DETECTION AND PREVENTION OF MISUSE OF SOFTWARE COMPONENTS

Abstract

Software components are building blocks of modern computer systems. Modern computer systems are complex integrations of software components that encapsulate many sets of software functionalities. Moreover, these functionalities are affected by both the interactions of software components and various system settings. As a result, software components can behave in an unexpected way, deviating from the original functionality provided by the software components. We call such a vulnerability, a component misuse vulnerability.

In this thesis, we propose systematic solutions to detect and prevent the component misuse vulnerability. First, binary loading behaviors in software programs can be misused via manipulating various system settings. We develop an approach to detect such binary loading vulnerabilities. It explains binary loading behaviors by listing various system settings, binaries and files that can affect the loading behaviors. It detects the unexpected uses of binary loading by identifying the factors that can be controlled by the attackers. Second, the APIs in ActiveX controls can be misused via component interactions. We develop a mechanism to detect ActiveX API-misuse vulnerabilities in Internet Explorer (IE), by detecting unexpected uses of APIs in the component interactions. It also blocks the APIs that can be misused in a fine-grained manner. The problem of component misuse also manifests itself in other systems. We propose a solution to mitigate the damage caused by component misuse vulnerability due to the interactions of software components in the Android platform. In particular, we develop a prevention mechanism of privilege escalation in Android inter-component communication (ICC). It prevents permission re-delegation in Android ICC which can cause the sender application (app) to gain additional privileges from the recipient app.