Model inference to support detection of vulnerabilities
|
|
- Maud Pitts
- 5 years ago
- Views:
Transcription
1 Model inference to support detection of vulnerabilities Application to Web apps & services Roland GROZ LIG, Université de Grenoble Alpes Savoie, France Séminaire DGA Sécurité & MF Rennes 23 mai 2014
2 Acknowledgments Joint work (for inference) with (Team:) C. Oriat, J-L. Richier, K. Hossen, F. Duchène Muzammil Shahbaz (U. Sheffield) Keqin Li Alexandre Petrenko (CRIM, Canada) SPaCIoS partners, esp: M. Minea, PF Mihancea, I. Soara (IeAT Timisoara) Inspiration & discussion with: Doron Peled, David Lee, Kirill Bogdanov, Neil Walkinshaw, + U. Dortmund (& Uppsala) 2
3 Motivational examples Customer Retailer Couponing Reverseengineer Internet-Box from supplier (Game) Identify hidden behaviours of 3rd party s/w to put on Orange (trusted Apps) Learning interactions of home appliances Key issues: BB, 3rd party, trust, integration... Get security model of 3rd party component 3
4 Outline Why should we INFER models? Basic techniques used SPaCIoS project: security in Internet of Services (Web apps) Inference of security models for Web apps SIMPA tool (Simpa Infers Models Pretty Automatically) Inference of state + data flow for smart fuzzing KameleonFuzz 4
5 Benefits of models Tool-supported automatic analysis Thorough analysis Spotting tricky unexpected behaviours Confronting and of course: expectations <-> reality specification <-> implementation Bread & butter for attendees of this seminar on security and formal methods 5
6 Example: 3 rd party components Behaviors Interactions Validation Understanding the System of Black Box Components is a challenge How do I perform system behavioral analysis? How do I identify integration problems? Who wants to write models of 3 rd party or legacy components? How many s/w engineers actually use models? 6
7 Our goal Reverse engineer behavioural MODELS not code or design from BLACK BOX systems 3rd party remote access or too complex, not designed with models, etc just by TESTING at interfaces in order to feed into model-based tools, esp. for VULNERABILITY detection 7
8 Outline Why should we INFER models? Basic techniques used SPaCIoS project: security in Internet of Services (Web apps) Inference of security models for Web apps SIMPA tool (Simpa Infers Models Pretty Automatically) Inference of state + data flow for smart fuzzing KameleonFuzz 8
9 Various types of Machine Learning Artificial Intelligence (& datamining) Ability to infer rules, recognize patterns Learning from samples E.g. neural networks Two major techniques (among others) Statistical (bayesian) inference from collection of data -> e.g. Weka tool in testing Grammatical inference of language from theoretical computer science 9
10 Learning languages from samples "Learning from given positive/negative samples Finding a minimum DFA (Deterministic Finite Automaton) is NP-HARD Complexity of automaton identification from given data. [E. Gold 78] Even a DFA with no. of states polynomially larger than the no. of states of the minimum is NP- Complete The minimum consistent DFA problem cannot be approximated within any polynomial. [Pitt & Warmuth 93] Probably Approximately Correct (PAC) A theory of the learnable. [L.G. Valiant 84] 10
11 Active learning Active Learning "Learning from Queries : inference algorithm can query an oracle of the language Angluin's Algorithm L* [Angluin 87] Reference algorithm Two types of queries: membership, equivalence Learns Deterministic Finite Automaton (DFA) in polynomial time key assumption : Minimally Adequate Teacher (MAT) Applied in formal Software Engineering Black Box Checking [Peled 99] Learning and Testing Telecom Systems [Steffen 03] Protocol Testing [Shu & Lee 08] Dana Angluin Yale University and very active research field in model-based techniques 11
