Fri, Feb 24, 2017 | updated 12:25 AM IST

Adding bugs to build better computer bug-finder

Updated: Jul 10, 2016 12:12 IST

Washington D.C, Jul 10 (ANI): A team of researchers has come up with a new strategy that can help train bug-finding tools to catch more vulnerabilities.

Researchers at the New York University Tandon School of Engineering, in collaboration with the MIT Lincoln Laboratory and Northeastern University, are taking an unorthodox approach: Instead of finding and remediating bugs, they're adding them by the hundreds of thousands.

Brendan Dolan-Gavitt is a co-creator of LAVA, or Large-Scale Automated Vulnerability Addition, a technique of intentionally adding vulnerabilities to a program's source code to test the limits of bug-finding tools and ultimately help developers improve them. In experiments using LAVA, they showed that many popular bug finders detect merely 2 percent of vulnerabilities.

Dolan-Gavitt explained that the efficacy of bug-finding programs is based on two metrics: the false positive rate and the false negative rate, both of which are notoriously difficult to calculate. It is not unusual for a program to detect a bug that later proves not to be there - a false positive, and to miss vulnerabilities that are actually present - a false negative. Without knowing the total number of real bugs, there is no way to gauge how well these tools perform.

"The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA," said Dolan-Gavitt. The automated system inserts known quantities of novel vulnerabilities that are synthetic yet possess many of the same attributes as computer bugs in the wild.

Dolan-Gavitt and his colleagues dodged the typical five-figure price tag for manual, custom-designed vulnerabilities and instead created an automated system that makes judicious edits in real programs' source code.

The result: hundreds of thousands of unstudied, highly realistic vulnerabilities that are inexpensive, span the execution lifetime of a program, are embedded in normal control and data flow, and manifest only for a small fraction of inputs lest they shut the entire program down. The researchers had to create novel bugs, and in significant numbers, in order to have a large enough body to study the strengths and shortcomings of bug-finding software. Previously identified vulnerabilities would easily trip current bug finders, skewing the results.

The team tested existing bug-finding software and found that just 2 percent of bugs created by LAVA were detected. Dolan-Gavitt explained that automated bug identification is an extremely complex task that developers are constantly improving. The researchers will share their results to assist these efforts.

The research was presented at the IEEE Symposium on Security and Privacy and was published in the conference proceedings. (ANI)

Amsterdam [Netherlands]/Tokyo [Japan], Feb.23 (ANI): ISE 2017, the largest audio-visual and systems integration show, was held recently in Netherlands.

Full Story >>

New Delhi [India], Feb. 23 (ANI): Google has always made sure to celebrate every special affair around the globe.

Full Story >>

Mumbai (Maharashtra) [India], Feb. 22 (ANI): Microsoft's Chief Executive Officer (CEO) Satya Nadella on Wednesday announced the launch of a new skilling tool called 'Project Sangam' for Indian citizens.

Full Story >>

New Delhi [India], Feb 22 (ANI): According to Kaspersky Lab "Spam and phishing in 2016"report, about 20 percent of all spam emails in Q4 2016distributed ransomware Trojans. The Kaspersky Lab spam report also identified the following trends in 2016

Full Story >>

HP launches OMEN gaming portfolio in India

Updated: Feb 22, 2017 15:32 IST

New Delhi [India], Feb. 22 (ANI): HP Inc. launched the debut of its gaming portfolio in India - OMEN by HP, featuring an array of products built for gamers combining the latest in PC innovation, delivering power and performance to dominate competition.

Full Story >>

New Delhi [India], Feb. 22 (ANI): Optical fibre broadband service provider Spectranet on Wednesday announced their next phase of expansion in South India by launching its operations in Bengaluru.

Full Story >>

New Delhi, [India], Feb. 22 (ANI): ADDA GateKeeper, a security management platform for apartment complexes, launched a range of security measures to tighten security in large apartment complexes across most Tier I cities.

Full Story >>

Who controls your car without you knowing?

Updated: Feb 21, 2017 16:43 IST

New Delhi [India], Feb.21 (ANI): Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers. As a result, the company's experts have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

Full Story >>

New Delhi [India], Feb 21 (ANI): World leader in digital security Gemalto is presenting the newest release of its On Demand Connectivity and eSIM technology for Windows 10 devices, in connection with Microsoft.

Full Story >>

New Delhi [India], Feb. 21 (ANI): In lieu of its eighth birthday on February 24, 2017, WhatsApp messenger, the instant messaging platform introduced a new update which is set to revamp the status feature.

Full Story >>

New Delhi [India], Feb 20 (ANI): NEC Corporation has announced that it has completed joint verification trials with NTT DOCOMO, Inc. using Massive Multiple Input Multiple Output (MIMO), a core technology for 5G base stations.

Full Story >>

New Delhi [India], Feb 19 (ANI): SyncNScan is a young company, which was set up by ex-Microsoft leaders and they were pioneers in introducing anti-virus for mobile devices.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Ericsson introduced a 5G platform for the needs of the first movers in 5G. Communications are rapidly moving toward data-heavy applications like Virtual Reality and Augmented Reality everywhere.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Aeris Communications' 'AerCloud' is an IoT cloud platform for collecting, managing and analysing sensor data for Internet of Things (IoT) and machine-to-machine (M2M) applications.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Oracle India on Thursday announced that Oracle Management Cloud service has provided Indian companies with smarter insights and swifter action, thereby eliminating slow transactions.

Full Story >>

New Delhi [India], Feb 16 (ANI): LeEco, the internet and technology conglomerate's second generation Superphones Le2 (3+32) and Le Max2 to be a star attraction on popular e-commerce platform, Snapdeal during their Exchange Offer Days between February 16 to 18.

Full Story >>

New Delhi [India], Feb 16 (ANI): Kaspersky Lab on Thursday announced the

Full Story >>

New Delhi [India], Feb 16 (ANI): Leading provider of customer experience

Full Story >>

New Delhi [India], Feb 16 (ANI): As per the International Data Corporation (IDC) India Q4 2016 smartphone market report, Lenovo has emerged as the second best smartphone brand in CY 2016 with 8.9 percent and 9.8 percent market share by volume and value respectively.

Full Story >>

Gift-giving made easier this Valentine's Day

Updated: Feb 14, 2017 13:26 IST

New Delhi [India], Feb. 14 (ANI): For those who are struggling for ideas to gift to their other half on the big day of love, the ''Valentine's Day', here are some latest tech savvy gift ideas, from smart devices to gadgets put together for him and her:

Full Story >>