-
A Uniform Representation of Classical and Quantum Source Code for Static Code Analysis
Authors:
Maximilian Kaul,
Alexander Küchler,
Christian Banse
Abstract:
The emergence of quantum computing raises the question of how to identify (security-relevant) programming errors during development. However, current static code analysis tools fail to model information specific to quantum computing. In this paper, we identify this information and propose to extend classical code analysis tools accordingly. Among such tools, we identify the Code Property Graph to…
▽ More
The emergence of quantum computing raises the question of how to identify (security-relevant) programming errors during development. However, current static code analysis tools fail to model information specific to quantum computing. In this paper, we identify this information and propose to extend classical code analysis tools accordingly. Among such tools, we identify the Code Property Graph to be very well suited for this task as it can be easily extended with quantum computing specific information. For our proof of concept, we implemented a tool which includes information from the quantum world in the graph and demonstrate its ability to analyze source code written in Qiskit and OpenQASM. Our tool brings together the information from the classical and quantum world, enabling analysis across both domains. By combining all relevant information into a single detailed analysis, this powerful tool can facilitate tackling future quantum source code analysis challenges.
△ Less
Submitted 12 December, 2023; v1 submitted 11 August, 2023;
originally announced August 2023.
-
Poster: Patient Community -- A Test Bed For Privacy Threat Analysis
Authors:
Immanuel Kunz,
Angelika Schneider,
Christian Banse,
Konrad Weiss,
Andreas Binder
Abstract:
Research and development of privacy analysis tools currently suffers from a lack of test beds for evaluation and comparison of such tools. In this work, we propose a benchmark application that implements an extensive list of privacy weaknesses based on the LINDDUN methodology. It represents a social network for patients whose architecture has first been described in an example analysis conducted b…
▽ More
Research and development of privacy analysis tools currently suffers from a lack of test beds for evaluation and comparison of such tools. In this work, we propose a benchmark application that implements an extensive list of privacy weaknesses based on the LINDDUN methodology. It represents a social network for patients whose architecture has first been described in an example analysis conducted by one of the LINDDUN authors. We have implemented this architecture and extended it with more privacy threats to build a test bed that enables comprehensive and independent testing of analysis tools.
△ Less
Submitted 4 August, 2023;
originally announced August 2023.
-
Representing LLVM-IR in a Code Property Graph
Authors:
Alexander Küchler,
Christian Banse
Abstract:
In the past years, a number of static application security testing tools have been proposed which make use of so-called code property graphs, a graph model which keeps rich information about the source code while enabling its user to write language-agnostic analyses. However, they suffer from several shortcomings. They work mostly on source code and exclude the analysis of third-party dependencies…
▽ More
In the past years, a number of static application security testing tools have been proposed which make use of so-called code property graphs, a graph model which keeps rich information about the source code while enabling its user to write language-agnostic analyses. However, they suffer from several shortcomings. They work mostly on source code and exclude the analysis of third-party dependencies if they are only available as compiled binaries. Furthermore, they are limited in their analysis to whether an individual programming language is supported or not. While often support for well-established languages such as C/C++ or Java is included, languages that are still heavily evolving, such as Rust, are not considered because of the constant changes in the language design. To overcome these limitations, we extend an open source implementation of a code property graph to support LLVM-IR which can be used as output by many compilers and binary lifters. In this paper, we discuss how we address challenges that arise when map** concepts of an intermediate representation to a CPG. At the same time, we optimize the resulting graph to be minimal and close to the representation of equivalent source code. Our evaluation indicates that existing analyses can be reused without modifications and that the performance requirements are comparable to operating on source code. This makes the approach suitable for an analysis of large-scale projects.
△ Less
Submitted 9 December, 2022; v1 submitted 9 November, 2022;
originally announced November 2022.
