Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Vulnerabilities and Their Impact upon Poirot Jun Lin Supervised by Dr. Jane Huang.

Published byAudrey Douglas Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Vulnerabilities and Their Impact upon Poirot Jun Lin Supervised by Dr. Jane Huang."— Presentation transcript:

1 Security Vulnerabilities and Their Impact upon Poirot Jun Lin LinkJoin@163.com http://students.depaul.edu/~jlin8/SE690 Supervised by Dr. Jane Huang

2 Security Vulnerabilities and Their Impact upon Poirot Agenda  Project Description  Poirot Introduction  Security Issues  Rose-based Access Control  SQL Injection  Other Security Problems  Reference  Project Plan  Question & Answer

3 Security Vulnerabilities and Their Impact upon Poirot Project Description  Background This master project is a extended project of a larger project named Poirot. Poirot is an automated traceability tool that has been developed in the RE research center. Poirot will be open-sourced in the Summer, and has already been requested by organizations such as Motorola and Siemens. Security issues are therefore important to address.

4 Security Vulnerabilities and Their Impact upon Poirot Project Description  Objectives To analyze security issues related to Poirot. Those issues specifically include Role-based access control, SQL injection, and other typical types of security problems. The work will involve a full evaluation of Poirot in respect to common security failures.

5 Security Vulnerabilities and Their Impact upon Poirot Poirot Instroduction  Poirot Is an enterprise level automated traceability tool Web based application Distributed system Use database to store traceable data

6 Security Vulnerabilities and Their Impact upon Poirot Poirot Instroduction  Architecture Web Brower Poirot Server Traceable Data Artifacts (XML) Broker Artifacts In case tool MR Service MR Adapter

7 Security Vulnerabilities and Their Impact upon Poirot Security Issues  Web Brower Poirot Server Traceable Data Artifacts (XML) Broker Artifacts In case tool MR Service MR Adapter SQL InjectionUnauthenticated access Sensitive data Disclosure, Integrity Threat Data integrity

8 Security Vulnerabilities and Their Impact upon Poirot Security Issues S1: Security S2: Only authorized access to project artifacts. S3: Secure communication S4: Minimize system vulnerabilities S5: Role based access control S7: Encrypt all comm- unication S8: Prevent dangerous characters from being passed to SQL queries from free text. S9: Limit system access to approved IP addresses S6: Screens timeout after 15 minutes of inactivity + + + + ++ ++

9 Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control  Access Control Models Discretionary Access Control (DAC) Mandatory Access Control (MAC) Task-Based Access Control (TBAC) Object-Based Access Control (OBAC) Role-Based Access Control (RBAC)

10 Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control  Advantages Natively fits to Poirot Simplifies authorization administration by assigning permissions to users through roles Can easily handle large numbers of users Confirms with job positions within organization, hence promotes usability.

11 Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control  Model Permission User Role Session Permission assignment User assignment Role hierarchy 1 n n m

12 Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control  Permission System System configuration Projects Project Configuration Artifacts Read Write More…

13 Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control  Role System Administrator Project Manager Common User ArchitectProgrammerQA … V V

14 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  "SQL Injection" is subset of the an unverified/insanities user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended.

15 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Attack Intent Identifying injectable parameters Performing database finger-printing Determining database schema Extracting data Adding or modifying data Performing denial of service Evading detection Bypassing authentication Executing remote commands

16 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Example Html  URL  http://webserver/login.jsp?userid=[user input]

17 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Example SQL & Code  SELECT count(*) as count FROM table WHERE field = ‘[user input]'  Granted = count > 1 ? True : False  How about: user input = whatever’ or ‘1’ = ‘1 ?  The SQL becomes: SELECT count(*) as count FROM table WHERE field = ‘whatever’ or ‘1’ = ‘1’  Result: once the table has records, the Granted will always be true.

18 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Example User input = whatever’; drop table –- User input = whatever’; xp_cmdshell(…) --

19 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  SQL Injection Types Tautologies Illegal/Logically Incorrect Queries Union Query Piggy Backed Queries Stored Procedures Inference Alternate Encodings

20 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Tautologies Intent  Bypassing authentication, extracting data. Example  SELECT accounts FROM users WHERE login=’’ or 1=1 -- AND pass=’’

21 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Illegal/Logically Incorrect Queries Intent  Identifying injectable parameters, performing database finger-printing. Example  SELECT accounts FROM users WHERE login=’’ AND 1 = convert (int,(select top 1 name from sysobjects where xtype=’u’)) -- AND pass=’’  Shown Error: ”Microsoft OLE DB Provider for SQL Server (0x80040E07) Error converting nvarchar value ’CreditCards’ to a column of data type int.”

