Christodorescu,
Somesh Jha
Abstract:
Source code attribution approaches have achieved remarkable accuracy thanks to the rapid advances in deep learning. However, recent studies shed light on their vulnerability to adversarial attacks. In particular, they can be easily deceived by adversaries who attempt to either create a forgery of another author or to mask the original author. To address these emerging issues, we formulate this sec…
▽ More
Source code attribution approaches have achieved remarkable accuracy thanks to the rapid advances in deep learning. However, recent studies shed light on their vulnerability to adversarial attacks. In particular, they can be easily deceived by adversaries who attempt to either create a forgery of another author or to mask the original author. To address these emerging issues, we formulate this security challenge into a general threat model, the $\textit{relational adversary}$, that allows an arbitrary number of the semantics-preserving transformations to be applied to an input in any problem space. Our theoretical investigation shows the conditions for robustness and the trade-off between robustness and accuracy in depth. Motivated by these insights, we present a novel learning framework, $\textit{normalize-and-predict}$ ($\textit{N&P}$), that in theory guarantees the robustness of any authorship-attribution approach. We conduct an extensive evaluation of $\textit{N&P}$ in defending two of the latest authorship-attribution approaches against state-of-the-art attack methods. Our evaluation demonstrates that $\textit{N&P}$ improves the accuracy on adversarial inputs by as much as 70% over the vanilla models. More importantly, $\textit{N&P}$ also increases robust accuracy to 45% higher than adversarial training while running over 40 times faster.
△ Less
Submitted 25 February, 2022; v1 submitted 1 July, 2020;
originally announced July 2020.
-
Privacy-Preserving Payment Splitting
Authors:
Saba Eskandarian,
Mihai Christodorescu,
Payman Mohassel
Abstract:
Widely used payment splitting apps allow members of a group to keep track of debts between members by sending charges for expenses paid by one member on behalf of others. While offering a great deal of convenience, these apps gain access to sensitive data on users' financial transactions. In this paper, we present a payment splitting app that hides all transaction data within a group from the serv…
▽ More
Widely used payment splitting apps allow members of a group to keep track of debts between members by sending charges for expenses paid by one member on behalf of others. While offering a great deal of convenience, these apps gain access to sensitive data on users' financial transactions. In this paper, we present a payment splitting app that hides all transaction data within a group from the service provider, provides privacy protections between users in a group, and provides integrity against malicious users or even a malicious server.
The core protocol proceeds in a series of rounds in which users either submit real data or cover traffic, and the server blindly updates balances, informs users of charges, and computes integrity checks on user-submitted data. Our protocol requires no cryptographic operations on the server, and after a group's initial setup, the only cryptographic tool users need is AES.
We implement the payment splitting protocol as an Android app and the accompanying server. We find that, for realistic group sizes, it requires fewer than 50 milliseconds per round of computation on a user's phone and the server requires fewer than 300 microseconds per round for each group, meaning that our protocol enjoys excellent performance and scalability properties.
△ Less
Submitted 20 November, 2019;
originally announced November 2019.
-
The House That Knows You: User Authentication Based on IoT Data
Authors:
Talha Ongun,
Oliver Spohngellert,
Alina Oprea,
Cristina Nita-Rotaru,
Mihai Christodorescu,
Negin Salajegheh
Abstract:
Home-based Internet of Things (IoT) devices have gained in popularity and many households have become 'smart' by using devices such as smart sensors, locks, and voice-based assistants. Traditional authentication methods such as passwords, biometrics or multi-factor (using SMS or email) are either not applicable in the smart home setting, or they are inconvenient as they break the natural flow of i…
▽ More
Home-based Internet of Things (IoT) devices have gained in popularity and many households have become 'smart' by using devices such as smart sensors, locks, and voice-based assistants. Traditional authentication methods such as passwords, biometrics or multi-factor (using SMS or email) are either not applicable in the smart home setting, or they are inconvenient as they break the natural flow of interaction with these devices. Voice-based biometrics are limited due to safety and privacy concerns. Given the limitations of existing authentication techniques, we explore new opportunities for user authentication in smart home environments. Specifically, we design a novel authentication method based on behavioral features extracted from user interactions with IoT devices. We perform an IRB-approved user study in the IoT lab at our university over a period of three weeks. We collect network traffic from multiple users interacting with 15 IoT devices in our lab and extract a large number of features to capture user activity. We experiment with multiple classification algorithms and also design an ensemble classifier with two models using disjoint set of features. We demonstrate that our ensemble model can classify five users with 0.97 accuracy. The behavioral authentication modules could help address the new challenges emerging with smart home ecosystems and they open up the possibility of creating flexible policies for authorization and access control.