-
A Continuous Risk Assessment Methodology for Cloud Infrastructures
Authors:
Immanuel Kunz,
Angelika Schneider,
Christian Banse
Abstract:
Cloud systems are dynamic environments which make it difficult to keep track of security risks that resources are exposed to. Traditionally, risk assessment is conducted for individual assets to evaluate existing threats; their results, however, are quickly outdated in such a dynamic environment. In this paper, we propose an adaptation of the traditional risk assessment methodology for cloud infra…
▽ More
Cloud systems are dynamic environments which make it difficult to keep track of security risks that resources are exposed to. Traditionally, risk assessment is conducted for individual assets to evaluate existing threats; their results, however, are quickly outdated in such a dynamic environment. In this paper, we propose an adaptation of the traditional risk assessment methodology for cloud infrastructures which loosely couples manual, in-depth analyses with continuous, automatic application of their results. These two parts are linked by a novel threat profile definition that allows to reusably describe configuration weaknesses based on properties that are common across assets and cloud providers. This way, threats can be identified automatically for all resources that exhibit the same properties, including new and modified ones. We also present a prototype implementation which automatically evaluates an infrastructure as code template of a cloud system against a set of threat profiles, and we evaluate its performance. Our methodology not only enables organizations to reuse their threat analysis results, but also to collaborate on their development, e.g. with the public community. To that end, we propose an initial open-source repository of threat profiles.
△ Less
Submitted 15 June, 2022;
originally announced June 2022.
-
Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis
Authors:
Christian Banse,
Immanuel Kunz,
Angelika Schneider,
Konrad Weiss
Abstract:
In this paper, we present the Cloud Property Graph (CloudPG), which bridges the gap between static code analysis and runtime security assessment of cloud services. The CloudPG is able to resolve data flows between cloud applications deployed on different resources, and contextualizes the graph with runtime information, such as encryption settings. To provide a vendor- and technology-independent re…
▽ More
In this paper, we present the Cloud Property Graph (CloudPG), which bridges the gap between static code analysis and runtime security assessment of cloud services. The CloudPG is able to resolve data flows between cloud applications deployed on different resources, and contextualizes the graph with runtime information, such as encryption settings. To provide a vendor- and technology-independent representation of a cloud service's security posture, the graph is based on an ontology of cloud resources, their functionalities and security features. We show, using an example, that our CloudPG framework can be used by security experts to identify weaknesses in their cloud deployments, spanning multiple vendors or technologies, such as AWS, Azure and Kubernetes. This includes misconfigurations, such as publicly accessible storages or undesired data flows within a cloud service, as restricted by regulations such as GDPR.
△ Less
Submitted 14 June, 2022;
originally announced June 2022.
-
A Language-Independent Analysis Platform for Source Code
Authors:
Konrad Weiss,
Christian Banse
Abstract:
In this paper, we present the CPG analysis platform, which enables the translation of source code into a programming language-independent representation, based on a code property graph. This allows security experts and developers to capture language level semantics for security analyses or identify patterns with respect to code compliance. Through the use of fuzzy parsing, also incomplete or non-c…
▽ More
In this paper, we present the CPG analysis platform, which enables the translation of source code into a programming language-independent representation, based on a code property graph. This allows security experts and developers to capture language level semantics for security analyses or identify patterns with respect to code compliance. Through the use of fuzzy parsing, also incomplete or non-compilable code, written in different programming languages, can be analyzed. The platform comprises an analysis library and interfaces to query, interact with or visualize source code graphs. This set of CPG tools allows finding common weaknesses in heterogeneous software environments, independently of the underlying programming language.
△ Less
Submitted 16 March, 2022;
originally announced March 2022.
