Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.

Slides:

Advertisements

Similar presentations

Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?

Advertisements

Creating an EDS Search Box Using EBSCO’s Search Box Builder Tool

Test Yaodong Bi.

IPOG: A General Strategy for T-Way Software Testing

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.

Semantic description of service behavior and automatic composition of services Oussama Kassem Zein Yvon Kermarrec ENST Bretagne France.

COMP2001 Testing. Aims of Testing To achieve a correct system producing correct results with a variety of input data.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Testing an individual module

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Testing Components in the Context of a System CMSC 737 Fall 2006 Sharath Srinivas.

Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.

1 Software Testing and Quality Assurance Lecture 5 - Software Testing Techniques.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

OHT 9.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Chapter 9.3 Software Testing Strategies.

Types and Techniques of Software Testing

State coverage: an empirical analysis based on a user study Dries Vanoverberghe, Emma Eyckmans, and Frank Piessens.

Software Testing Sudipto Ghosh CS 406 Fall 99 November 9, 1999.

System/Software Testing

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.

Software testing techniques Software testing techniques Testing based on specifications Presentation on the seminar Kaunas University of Technology.

A Framework for Automated Web Application Security Evaluation

AMNESIA: Analysis and Monitoring for NEutralizing SQL- Injection Attacks Published by Wiliam Halfond and Alessandro Orso Presented by El Shibani Omar CS691.

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Computer Security and Penetration Testing

Coverage – “Systematic” Testing Chapter 20. Dividing the input space for failure search Testing requires selecting inputs to try on the program, but how.

1 Software testing. 2 Testing Objectives Testing is a process of executing a program with the intent of finding an error. A good test case is in that.

1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt In ACM CCS’05.

CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.

Computer Science Department Data Structure & Algorithms Lecture 8 Recursion.

Test Coverage CS-300 Fall 2005 Supreeth Venkataraman.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

1 Phase Testing. Janice Regan, For each group of units Overview of Implementation phase Create Class Skeletons Define Implementation Plan (+ determine.

Today’s Agenda  Reminder: HW #1 Due next class  Quick Review  Input Space Partitioning Software Testing and Maintenance 1.

Measuring a System’s Attack Surface Yin Shi. Overview Introduction State Machine Model Definitions and Examples Attack Surface Measurement Method Linux.

Programming with Java © 2002 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill/Irwin Chapter 5 Creating Classes.

By Sandeep Gadi 12/20/  Design choices for securing a system affect performance, scalability and usability. There is usually a tradeoff between.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

Testing and inspecting to ensure high quality An extreme and easily understood kind of failure is an outright crash. However, any violation of requirements.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.

Further Investigations into the Development and Evaluation of Reading Techniques for Object-Oriented Code Inspection Alastair Dunsmore, Marc Roper and.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Verification vs. Validation Verification: "Are we building the product right?" The software should conform to its specification.The software should conform.

Shellcode COSC 480 Presentation Alison Buben.

Software Testing.

Module 30 (Unix/Linux Security Issues II)

CompSci 230 Software Construction

Input Space Partition Testing CS 4501 / 6501 Software Testing

Structural testing, Path Testing

UNIT-4 BLACKBOX AND WHITEBOX TESTING

High Coverage Detection of Input-Related Security Faults

CS 1111 Introduction to Programming Fall 2018

IPOG: A General Strategy for T-Way Software Testing

Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.

Software Verification and Validation

Software Verification and Validation

Software Verification and Validation

Understanding and Preventing Buffer Overflow Attacks in Unix

FIGURE Illustration of Stack Buffer Overflow

UNIT-4 BLACKBOX AND WHITEBOX TESTING

Format String Vulnerability

Presentation transcript:

Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran

Outline Introduction Approach – Combinatorial Testing Algorithm – Buffer Overflow Vulnerability Test Tance – A prototype testing tool Threats to Validity Conclusion and Future Work

Introduction Buffer Overflow Vulnerabilities – Program Defects that can cause buffer to overflow at runtime Security attacks on BOV can compromise critical data structures Presents a black box testing approach to detect BOV’s Target system attacked by controlling the values of external parameters.

Attack Payload Parameter Attack Payload Parameter - whose value is likely to be copied into a buffer vulnerable to overflow, located close to critical data structure. Example – Return Address on the call stack There exists a single attack payload parameter in many buffer overflow attacks. Allows attacker to gain control over program execution

Attack Control Parameters Attack Control Parameters – external parameters which steer program execution to reach a vulnerable point. Example – A statement that copies the value of attack payload parameter P into Buffer B. As critical as choosing attack payload parameter, so as to reach the vulnerable point and carry out a successful attack. Aim – Use combinatorial testing to generate a group of tests for each value identified for each attack payload parameter, s.t. one of these is likely to steer program execution to reach a vulnerable point.