△ Less
Submitted 27 December, 2021; v1 submitted 1 August, 2019;
originally announced August 2019.
-
COSET: A Benchmark for Evaluating Neural Program Embeddings
Authors:
Ke Wang,
Mihai Christodorescu
Abstract:
Neural program embedding can be helpful in analyzing large software, a task that is challenging for traditional logic-based program analyses due to their limited scalability. A key focus of recent machine-learning advances in this area is on modeling program semantics instead of just syntax. Unfortunately evaluating such advances is not obvious, as program semantics does not lend itself to straigh…
▽ More
Neural program embedding can be helpful in analyzing large software, a task that is challenging for traditional logic-based program analyses due to their limited scalability. A key focus of recent machine-learning advances in this area is on modeling program semantics instead of just syntax. Unfortunately evaluating such advances is not obvious, as program semantics does not lend itself to straightforward metrics. In this paper, we introduce a benchmarking framework called COSET for standardizing the evaluation of neural program embeddings. COSET consists of a diverse dataset of programs in source-code format, labeled by human experts according to a number of program properties of interest. A point of novelty is a suite of program transformations included in COSET. These transformations when applied to the base dataset can simulate natural changes to program code due to optimization and refactoring and can serve as a "debugging" tool for classification mistakes. We conducted a pilot study on four prominent models: TreeLSTM, gated graph neural network (GGNN), AST-Path neural network (APNN), and DYPRO. We found that COSET is useful in identifying the strengths and limitations of each model and in pinpointing specific syntactic and semantic characteristics of programs that pose challenges.
△ Less
Submitted 27 May, 2019;
originally announced May 2019.
-
REMOTEGATE: Incentive-Compatible Remote Configuration of Security Gateways
Authors:
Abhinav Aggarwal,
Mahdi Zamani,
Mihai Christodorescu
Abstract:
Imagine that a malicious hacker is trying to attack a server over the Internet and the server wants to block the attack packets as close to their point of origin as possible. However, the security gateway ahead of the source of attack is untrusted. How can the server block the attack packets through this gateway? In this paper, we introduce REMOTEGATE, a trustworthy mechanism for allowing any part…
▽ More
Imagine that a malicious hacker is trying to attack a server over the Internet and the server wants to block the attack packets as close to their point of origin as possible. However, the security gateway ahead of the source of attack is untrusted. How can the server block the attack packets through this gateway? In this paper, we introduce REMOTEGATE, a trustworthy mechanism for allowing any party (server) on the Internet to configure a security gateway owned by a second party, at a certain agreed upon reward that the former pays to the latter for its service. We take an interactive incentive-compatible approach, for the case when both the server and the gateway are rational, to devise a protocol that will allow the server to help the security gateway generate and deploy a policy rule that filters the attack packets before they reach the server. The server will reward the gateway only when the latter can successfully verify that it has generated and deployed the correct rule for the issue. This mechanism will enable an Internet-scale approach to improving security and privacy, backed by digital payment incentives.
△ Less
Submitted 13 September, 2017;
originally announced September 2017.
-
Learning Execution Contexts from System Call Distributions for Intrusion Detection in Embedded Systems
Authors:
Man-Ki Yoon,
Sibin Mohan,
Jaesik Choi,
Mihai Christodorescu,
Lui Sha
Abstract:
Existing techniques used for intrusion detection do not fully utilize the intrinsic properties of embedded systems. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal execu…
▽ More
Existing techniques used for intrusion detection do not fully utilize the intrinsic properties of embedded systems. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. We also present an architectural framework with minor processor modifications to aid in this process. Our prototype shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.
△ Less
Submitted 2 August, 2015; v1 submitted 23 January, 2015;
originally announced January 2015.