Download presentation
Presentation is loading. Please wait.
Published byShon Kelley Modified over 9 years ago
1
Automated Security Testing with Formal Threat Models Frank Xu Ph.D.
2
Overview Introduction Objectives Approach Experiments Contribution & Conclusions
5
Introduction Application security Bypass authentication attack, SQL injection attack Application vulnerabilities exceed Networking and OS vulnerabilities Weak authentication mechanism, unsanitized inputs Preventing malicious security attacks by detecting vulnerabilities SANS' 2009 Top Cyber Security Risks (http://www. sans.org/top-cyber-security-risks/),
6
Introduction How to detect software vulnerabilities? Similar to detect software bugs Security testing Tradition testing vs. security testing Traditional testing : test if a program does what it is supposed to do Testing for security: test a program against possible vulnerabilities for checking if it contains unintended behaviors Sql injection to log into the system Problem? Security testing is very labor-intensive Sql injection string: ' or '1'='1 databases, inputs, paths
7
Objectives Presents an approach to automatically test software security
8
Approach Create formal threat models represented as Predicate/Transition nets Automatically generates all attack paths, i.e., security tests Converts attach path into executable test code according to the given MIM (Model-Implementation Mapping) specification
9
PrT net http://www.informatik.uni-hamburg.de/TGI/PetriNets/introductions/aalst/elevator1.swf
10
Prt Net for dictionary attack
11
Notations Variable Binding: ø = ?x/V ?x is bound to value V. Variable Substituting: l/ø : the tuple (or token) obtained by substituting each variable in l for its bound value in ø. If l= and ø={?u/ID1,?p/PSWD1}, then l/ø=. l= (?u,?p) Enabled by ø={?u/ID1,?p/PSWD1}, P(ID1,PSWD1)
12
Transition Enabled
14
Threat Model
15
SQL injection attacks t11:do shopping, t12: login t13: check out” t21: go to login page t22: retrieve password t23: forgot your password t31: login, t32: do shopping, t33: check out using coupon code sqlstr: or 1=1--, ‘) or ‘1’=’1--, and 1’ or ‘1=’1.
16
Generating Attack Paths
17
Generating Test Code http://seleniumhq.org/movies/intro.mov
18
Model-Implementation Mapping
19
CASE STUDIES Case Study I: Magento Case Study II: FileZilla Server Mutation (S.T.R.I.D.E. ) Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of privilege SpoofingTamperingRepudiationDenial of ServiceElevation of privilege Kill the mutations Both studies show that security testing with formal threat models is very effective. They have killed 93.2% (41/44) and 96.7% (29/30) of the mutants, respectively
20
Contributions & Conclusion First, automated generation of executable security tests from formal threat models is a novel contribution to software security testing. Injection of security vulnerabilities for evaluating the effectiveness of security tests is a novel contribution to mutation testing.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.