Approach- Combinatorial Testing Combinatorial testing, which is also referred to as t-way testing, requires that, for any t (out of n) parameters of M, every combination of values of these t parameters be covered at least once t – refers to strength of combinatorial testing Empirical results suggest high correlation between combinatorial coverage and code coverage. Significantly reduces the number of tests. Example: A pairwise test set for 10 boolean parameters as few as 13 tests, while exhaustive tests may require1024.

Approach- Combinatorial Testing Example – Program with 3 parameters, each taking values 0 or 1. Shows 2-way test set for these 3 parameters.

Vulnerability Detection Consider, a statement L, copying a string variable into buffer B, without checking buffer has enough space to hold. A test case can detect this vulnerability if: C1: L must be executed during the execution of test C2: When L is executed, buffer must overflow. Our approach centered on how to generate tests such that C1 and C2 are satisfied simultaneously

Hypothesis Hypothesis H1: It is often the case that a buffer is overrun by an extreme value (of an internal variable) that is derived from a single extreme value taken by an external parameter. Hypothesis validated using BOV reports in 3 public databases Hypothesis allows to generate tests s.t. each test needs only single attack payload parameter

Main Idea Identify a group of potential attack payload parameters A set of extreme values for each of these payload parameters For each attack payload parameter, identify a set of attack control parameters A set of control values for each of these attack control parameters.

Algorithm- BOV Test Algorithm BOVTest Input: A program specification M, and an integer t Output: A test set T for detecting buffer overflow vulnerabilities in an implementation of M 1. let P be the set of all the external parameters of M 2. identify a set Px ⊆ P of attack-payload parameters and a set of extreme values for each parameter p in Px 3. initialize T to be an empty test set 4. for each attack-payload parameter px in Px { 5. identify a set Pc ⊆ P of attack-control parameters for px and a set of control values for each parameter pin Pc 6. let Pd = P – Pc, and identify a default value d(p) foreach parameter p in Pd 7. for each extreme value v of px { 8. build a t-way test set T ′ for parameters in Pc using their control values 9. for each test τ ′ in T ′ { 10. create a complete test τ such that for each parameter p, τ(p) = v if p = px, τ(p) = τ ′ (p) if p ∈ Pc, and τ(p) = d(p) otherwise, where τ(p) (or τ ′ (p)) is the value of parameter p in test τ (or τ ′ ) 11. T = T ∪ τ }}} 15. return T

Parameter Identification Identification of set P x of attack payload parameters and their values. Identification of the set P c of attack control parameters and their values for each attack payload parameter in P x. Identification of the set P d of non attack control parameters and their values. Basically, P d is complement of P c.

Security Test Generation Generate a t-way test set T’ for all the parameters in P c using their control values Each test in T’ is then used as a base test to create a complete test by: Adding v as a value of P x Adding the default value of each parameter in P d

Example p1, p2, p3 – attack control parameters, p4 – attack payload parameters, p5 – non-attack control parameters. LS indicates a very long string p1, p2 and p3 take control values 0 & 1 p5 has default value 0. 2-way test set

Discussion Extreme values matter because of their extreme properties instead of their specific values. Approach effective when attack payload and control parameters identified properly, otherwise will miss Nonetheless, the approach ensures t-way coverage of each attack payload parameter and its control parameters, thus no vulnerable point will be missed in most cases.

TANCE – A prototype tool

Controller Core component of TANCE, drives the entire testing process Receives from user the external parameter model of the subject application Calls Test Generator to generate combinatorial test based on the given parameter model. For each test uses Test Transformer to transform into an executable format. Calls Test Executor to execute each test automatically.

Test Generator Implements the algorithm BOV test. Uses a combinatorial test generation tool called ACTS to generate a base combinatorial test set.

Test Transformer Transforms each combinatorial test into a format acceptable by the subject program Example: a web server requires each test to be presented as an http request

Test Executor Carries out the actual test execution process Example: Send test requests automatically to http servers. In addition test executors will restart http servers before running the next test so that there is no interference between different tests. Needs to be customized for different programs

Bounds Checker Detects actual occurrence of a buffer overflow Instruments the source code Source level information helps analysis of test results for evaluation purpose.

Threats to validity Effectiveness of the approach depends on proper identification of attack payload and attack control parameters. Validity of results are jeopardized if knowledge of known vulnerabilities were used to identify these parameters

Conclusions & Future Work Discussed black-box testing approach to detect buffer overflow vulnerabilities. The approach exploits the fact that combinatorial testing achieves high degree of code coverage. Future plan is to develop static analysis techniques for identifying attack payload and attack control parameters