Tue, Mar 28, 2017 | updated 01:59 AM IST

Adding bugs to build better computer bug-finder

Updated: Jul 10, 2016 12:12 IST

Washington D.C, Jul 10 (ANI): A team of researchers has come up with a new strategy that can help train bug-finding tools to catch more vulnerabilities.

Researchers at the New York University Tandon School of Engineering, in collaboration with the MIT Lincoln Laboratory and Northeastern University, are taking an unorthodox approach: Instead of finding and remediating bugs, they're adding them by the hundreds of thousands.

Brendan Dolan-Gavitt is a co-creator of LAVA, or Large-Scale Automated Vulnerability Addition, a technique of intentionally adding vulnerabilities to a program's source code to test the limits of bug-finding tools and ultimately help developers improve them. In experiments using LAVA, they showed that many popular bug finders detect merely 2 percent of vulnerabilities.

Dolan-Gavitt explained that the efficacy of bug-finding programs is based on two metrics: the false positive rate and the false negative rate, both of which are notoriously difficult to calculate. It is not unusual for a program to detect a bug that later proves not to be there - a false positive, and to miss vulnerabilities that are actually present - a false negative. Without knowing the total number of real bugs, there is no way to gauge how well these tools perform.

"The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA," said Dolan-Gavitt. The automated system inserts known quantities of novel vulnerabilities that are synthetic yet possess many of the same attributes as computer bugs in the wild.

Dolan-Gavitt and his colleagues dodged the typical five-figure price tag for manual, custom-designed vulnerabilities and instead created an automated system that makes judicious edits in real programs' source code.

The result: hundreds of thousands of unstudied, highly realistic vulnerabilities that are inexpensive, span the execution lifetime of a program, are embedded in normal control and data flow, and manifest only for a small fraction of inputs lest they shut the entire program down. The researchers had to create novel bugs, and in significant numbers, in order to have a large enough body to study the strengths and shortcomings of bug-finding software. Previously identified vulnerabilities would easily trip current bug finders, skewing the results.

The team tested existing bug-finding software and found that just 2 percent of bugs created by LAVA were detected. Dolan-Gavitt explained that automated bug identification is an extremely complex task that developers are constantly improving. The researchers will share their results to assist these efforts.

The research was presented at the IEEE Symposium on Security and Privacy and was published in the conference proceedings. (ANI)

New Delhi [India], Mar. 23 (ANI): Yaantra, a start-up that offers doorstep repair services and sells refurbished and pre owned smart-phones with warranty has now launched its first ever branded retail store in the city.

Full Story >>

New Delhi [India], Mar 24 (ANI): DataWind on Friday announced expansion in its product portfolio with the introduction of the largest smartphone in its lineup, the new MoreGMax 3G6 smartphone, with a six-inch screen priced at Rs. 5999 (approximately USD 90 USD).

Full Story >>

New Delhi [India], Mar 24 (ANI): Imagine losing all the photos, videos, messages, and documents you've stored on your computer. How much money would you be willing to pay to get it all back? Ransomware is malware that infects your computer, locks it, and demands payment for unlocking it. And the number of new ransomware has been at least doubling each year since 2013.

Full Story >>

New Delhi [India], Mar 23 (ANI): Nokia on Thursday announced the completion of the first pre-standard testing of 600MHz on commercially-available hardware, creating a test bed for terminal ecosystem development and availability.

Full Story >>

New Delhi [India], Mar. 23 (ANI): In keeping with Prime Minister Narendra Modi's vision of a 'New India', Google India and the Ministry of Electronics and Information Technology (MEITY) announced a set of initiatives aimed at empowering citizens and creating abundant opportunities for all.

Full Story >>

New Delhi [India], Mar 23 (ANI): World leader in digital security Gemalto on Thursday announced that Microsoft Azure Information Protection customers can now take advantage of the new "Hold Your Own Key" (HYOK) functionality using Gemalto's SafeNet Luna Hardware Security Modules (HSMs).

Full Story >>

New Delhi [India], Mar 23 (ANI): IBM on Thursday announced a strategic partnership to offer 'RetailSmart', an end-to-end fully integrated solution that will enable local 'Kirana' (unorganized) stores to become ecommerce ready.

