Presentation on theme: "Automated security testing with Flinder SEARCH-LAB Security Evaluation Analysis and Research Laboratory Ltd."— Presentation transcript:
Automated security testing with Flinder SEARCH-LAB Security Evaluation Analysis and Research Laboratory Ltd.
2 | 10 Automated security testing with Flinder Danger of programming bugs “Every interesting program contains at least one variable, at least one cycle and at least one bug.” – Murphy’s law Global security danger of programming bugs Automated intrusions Virus spreading With the help of cracked computers it is possible to operate illegal web servers distribute spam carry out phishing commit credit card fraud Any application can contain a bug!
4 | 10 Automated security testing with Flinder Automated testing and verification Formal verification Requires the specification of correct behavior Static source code analysis Complexity problems Many false positives Test-based evaluation Test vector generation Detection of typical bugs Detects true positives, but not necessarily all Can be used without the source code
5 | 10 Automated security testing with Flinder Black-box & white-box testing Black-box testing Analysis of concrete protocols Complex description of the input Fuzzing: manipulation of existing input Less and scalable customization needs White-box testing Test vector generation based on source code evaluation Fault injection
6 | 10 Automated security testing with Flinder Flinder features Looks for typical security-relevant programming bugs Test-based evaluation Black-box and white-box test modes From applications to complex protocols Required from the developer Input Generator – according to the correct behavior Input format description (XML-based) Protocol Statechart (UML state machine) Re-usable generic test algorithms for typical bugs Proactive, multiple-step testing considering former reactions of the ToE Cryptographic support Plug-ins for cipher and compression methods
7 | 10 Automated security testing with Flinder Fuzzing... By definition: fuzzing is algorithmic modification of binary input Fuzzing based on descriptors Random fuzzing Reactively iterating fuzzing Different fuzzers Conformance checking Stress test Testing typical mistakes
8 | 10 Automated security testing with Flinder... and more Flinder can Parse and serialize protocol messages Decode and encode cryptograms, compressed data Follow complex protocols like IPSec, TCP, SSL Test Logic works on field level Generic test algorithms can be applied for different ToEs, protocols, messages and fields without modification
9 | 10 Automated security testing with Flinder Flinder modules Input Generator TOE IG Capturer Parser Protocol Logic IG ActuatorTOE Actuator TOE CapturerIG Dispatcher Serializer Test Logic TOE Dispatcher
10 | 10 Automated security testing with Flinder Example typical mistakes Buffer Overflow With successive approximation Signedness bug Integer Overflow Encoding bug Unicode bug OKERRORREJECTION if ((unsigned int) i < 0) if (i*256 <= 1024)