12 Our Context of Inference (testing s/w) Components having I/O behaviours I/O are structurally complex (parameters) Formidable size of input sets Input Alphabet Σ The Algorithm L* Test Strategies and heuristics Learned Models can be used to generate tests to find discrepancies System of Communicating Black Box Components Black Box Machine Poor (cheap) oracles Oracle Enhanced State Machine Models Mealy Machines Parameterized Machines Final DFA Conjecture 12
13 Our techniques (Grenoble-LIG) Extensions to Angluin-style learning parameterized, symbolic automata arbitrary (infinite) data types (esp. strings) security-oriented models & features Combining Control-Flow + Data inference machine learning statistical algos New algorithms based on quotients Tailorable + adaptive abstraction Targeting specific parts of behaviour 13
14 Outline Why should we INFER models? Basic techniques used SPaCIoS project: security in Internet of Services (Web apps) Inference of security models for Web apps SIMPA tool (Simpa Infers Models Pretty Automatically) Inference of state + data flow for smart fuzzing KameleonFuzz 14
15 SPaCIoS objectives and approach SPaCIoS Tool: penetration testing, security testing, model checking, automatic learning. Assess on security testing problem cases (industrial/open-source IoS application scenarios). Migrate to industry (SAP, SIEMENS), standardisation bodies, open-source communities. The SPaCIoS Tool Test Results Model of the SUV Model inference and adjustment SUV source code Source based inference Abstract execution trace Model of the SUV User Interface Fault location Security Analyst Test Execution Engine Security goals Tracedriven fault localization Model of the attacker Property-driven and vulnerability-driven test case generation Test case User guidance Libraries Vulnerabilities Attack Patterns Security Goals Attacker Models ASLan++ models for cryptographic protocols & security of services Model checking + Modelbased testing Some Web services may be black boxes: inferred Models used to identify potential attacks and test them SUV
16 IdP Security testing problem cases Objectives Results WP 2 Mod els Model writing, learning, extracting Security goals Attacker behavior & vulnerability models Attack combination Modelling language and Libraries ASLan++ of security aspects & goals Attack patterns, vulnerabilities, attacker models Chained attacks C IdP SP S1. GET URI A1. HTTP302 IdP?SAMLRequest=AuthReq(ID, SP)&RelayState=URI M a SAML Authentication Protocol A2. GET IdP?SAMLRequest=AuthReq(ID, SP)&RelayState=URI IdP builds an authentication assertion A3. HTTP200 Form(...) AA = AuthAssert(ID, C, IdP, SP) A4. POST SP, Response(ID, SP, IdP, {AA} K 1), RelayState(URI) S2. HTTP200 Resource(URI) M c, SUT
17 Model inference: Simpa No model Models? Aslan++? Property Partial model Model Checker Black-box model inference ASLAN++ model Model Attack trace Interactions with the system Real system
18 Model extraction: jmodex
19 KameleonFuzz Security Analyst Vulnerabilities? The SPaCIoS Tool Test Results Model of the SUV Model inference and adjustment SUV source code Source based inference Abstract execution trace Model of the SUV User Interface Fault location Test Execution Engine Security goals Tracedriven fault localization Model of the attacker Property-driven and vulnerability-driven test case generation Test case User guidance Libraries Vulnerabilities Attack Patterns Security Goals Attacker Models Inferred tainted model Interactions with the system Attack input grammar Genetic fuzzing SUV Real system
