this is the second module in the ALAMOSE WORKSHOP
https://sites.google.com/view/alamose-v1/m4-forensics?authuser=0
M4 - AUTOMATED FORENSICABILITY FOR SOFTWARE
Description
Integrate forensics into software source code.
Courses Where This Module Is Integrated
Software Quality Assurance (Auburn University, Spring 2023, Fall 2023)
Mobile Security (Tuskegee University, Fall 2023)
Information Security Administration (Kennesaw State University, Spring 2023)
Activities
Pre-lab Content Dissemination
We first need to know what to log and how to log. Let us use the following heuristics.
Heuristics on what to log
Resources: Logging resource-related information helps monitor the system's utilization and availability of critical assets, including data about memory usage, CPU usage, disk space, network activity, and other resource-related metrics. Resource logs aid in detecting performance bottlenecks, resource leaks, and overall system health. They provide insights into whether the system operates within expected resource thresholds or requires optimization.
Exceptions: Logging exceptions and errors is crucial for analyzing and troubleshooting issues within the application. These logs capture details about unexpected behaviors, software bugs, and runtime errors. Exception logs often include stack traces, error messages, error codes, and contextual information to help developers pinpoint the root causes of problems and facilitate quicker resolution.
Change Issues: Logging changes and events in the system provides an audit trail of actions taken within the application, including user actions, configuration modifications, database updates, and other significant events. Change issue logs are valuable for tracking the history of system changes, diagnosing security breaches, and ensuring compliance with regulatory requirements. They offer transparency into who did what and when.
Heuristics on how to log
Include the name of the identity provider or security realm that vouched for the username if that information is available.
Include the affected system component or other object (such as a user account, data resource, or file).
Include the status that says if the object succeeded or failed.
Include the application context, such as the initiator and target systems, applications, or components.
Include “from where” for network connectivity or distributed application operation messages.
Include the time stamp and time zone to help answer “when.” The time zone is essential for distributed applications.
In-class Hands-on Experience
Go to the URL- https://docs.python.org/3/library/logging.html for a detailed Python logging mechanism. You can find a basic example here.
Learn about the common logging methods using Python.
A code for a custom logger is shared using screenshots.
Post Lab Experience
Imagine this scenario: Dolly, a data science specialist at Auburn University. University has written machine learning (ML) code in `workshop9.py`. The output is correct, but she just learned about adversarial machine learning, which discusses how ML code can be attacked. She realized that ML models are susceptible to security issues:
`poisoning attacks` are introduced by passing in erroneous dataset files into ML code
`model tricking` results from models being attacked, which gives false results. Incorrect prediction performance is an indicator of ML models being attacked.
Assist Dolly by writing logging code in the correct locations in `workshop8.py` with comments so that the two issues, as mentioned earlier, are logged for all provided ML functions. After writing the code, put in comments to justify your code, save `workshop9.py`.
You must add at least find and add logging code to seven locations with comments.
Complete the survey at_ https://auburn.qualtrics.com/jfe/form/SV_6W19tf7NcRt5y4K.
Sample Input/Output:
Input: workshop8.py
Expected Output: Code and Comments
iris = datasets.load_iris()
'''
Inserted logging statement because data can be poisoned.
'''
simpleLogger.info('Generic information: getting results: %s', str(res))
No comments:
Post a Comment