-
Towards Tracking Data Flows in Cloud Architectures
Authors:
Immanuel Kunz,
Valentina Casola,
Angelika Schneider,
Christian Banse,
Julian Schütte
Abstract:
As cloud services become central in an increasing number of applications, they process and store more personal and business-critical data. At the same time, privacy and compliance regulations such as GDPR, the EU ePrivacy regulation, PCI, and the upcoming EU Cybersecurity Act raise the bar for secure processing and traceability of critical data. Especially the demand to provide information about e…
▽ More
As cloud services become central in an increasing number of applications, they process and store more personal and business-critical data. At the same time, privacy and compliance regulations such as GDPR, the EU ePrivacy regulation, PCI, and the upcoming EU Cybersecurity Act raise the bar for secure processing and traceability of critical data. Especially the demand to provide information about existing data records of an individual and the ability to delete them on demand is central in privacy regulations. Common to these requirements is that cloud providers must be able to track data as it flows across the different services to ensure that it never moves outside of the legitimate realm, and it is known at all times where a specific copy of a record that belongs to a specific individual or business process is located. However, current cloud architectures do neither provide the means to holistically track data flows across different services nor to enforce policies on data flows. In this paper, we point out the deficits in the data flow tracking functionalities of major cloud providers by means of a set of practical experiments. We then generalize from these experiments introducing a generic architecture that aims at solving the problem of cloud-wide data flow tracking and show how it can be built in a Kubernetes-based prototype implementation.
△ Less
Submitted 10 July, 2020;
originally announced July 2020.
-
ZKlaims: Privacy-preserving Attribute-based Credentials using Non-interactive Zero-knowledge Techniques
Authors:
Martin Schanzenbach,
Thomas Kilian,
Julian Schütte,
Christian Banse
Abstract:
In this paper we present ZKlaims: a system that allows users to present attribute-based credentials in a privacy-preserving way. We achieve a zero-knowledge property on the basis of Succinct Non-interactive Arguments of Knowledge (SNARKs). ZKlaims allow users to prove statements on credentials issued by trusted third parties. The credential contents are never revealed to the verifier as part of th…
▽ More
In this paper we present ZKlaims: a system that allows users to present attribute-based credentials in a privacy-preserving way. We achieve a zero-knowledge property on the basis of Succinct Non-interactive Arguments of Knowledge (SNARKs). ZKlaims allow users to prove statements on credentials issued by trusted third parties. The credential contents are never revealed to the verifier as part of the proving process. Further, ZKlaims can be presented non-interactively, mitigating the need for interactive proofs between the user and the verifier. This allows ZKlaims to be exchanged via fully decentralized services and storages such as traditional peer-to-peer networks based on distributed hash tables (DHTs) or even blockchains. To show this, we include a performance evaluation of ZKlaims and show how it can be integrated in decentralized identity provider services.
△ Less
Submitted 22 July, 2019;
originally announced July 2019.
-
Practical Decentralized Attribute-Based Delegation using Secure Name Systems
Authors:
Martin Schanzenbach,
Christian Banse,
Julian Schütte
Abstract:
Identity and trust in the modern Internet are centralized around an oligopoly of identity service providers consisting solely of major tech companies. The problem with centralizing trust has become evident in recent discoveries of mass surveillance and censorship programs as well as information leakage through hacking incidents. One approach to decentralizing trust is distributed, attribute-based…
▽ More
Identity and trust in the modern Internet are centralized around an oligopoly of identity service providers consisting solely of major tech companies. The problem with centralizing trust has become evident in recent discoveries of mass surveillance and censorship programs as well as information leakage through hacking incidents. One approach to decentralizing trust is distributed, attribute-based access control via attribute-based delegation (ABD). Attribute-based delegation allows a large number of cross-domain attribute issuers to be used in making authorization decisions. Attributes are not only issued to identities, but can also be delegated to other attributes issued by different entities in the system. The resulting trust chains can then be resolved by any entity given an appropriate attribute storage and resolution system. While current proposals often fail at the practicability, we show how attribute-based delegation can be realized on top of the secure GNU Name System (GNS) to solve an authorization problem in a real-world scenario.
△ Less
Submitted 16 May, 2018;
originally announced May 2018.