20 Outline Why should we INFER models? Basic techniques used SPaCIoS project: security in Internet of Services (Web apps) Inference of security models for Web apps SIMPA tool (Simpa Infers Models Pretty Automatically) Inference of state + data flow for smart fuzzing KameleonFuzz 20
21 Black Box inference of Security Models Extend inference methods to deal with SPaCIoS security protocols and Web applications Non-Deterministic Values (NDV, e.g. nonces) Parameters recorded in local variables (sessions IDs, cookies etc) Combining state and data inference Angluin-style observation tables Data tables to record I/O parameters New inference algorithms Combined with Weka statistical tool for parameter associations Implemented in SIMPA (open source) 21
22 Needham Schroeder model s 0 m 1 (p 1 )/ p 2 = p 1, p 3 = ndv, m 2 (p 2, p 3 ), m 1 (p 1 )/ p 2 = p 1, p 3 = ndv, m 2 (p 2, p 3 ), v 3 := p 3 v 3 := p 3 s 2 Extended FSM model of NSPK Responder m 3 (p 4 ), p 4 v 3 / KO s 1 m 3 (p 4 ), p 4 = v 3 / OK m 3 (p 4 ), p 4 = v 3 / OK m 3 (p 4 ), p 4 v 3 / KO Inferred EFSM model m 3 (p 4 )/ Ω [ε] m 1 (p 1 )/ p 2 = p 1, p 3 = ndv, m 2 (p 2, p 3 ), v 3 := p 3 [m 1 (5)] m 1 (p 1 )/ Ω 22
23 Inference algorithm S0 Inputs : m1, m3 Output : m2, OK, KO 23
24 Inference algorithm M1(5)/m2(5,423) S? S0 M3(5)/Ω S? Inputs : m1, m3 Output : m2, OK, KO 24
25 Inference algorithm M1(5)/ Ω M1(5)/m2(5,423) S? M3(5)/ KO S0 M1(5)/m2(5,867) M3(5)/Ω S? M3(5)/ Ω Inputs : m1, m3 Output : m2, OK, KO 25
26 Inference algorithm M1(5)/ Ω M1(5)/m2(5,423) S? M3(5)/ KO S0 M1(5)/m2(5,867) M3(5)/Ω S? M3(5)/ Ω Inputs : m1, m3 Output : m2, OK, KO 26
27 Inference algorithm M1(5)/m2(5,423) M1(5)/ Ω S? S0 S1 M3(5)/ KO S? M3(5)/Ω Inputs : m1, m3 Output : m2, OK, KO 27
28 Table-based inference algorithm Control table Data table 28
29 29 Nonce!
30 30 New behavior!
31 Infering guards of transitions Data mining For S1: m3/ko ((10), [(init)(init)(5)(5, 882)(init)] -> (0)) ((11), [(init)(init)(5)(5, 332)(init)] -> (0)) ((10), [(init)(init)(5)(5, 258)(init)] -> (0)) For S1: m3/ok ((887), [(init)(init)(5)(5, 887)(init)] -> (1)) ((529), [(init)(init)(5)(5, 529)(init)] -> (1)) ((175), [(init)(init)(5)(5, 175)(init)] -> (1)) 31
32 DataMining algos and decision tree (J48 : nominal/string, M5P : integer) Data[0]!= Data[5] Data[0] == Data[5] KO OK 32
33 Abstraction extraction 33
34 Connecting to the real System (SUV) Model inference on BB requires a driver to interact with the system (abstraction/concretization) Writing such drivers is time-consuming Automating driver construction for HTTP interactions based on crawling techniques: page models automatic identification of inputs, and abstracting outputs! (Magic!) SIMPA includes automatic generation of driver for Web applications: recognizes relevant input and output abstractions 34
35 Experiments 35
36 WebGoat (Stored XSS lesson) Automatic abstraction (& driver generation) 11 inputs found / 11 6 outputs found / 6 Output parameters 16 1 in the main page 15 in the profile page 36
37 WebGoat (Stored XSS lesson) Parameter for the main page 37
38 WebGoat (Stored XSS lesson) Parameters for the profile page (which contains the XSS) The name and the fields of the profile are detected by the crawler XSS attack is detected by the SPaCIoS tool 38
39 Inferred model LoginI(user,pass)/ {invalid credentials} home(status) LoginV(user,pass)/ {valid credentials} listing(status) s 0 Logout(profileID)/ home(status) 39 viewprofile(profileid)/ Profile(status) editprofile(profileid)/ editionpage(status) Login(user,pass)/ s 1 {valid credentials} listing(status) updateprofile(profileid)/ Profile(status)
40 Outline Why should we INFER models? Basic techniques used SPaCIoS project: security in Internet of Services (Web apps) Inference of security models for Web apps SIMPA tool (Simpa Infers Models Pretty Automatically) Inference of state + data flow for smart fuzzing KameleonFuzz 40
