Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Security Testing with Formal Threat Models Frank Xu Ph.D.

Published byShon Kelley Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Security Testing with Formal Threat Models Frank Xu Ph.D."— Presentation transcript:

1 Automated Security Testing with Formal Threat Models Frank Xu Ph.D.

2 Overview  Introduction  Objectives  Approach  Experiments  Contribution & Conclusions

3

4

5 Introduction  Application security  Bypass authentication attack, SQL injection attack  Application vulnerabilities exceed Networking and OS vulnerabilities  Weak authentication mechanism, unsanitized inputs  Preventing malicious security attacks by detecting vulnerabilities SANS' 2009 Top Cyber Security Risks (http://www. sans.org/top-cyber-security-risks/),

6 Introduction  How to detect software vulnerabilities?  Similar to detect software bugs  Security testing  Tradition testing vs. security testing  Traditional testing : test if a program does what it is supposed to do  Testing for security: test a program against possible vulnerabilities for checking if it contains unintended behaviors  Sql injection to log into the system  Problem?  Security testing is very labor-intensive  Sql injection string: ' or '1'='1  databases, inputs, paths

7 Objectives Presents an approach to automatically test software security

8 Approach  Create formal threat models  represented as Predicate/Transition nets  Automatically generates all attack paths,  i.e., security tests  Converts attach path into executable test code  according to the given MIM (Model-Implementation Mapping) specification

9 PrT net http://www.informatik.uni-hamburg.de/TGI/PetriNets/introductions/aalst/elevator1.swf

10 Prt Net for dictionary attack

11 Notations  Variable Binding: ø = ?x/V  ?x is bound to value V.  Variable Substituting: l/ø :  the tuple (or token) obtained by substituting each variable in l for its bound value in ø.  If l= and ø={?u/ID1,?p/PSWD1}, then l/ø=. l= (?u,?p) Enabled by ø={?u/ID1,?p/PSWD1}, P(ID1,PSWD1)

12 Transition Enabled

13

14 Threat Model

15 SQL injection attacks t11:do shopping, t12: login t13: check out” t21: go to login page t22: retrieve password t23: forgot your password t31: login, t32: do shopping, t33: check out using coupon code sqlstr: or 1=1--, ‘) or ‘1’=’1--, and 1’ or ‘1=’1.

16 Generating Attack Paths

17 Generating Test Code http://seleniumhq.org/movies/intro.mov

18 Model-Implementation Mapping

19 CASE STUDIES  Case Study I: Magento  Case Study II: FileZilla Server  Mutation (S.T.R.I.D.E. )  Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of privilege SpoofingTamperingRepudiationDenial of ServiceElevation of privilege  Kill the mutations  Both studies show that security testing with formal threat models is very effective.  They have killed 93.2% (41/44) and 96.7% (29/30) of the mutants, respectively

20 Contributions & Conclusion  First, automated generation of executable security tests from formal threat models is a novel contribution to software security testing.  Injection of security vulnerabilities for evaluating the effectiveness of security tests is a novel contribution to mutation testing.

Download ppt "Automated Security Testing with Formal Threat Models Frank Xu Ph.D."

Similar presentations

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
CWE-732 Incorrect Permission Assignment for Critical Resource

CWE-732 Incorrect Permission Assignment for Critical Resource
Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.

Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.

1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.

SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.
Application Controls - Intro Ted Wallerstedt, CISA, CIA Principal Information Systems Auditor University of Minnesota.

Application Controls - Intro Ted Wallerstedt, CISA, CIA Principal Information Systems Auditor University of Minnesota.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.
Secure Software Development Chris Herrick 01/29/2007.

Secure Software Development Chris Herrick 01/29/2007.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.

Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
IA: Week 1 Trust & Threats Trust Models Threats and Vulnerabilities Threat Profiles.

IA: Week 1 Trust & Threats Trust Models Threats and Vulnerabilities Threat Profiles.
Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.

Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.
SQL INJECTION COUNTERMEASURES &

SQL INJECTION COUNTERMEASURES &

Similar presentations

Ads by Google