22 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Stored Procedures Intent  performing denial of service, executing remote commands... Example  SELECT accounts FROM users WHERE login=’admin’; SHUTDOWN; -- AND pass=’’

23 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Alternate Encodings Intent  Evading detection Example  SELECT accounts FROM users WHERE login=’legalUser’; exec(char(0x73687574646f776e)) -- AND pass=’’  legalUser == char(0x73687574646f776e)

24 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Prevention Sanitize the input Escape the input Limit database permissions and segregate users Use stored procedures for database access Configure error reporting Using tools

25 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Second-Order SQL Injection Assume that single quote has been handled  Replace(“ ’ ”, “ ’’ ”) Attacker add a new account:  Username : admin‘ –-  Password : password Insert SQL:  insert into users values(123,’admin’’ – - ’,’password’)

26 Security Vulnerabilities and Their Impact upon Poirot SQL Injection  Second-Order SQL Injection Attacker update password  Sql = “update users set password = '" + newpassword + "' where username = '" + rs.getString("username") + "'"  update users set password = 'password' where username='admin‘ -- ‘  What happen?

27 Security Vulnerabilities and Their Impact upon Poirot Other Security Problems   Web Brower Poirot Server Traceable Data Artifacts (XML) Broker Artifacts In case tool MR Service MR Adapter Unauthenticated access Sensitive data Data integrity

28 Security Vulnerabilities and Their Impact upon Poirot Reference  Poirot: TraceMaker: A Tool for Dynamically Retrieving Traceability Links, Xuchang Zou, Chuan Duan, Raffaella Settimi, Jane Cleland-Huang.  An Extensible Architecture for Enterprise-wide Automated Requirements Traceability, Jun Lin, Chan Chou Lin, Joseph Amaya, Massimo Illario, Jane Cleland-Huang,CTIRS, 2006.  Building Secure Software: How to Avoid Security Problems the Right Way, John Viega, Gary McGraw, Addison-Wesley  The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus, Version 6.01 November 28, 2005 Copyright (C) 2005, SANS Institute, http://www.sans.org/top20/ http://www.sans.org/top20/  A Classification of SQL Injection Attacks and Countermeasures, William G.J. Halfond, Jeremy Viegas, and Alessandro Orso  SQL Injection Attacks by Example, Steve Friedl, http://www.unixwiz.net/techtips/sql-injection.html http://www.unixwiz.net/techtips/sql-injection.html

29 Security Vulnerabilities and Their Impact upon Poirot Project Plan  Phase 1: Analysis Initially research into Role-based access control and SQL injection, 05/29/2006 Make initial presentation, 06/02/2006 Further research into Role-based access control, SQL injection, and other typical types of security problems, 06/30/2006  Phase 2: Implementation Design: Class diagrams and sequence diagrams, 07/08/2006 Coding and unit testing, 08/05/2006 Integration testing, 08/10/2006  Phase 3: Documentation Write developer Instruction, 08/13/2006 Prepare final presentation, 08/15/2006  Completion: 08/15/2006

30 Security Vulnerabilities and Their Impact upon Poirot Question?

31 Security Vulnerabilities and Their Impact upon Poirot Thanks

Download ppt "Security Vulnerabilities and Their Impact upon Poirot Jun Lin Supervised by Dr. Jane Huang."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Management System

Database Management System
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
Security in SQL Jon Holmes CIS 407 Fall 2007. Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
SQL INJECTION COUNTERMEASURES &

SQL INJECTION COUNTERMEASURES &
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
A Framework for Automated Web Application Security Evaluation

A Framework for Automated Web Application Security Evaluation
A Security Review Process for Existing Software Applications

A Security Review Process for Existing Software Applications
Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.
AMNESIA: Analysis and Monitoring for NEutralizing SQL- Injection Attacks Published by Wiliam Halfond and Alessandro Orso Presented by El Shibani Omar CS691.

AMNESIA: Analysis and Monitoring for NEutralizing SQL- Injection Attacks Published by Wiliam Halfond and Alessandro Orso Presented by El Shibani Omar CS691.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Similar presentations

Ads by Google