Automated Security Testing with Formal Threat Models Frank Xu Ph.D.

Slides:

Advertisements

Similar presentations

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Advertisements

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

CWE-732 Incorrect Permission Assignment for Critical Resource

Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.

SQL Injection and Buffer overflow

SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.

Application Controls - Intro Ted Wallerstedt, CISA, CIA Principal Information Systems Auditor University of Minnesota.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.

Secure Software Development Chris Herrick 01/29/2007.

Secure Software Development Mini Zeng University of Alabama in Huntsville 1.

IA: Week 1 Trust & Threats Trust Models Threats and Vulnerabilities Threat Profiles.

Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.

SQL INJECTION COUNTERMEASURES &

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Copyright © 2008, CIBER Norge AS 1 Web Application Security Nina Ingvaldsen 22 nd October 2008.

AMNESIA: Analysis and Monitoring for NEutralizing SQL- Injection Attacks Published by Wiliam Halfond and Alessandro Orso Presented by El Shibani Omar CS691.

Attacks Against Database By: Behnam Hossein Ami RNRN i { }

CSE 403 Lecture 14 Safety and Security Requirements.

Software Security Testing Vinay Srinivasan cell:

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Attacking Applications: SQL Injection & Buffer Overflows.

SEC835 Practical aspects of security implementation Part 1.

Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.

Secure Design Computer Security I CS461/ECE422 Fall 2009.

 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.

Module 11: Designing Security for Network Perimeters.

COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.

Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich MIT, Stanford University USENIX 09’ Nemesis: Preventing Authentication & Access Control Vulnerabilities.

Security and Web Programming/Design. cell phones bio-facilities Sodas, junk food, and coffee Welcome to the No Smoking State.

Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.

EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.

Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.

Module 7: Designing Security for Accounts and Services.

Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.

Introduction SQL Injection is a very old security attack. It first came into existence in the early 1990's ex: ”Hackers” movie hero does SQL Injection.

 Abstract  Introduction  Literature Survey  Conclusion on Literature Survey  Threat model and system architecture  Proposed Work  Attack Scenarios.

Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

Database and Cloud Security

CS457 Introduction to Information Security Systems

Database System Implementation CSE 507

Group 18: Chris Hood Brett Poche

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Presentation by: Naga Sri Charan Pendyala

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Design for Security Pepper.

Secure Software Confidentiality Integrity Data Security Authentication

Theodore Lawson CSCE548 Student Presentation, Topic #2

Off-line Risk Assessment of Cloud Service Provider

A Security Review Process for Existing Software Applications

Chapter 13 Security Methods Part 3.

Lecture 2 - SQL Injection

Engineering Secure Software

Engineering Secure Software

Enterprise Class Security Scanner

Presentation transcript:

Automated Security Testing with Formal Threat Models Frank Xu Ph.D.

Overview  Introduction  Objectives  Approach  Experiments  Contribution & Conclusions

Introduction  Application security  Bypass authentication attack, SQL injection attack  Application vulnerabilities exceed Networking and OS vulnerabilities  Weak authentication mechanism, unsanitized inputs  Preventing malicious security attacks by detecting vulnerabilities SANS' 2009 Top Cyber Security Risks ( sans.org/top-cyber-security-risks/),

Introduction  How to detect software vulnerabilities?  Similar to detect software bugs  Security testing  Tradition testing vs. security testing  Traditional testing : test if a program does what it is supposed to do  Testing for security: test a program against possible vulnerabilities for checking if it contains unintended behaviors  Sql injection to log into the system  Problem?  Security testing is very labor-intensive  Sql injection string: ' or '1'='1  databases, inputs, paths

Objectives Presents an approach to automatically test software security

Approach  Create formal threat models  represented as Predicate/Transition nets  Automatically generates all attack paths,  i.e., security tests  Converts attach path into executable test code  according to the given MIM (Model-Implementation Mapping) specification

PrT net

Prt Net for dictionary attack

Notations  Variable Binding: ø = ?x/V  ?x is bound to value V.  Variable Substituting: l/ø :  the tuple (or token) obtained by substituting each variable in l for its bound value in ø.  If l= and ø={?u/ID1,?p/PSWD1}, then l/ø=. l= (?u,?p) Enabled by ø={?u/ID1,?p/PSWD1}, P(ID1,PSWD1)

Transition Enabled

Threat Model

SQL injection attacks t11:do shopping, t12: login t13: check out” t21: go to login page t22: retrieve password t23: forgot your password t31: login, t32: do shopping, t33: check out using coupon code sqlstr: or 1=1--, ‘) or ‘1’=’1--, and 1’ or ‘1=’1.

Generating Attack Paths

Generating Test Code

Model-Implementation Mapping

CASE STUDIES  Case Study I: Magento  Case Study II: FileZilla Server  Mutation (S.T.R.I.D.E. )  Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of privilege SpoofingTamperingRepudiationDenial of ServiceElevation of privilege  Kill the mutations  Both studies show that security testing with formal threat models is very effective.  They have killed 93.2% (41/44) and 96.7% (29/30) of the mutants, respectively

Contributions & Conclusion  First, automated generation of executable security tests from formal threat models is a novel contribution to software security testing.  Injection of security vulnerabilities for evaluating the effectiveness of security tests is a novel contribution to mutation testing.