Full Story >>

New Delhi [India], Mar 23 (ANI): "Where are you now?" and "What's your ETA?" Whether you're heading to a party or meeting up for dinner, you probably hear questions like this pretty often from family and friends. Soon Google Maps users worldwide will be able to answer those questions in just a few taps, without ever leaving the app.

Full Story >>

Build your brand through Snapchat!

Updated: Mar 23, 2017 12:38 IST

New Delhi [India], Mar. 23 (ANI): Oh Snap! Aren't you on Snapchat yet?

Full Story >>

New Delhi [India], Mar 22 (ANI): In the dynamic economic environment in India, businesses should focus on not just providing a good value for money product, but an equally excellent customer service experience to attract and retain customers. According to the findings of the American Express® 2017 Global Customer Service Barometer released today, 84 percent Indian consumers say the quality of customer service is very important when they're deciding to become or remain a customer.

Full Story >>

New Delhi [India], Mar.22 (ANI): Starting an online business is by no means an easy undertaking.

Full Story >>

New Delhi [India], Mar. 21 (ANI): Industry's broadest and most integrated public cloud Oracle has announced that an increasing number of global enterprises, SMBs, and ISVs are choosing the Oracle Cloud Platform to speed innovation, simplify IT, reduce costs, and deliver stellar customer experiences to easily develop, test, and deploy high-performance applications in the cloud.

Full Story >>

New Delhi [India], Mar. 21 (ANI): IBM and Red Hat, Inc. On Tuesday announced a strategic collaboration designed to help enterprises benefit from the OpenStack platform's speed and economics while more easily extending their existing Red Hat virtualized and cloud workloads to the IBM Private Cloud.

Full Story >>

New Delhi/ Bengaluru [India], Mar. 21 (ANI) LeEco has announced its exclusive partnership with Amazon, for its newly launched globally acclaimed, next generation ecotvs in India. To kick-start the partnership and incentivize consumers, several great offers have been extended which are proving to be a big hit.

Full Story >>

New Delhi [India], Mar. 21 (ANI): More than 99 percent of all malware designed for mobile devices targets Android devices, explained Olaf Pursche, Head of Communications at AV-TEST, in the F-Secure State of Cyber Security 2017.

Full Story >>

NEC joins FIWARE Foundation as platinum member

Updated: Mar 21, 2017 12:01 IST

Tokyo [Japan], Mar. 21 (ANI): NEC Corporation (NEC; TSE: 6701) has announced that it has joined the FIWARE Foundation e.V., a non-profit organization promoting the dissemination of FIWARE technology (*1), as a platinum member. NEC is the first and only Japanese company to join the foundation.

Full Story >>

Dusseldorf /Tokyo [Japan], Mar. 21 (ANI): NEC Corporation (NEC; TSE: 6701) has announced that NEC Deutschland GmbH has delivered a supercomputer utilizing NEC's scale-out LX series compute servers featuring the new Intel® Xeon® E5-2600 v4 product family, to RWTH Aachen University, one of 11 "Universities of Excellence" in Germany, offering high performance computing services for engineering and scientific research.

Full Story >>

New Delhi [India], Mar 20 (ANI): HTC Corporation, a leading innovator in mobile and virtual reality technology has announced the launch of HTC Sense Companion on its recently launched flagship smartphones HTC U Ultra and HTC U Play.

Full Story >>

New Delhi [India], Mar. 20 (ANI): The advent of smartphones within the country has brought about a paradigm change in the lifestyles of Indian consumers. But with the rise in online transactions, mobile-based banking, and the amount of personal data stored on mobile devices, there have also emerged serious questions about the security aspect. It is to address these qualms and to make mobile usage more secure for its end-users that very few brands have integrated iris scanners in their smartphones.

Full Story >>

New Delhi [India], Mar 20 (ANI): Digital clutter is growing due to an explosion in application usage and advances in the storage capacity of devices. But poor maintenance of these apps is leaving devices vulnerable to security threats. A new report by Kaspersky Lab reveals the scale of the digital clutter problem among Internet users worldwide.

Full Story >>