Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues Formalization

Published byLydia Hensley Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Issues Formalization"— Presentation transcript:

1 Security Issues Formalization
prof. Vladimir Dimitrov Faculty of Mathematics and Informatics University of Sofia, Bulgaria

2 Weakness (Common Weakness Enumeration - CWE)
A type of mistake in software that, in proper conditions, could contribute to the introduction of vulnerabilities within that soft-ware. This term applies to mistakes regardless of whether they occur in implementation, design, or other phases of the SDLC.

3 Vulnerability (Common Vulnerabilities and Exposures - CVE)
An occurrence of a weakness (or multiple weaknesses) within software, in which the weakness can be used by a party to cause the software to modify or access unintended data, interrupt proper execution, or perform incorrect actions that were not specifically granted to the party who uses the weakness.

4 Attack (Common Attack Pattern Enumeration and Classification - CAPEC)
A well-defined set of actions that, if successful, would result in either damage to an asset, or undesirable operation.

5 CWE, CVE & CAPEC An attacker has to find and exploit a weakness, exposed by a weakness, and realize the vulnerability. These are important concepts that are related but different. A weakness is a static presence existing in software systems -- it might stay in software and never cause any problems until it is exploited by an attacker, and when the attacker finds out the weakness (es) and exploit it (them), the vulnerability of this software is exposed.

6 Problems What formal methods can be used to help formalize CWEs with required accuracy and precision and at the same time allow for further extensions? To what granularity should CWEs be formalized? Finer granularity means more flexibility (especially when new weaknesses are identified, the extracted commonalities can reduce the re-invent work) but more effort to create them; coarser granularity indicates the easy-to-use weakness items while we need to re-invent the wheel every time. How can the formalized CWEs be used and in which domains? For education and training? To prevent vulnerabilities? To integrate into software IDEs, test tools, and tools that generate test tools? How can an automatic system be constructed to record newly identified vulnerabilities and classify them by CWEs? With better formalization and finer granularity of CWE definitions (which also means limited dictionary for weaknesses, better taxonomy of vulnerabilities), text mining could be the potential technique to mapping CVEs to CWEs at least semi-automatically.

7 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Description Summary The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Extended Description Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data. As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash.

8 Semantic Template: Buffer Overflow-related CWEs

9 CWE-119 Research View

10 CWE-119 Development View with Inheritance

11 CWE-119 Development View with Precedence

12 CWE-119 Relationships

13 Conclusion One big problem for representation of CWEs in UML diagrams is the need for automatization. The CWEs are represented in XML database, but some information is in text format. The purpose of Semantic templates is to extract formatted and unformatted information from the database. CWEs representation in UML diagrams is good for better visual acceptance by humans. UML is well known notation in the community. There are many tools that support UML. Even more, specialized profiles for CWEs could be developed in UML. It is convenient to generate code from UML in many tools. Such generators could be developed in the UML tools to generate test and verification sequences for CWEs. UML is a notation for software specification. It is formalized with metaclasses by OMG. UML permits the software to be specified at the appropriate level of details in any case. If it is needed OCL can be used for further accuracy. CWEs are organized in abstraction several levels. UML permits such a taxonomy organization with class and object diagrams. The class diagrams organize abstraction levels and the object diagrams stay on the base. UML diagrams could be used for training, education and software development. Their notation is primary developed to humans. UML diagrams can be used as a source for generation of test sequences, verification code etc. that support the software development, testing and verification. Tools that support UML, like RSA, are usually open for that purpose. Tools for semiautomatic identification of vulnerabilities and their classification to the CWEs could be implemented in object-oriented classification style using the artificial intelligence for text recognition and understanding. The work in that direction is huge and many research must be done but Semantic Templates are good starting point.

14 References MITRE,

Download ppt "Security Issues Formalization"

Similar presentations

25 February 2009Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department.

25 February 2009Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
A Brief Introduction. Acknowledgements  The material in this tutorial is based in part on: Concurrency: State Models & Java Programming, by Jeff Magee.

A Brief Introduction. Acknowledgements  The material in this tutorial is based in part on: Concurrency: State Models & Java Programming, by Jeff Magee.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 8 Slide 1 System modeling 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 8 Slide 1 System modeling 2.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.

Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.
BUSINESS MODELING BY UML PROFILE VISA ISSUING SYSTEM Dražen Brđanin, Slavko Marić Faculty of Electrical Engineering Banja.

BUSINESS MODELING BY UML PROFILE VISA ISSUING SYSTEM Dražen Brđanin, Slavko Marić Faculty of Electrical Engineering Banja.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 8 Slide 1 System models.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 8 Slide 1 System models.
Modified from Sommerville’s originalsSoftware Engineering, 7th edition. Chapter 8 Slide 1 System models.

Modified from Sommerville’s originalsSoftware Engineering, 7th edition. Chapter 8 Slide 1 System models.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.

The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Chapter 10 Architectural Design

Chapter 10 Architectural Design
Proceso kintamybių modeliavimas Modelling process variabilities Donatas Čiukšys.

Proceso kintamybių modeliavimas Modelling process variabilities Donatas Čiukšys.
SOFTWARE ENGINEERING BIT-8 APRIL, 16,2008 Introduction to UML.

SOFTWARE ENGINEERING BIT-8 APRIL, 16,2008 Introduction to UML.
Chapter 4 System Models A description of the various models that can be used to specify software systems.

Chapter 4 System Models A description of the various models that can be used to specify software systems.
Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)
A Z Approach in Validating ORA-SS Data Models Scott Uk-Jin Lee Jing Sun Gillian Dobbie Yuan Fang Li.

A Z Approach in Validating ORA-SS Data Models Scott Uk-Jin Lee Jing Sun Gillian Dobbie Yuan Fang Li.
Introduction to MDA (Model Driven Architecture) CYT.

Introduction to MDA (Model Driven Architecture) CYT.

Similar presentations

Ads by Google