41 KameleonFuzz precise & automatic detection of XSS Fabien Duchène (PhD 2/6/2014) with Roland Groz, Sanjay Rawat & Jean-Luc Richier 23/05/14 KameleonFuzz - XSS fuzzing 41
42 Black Box XSS detection 42
43 Approach Overview evolve inputs Evolutionary Algorithm A. Inferring SUT state model B. Approximate Taint Dataflow - taint inputs - infer taint in outputs - annotate model C.1. Malicious Inputs Generation - generate inputs C.2. D. Precise Taint Dataflow - attack successful? if new page or state discovered 43 23/05/14 KameleonFuzz - XSS fuzzing
44 A. Model Inference evolve inputs Evolutionary Algorithm A. Inferring SUT state model B. Approximate Taint Dataflow - taint inputs - infer taint in outputs - annotate model C.1. Malicious Inputs Generation - generate inputs C.2. D. Precise Taint Dataflow - attack successful? if new page or state discovered Form Page model Page clustering Navigation 44 23/05/14 KameleonFuzz - XSS fuzzing
45 B. Model Annotation (taint inference) evolve inputs Evolutionary Algorithm A. Inferring SUT state model B. Approximate Taint Dataflow - taint inputs - infer taint in outputs - annotate model C.1. Malicious Inputs Generation - generate inputs C.2. D. Precise Taint Dataflow - attack successful? if new page or state discovered 45 23/05/14 KameleonFuzz - XSS fuzzing
46 B. SUT Model annotation We annotate the model for type-1 & type-2 REFLECTIONS 46 23/05/14 KameleonFuzz - XSS fuzzing
47 Ex: of reflection annotation 47 23/05/14 KameleonFuzz - XSS fuzzing
48 Ex. of annotated SUT model: type-1 XSS 48 23/05/14 KameleonFuzz - XSS fuzzing
49 C. Evolutionary Fuzzing evolve inputs Evolutionary Algorithm A. Inferring SUT state model B. Approximate Taint Dataflow - taint inputs - infer taint in outputs - annotate model C.1. Malicious Inputs Generation - generate inputs C.2. D. Precise Taint Dataflow - attack successful? if new page or state discovered Attack Input Grammar Mutation & Crossover Fitness & Test Verdict 49 23/05/14 KameleonFuzz - XSS fuzzing
50 Attack Input Grammar considered SUT filters browser specific string transformations anti-filters production rules several realistic payloads hacker sources (Shazzer..) Payloads production rules Sets of Attack Vectors (evtly structured) Attack Input Grammar 50 23/05/14 KameleonFuzz - XSS fuzzing
51 Scanner comparisons 51 23/05/14 KameleonFuzz - XSS fuzzing
52 Conclusion Model inference to detect vulnerabilities: it works! ready to become key ingredient in combination with other techniques Black box inference is powerful enough White box suffers from many limitations (aliasing, external libraries, scaling ) But can be complementary (e.g. guard inference vs constraint solving) 52
53 Some perspectives Model inference can help reverse engineering (& understanding) code Possibly malware? Many ways to combine smart fuzzing & inference Feedback loop fuzzing -> model Combining WB & BB inference Binary code analysis enhanced with behavioural model 53
Black-Box Components using Abstraction
Generating Models of Black-Box Components using Abstraction Bengt Jonsson Uppsala University Joint work with Fides Aarts 1, Falk Howar 2, Bernhard Steffen 2, Johan Uijen 1 1: Radboud University, Nijmegen
More informationIntegration of Formal Methods and Testing for Model-Based Systems Engineering NII Shonan Meeting, Japan, Nov. 30 Dec. 4, 2014
Alexandre Petrenko Lead Researcher Computer Research Institute of Montreal CRIM, Canada Curiosity driven and industrial research: FranceTelecom, Siemens, Bombardier, SAP, CAE, Ericsson, GM Integration
More informationSoftware Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!
