Secure-from-inception: software security via proactive vulnerabilities handling : a dissertation in Engineering and Applied Science

Chidera Uzoma Biringa

doi:10.62791/20413

Back

Dissertation

Open access

Secure-from-inception: software security via proactive vulnerabilities handling : a dissertation in Engineering and Applied Science

Chidera Uzoma Biringa

Doctor of Philosophy (PHD), University of Massachusetts Dartmouth

2025

DOI:

https://doi.org/10.62791/20413

Abstract

Software developers frequently introduce vulnerable programs such as textual credentials and exploitable functions in software repositories during development and maintenance even though it is strictly advised against due to the severe threat to the security of the software. Software developers often introduce vulnerabilities like textual credentials and exploitable functions during development. These vulnerabilities create attack surfaces exploitable by an adversary to compromise the security of a software. Consequently, successful attacks cost organizations financial and human resources. In this dissertation, we handle these vulnerabilities through detection and interception. We tackle the detection and interception of vulnerabilities in the design, microarchitecture, performance, and insecure code components of the software. Hence for that endeavor, we propose SEAL, SPECDET, DANCE, PACE, VulStyle, and SiTM. SEAL is a secure design pattern approach toward tackling lateral injection attacks. It decomposes user and security level features into independent but collaborative components to tackle lateral-based in-band injection attacks. SPECDET is a static and micro architectural machine learning approach for detecting spectre vulnerabilities and attacks. DANCE is an approach for detecting credentials embedded in code via large language models vulnerable to backdoor attacks. PACE is a program analysis framework that provides continuous feedback on the performance impact of pending code updates. VulStyle is a pre-trained, multimodal programming language model for software vulnerability detection. It enhances code representation by selecting non-terminal nodes and integrating code stylometry features. Finally, to prevent the introduction of detected vulnerabilities, we propose Security-in-the-Middle (SiTM), an automated approach towards the interception of transiting vulnerabilities during software development. It creates a secure state between the developer and the source code management systems, thus ensuring that only secure code is permitted in the software. We propose the integration of SiTM into git and continuous integration pipelines. A significant majority of data breaches and cyber attacks originate from exploitable vulnerabilities in the code introduced during development. Hence, the goal of our work is to proactively reduce prospective malicious exploits ensuring the security of the software from inception.

Files and links (1)

pdf

Biringa C.U. COE PhD Dissertation 202511.10 MBDownload View

CC BY-NC-ND V4.0, Open Access

Metrics

1 Record Views

Details

Title: Secure-from-inception
Creators: Chidera Uzoma Biringa
ORCID: 0000-0001-5904-2764
Contributors: Gokhan Kul (Advisor) - University of Massachusetts Dartmouth, Department of Computer and Information Science
Lance Fiondella (Committee Member) - University of Massachusetts Dartmouth, Department of Electrical and Computer Engineering
Md Shohel Rana (Committee Member) - University of Massachusetts Dartmouth, Department of Computer and Information Science
Ming Daniel Shao (Committee Member) - University of Massachusetts Lowell
Jiawei Yuan (Committee Member) - University of Massachusetts Dartmouth, Department of Computer and Information Science
Number of pages: xiii, 159 pages
Illustrations: illustrations (some color)
Table of contents: List of figures -- List of tables -- Chapter 1. Introduction -- Challenges and motivations -- Contribution and organization -- Chapter 2. SPECDET: Static and microarchitectural ML-based approaches for detecting spectre vulnerabilities and attacks -- Introduction -- Related work -- SPECDET methodology -- Evaluation -- Conclusion -- Chapter 3. SEAL: a secure design pattern approach toward tackling lateral-injection attacks -- Introduction -- SEAL design -- Threat model: demonstrating exploits and secure strategy delegation -- Evaluation -- Conclusion -- Chapter 4. PACE: Program Analysis Framework for Continuous Performance -- Prediction -- Introduction -- Problem definition: unoptimized code -- Background -- PACE Methodology -- Evaluation -- Experiments -- Scope and threats -- Related work -- Conclusion -- Chapter 5. DANCE: Detecting Hard-Coded Credentials in Software Repositories via LLM -- Introduction -- Language architectures and models -- Approach -- Evaluation -- Limitations -- Related work -- Conclusion -- Chapter 6. VulStyle: A Multi-Modal Pre-Training for Code -- Stylometry-augmented vulnerability detection -- Introduction -- Related work -- VulStyle -- Experiments -- Results -- Limitation -- Conclusion -- Chapter 7. Security-in-the-Middle (SiTM): Intercepting Vulnerabilities in Transit to Remote -- Introduction -- Problem formulation -- Shift-left security -- SiTM Framework -- Evaluation -- Conclusion -- Chapter 8. Conclusion -- Future Research -- References.
References: Includes bibliographical references (pages 143-159).
Awarding Institution: University of Massachusetts Dartmouth
Degree Awarded: Doctor of Philosophy (PHD)
Academic Unit: College of Engineering
Language: English
Degree in: Engineering and Applied Science
Resource Type: Dissertation
DOI: https://doi.org/10.62791/20413
Record Identifier: 9914443625601301