Software Security Final Exam Preparation Note: This document contains the questions from the final exam on 09.06.2017. Additionally potential questions about Combinatorial Web Security Testing and Decentralized
More informationWeb Applications (Part 2) The Hackers New Target
Web Applications (Part 2) The Hackers New Target AppScan Source Edition Terence Chow Advisory Technical Consultant An IBM Rational IBM Software Proof of Technology Hacking 102: Integrating Web Application
More informationPenetration Testing. James Walden Northern Kentucky University
Penetration Testing James Walden Northern Kentucky University Topics 1. What is Penetration Testing? 2. Rules of Engagement 3. Penetration Testing Process 4. Map the Application 5. Analyze the Application
More informationCS Lecture 2. The Front End. Lecture 2 Lexical Analysis
CS 1622 Lecture 2 Lexical Analysis CS 1622 Lecture 2 1 Lecture 2 Review of last lecture and finish up overview The first compiler phase: lexical analysis Reading: Chapter 2 in text (by 1/18) CS 1622 Lecture
More informationModel-based Testing - From Safety to Security
Model-based Testing - From Safety to Security Josip Bozic Technische Universität Graz, Institute for Software Technology Inffeldgasse 16b/2, A-8010 Graz, Austria Tel: +43 316 873 5734 Fax: +43 316 873
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationSoftware security, secure programming
Software security, secure programming Fuzzing and Dynamic Analysis Master on Cybersecurity Master MoSiG Academic Year 2017-2018 Outline Fuzzing (or how to cheaply produce useful program inputs) A concrete
More informationOutline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
More informationMalicious Code Analysis II
Malicious Code Analysis II STRANGER: An Automata-based String Analysis Tool for PHP Mitchell Adair November 28 th, 2011 Outline 1 STRANGER 2 Outline 1 STRANGER 2 STRANGER Credit: [STRANGER: An Automata-based
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationRALib: A LearnLib extension for inferring EFSMs
RALib: A Lib extension for inferring EFSMs Sofia Cassel Uppsala University Uppsala, Sweden sofia.cassel@it.uu.se Falk Howar TU Clausthal Clausthal-Zellerfeld, Germany falk.howar@tu-clausthal.de Bengt Jonsson
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationDetection of Logic Flaws in Web Applications
Detection of Logic Flaws in Web Applications Davide Balzarotti Giancarlo Pellegrino Distributed, Service-oriented, Web-based applications Seller Inc. Bank Inc. U S P Order item I Transfer value(i) to S
More informationTheory of Computations Spring 2016 Practice Final Exam Solutions
1 of 8 Theory of Computations Spring 2016 Practice Final Exam Solutions Name: Directions: Answer the questions as well as you can. Partial credit will be given, so show your work where appropriate. Try
More informationApplying AI in Application Security
FEATURE Applying AI in Application Security Do you have something to say about this article? Visit the Journal pages of the ISACA website (www.isaca. org/journal), find the article and click on the Comments
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationTheory of Computations Spring 2016 Practice Final
1 of 6 Theory of Computations Spring 2016 Practice Final 1. True/False questions: For each part, circle either True or False. (23 points: 1 points each) a. A TM can compute anything a desktop PC can, although
More informationHacking 102 Integrating Web Application Security Testing into Development
Hacking 102 Integrating Web Application Security Testing into Development Greg Pedley - gpedley@au1.ibm.com Brett Wallace - bretwal@au1.ibm.com Denice Wong deniwong@au1.ibm.com An IBM Proof of Technology
More informationMachine Learning in Formal Verification
Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies Synopsys, Inc. June 18, 2017 1 Build Better Formal Verification Tools? BICYCLE CAR DOG Software that learns
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationGenerating String Attack Inputs Using Constrained Symbolic Execution. presented by Kinga Dobolyi
Generating String Attack Inputs Using Constrained Symbolic Execution presented by Kinga Dobolyi What is a String Attack? Web applications are 3 tiered Vulnerabilities in the application layer Buffer overruns,
More informationActive Learning of Life-state Automata
Active Learning of Life-state Automata Krishna Chaitanya Sripada April 29, 2016 Contents 1 Introduction 2 2 Motivation 2 3 Problem and Related Work 3 4 Active Learning for Standard Automata 3 5 Contributions
More informationEvolutionary design for the behaviour of cellular automaton-based complex systems
Evolutionary design for the behaviour of cellular automaton-based complex systems School of Computer Science & IT University of Nottingham Adaptive Computing in Design and Manufacture Bristol Motivation
More informationFormal Methods for Assuring Security of Computer Networks
for Assuring of Computer Networks May 8, 2012 Outline Testing 1 Testing 2 Tools for formal methods Model based software development 3 Principals of security Key security properties Assessing security protocols
More informationTaking White Hats to the Laundry: How to Strengthen Testing in Common Criteria
Taking White Hats to the Laundry: How to Strengthen Testing in Common Criteria Apostol Vassilev, Principal Consultant September 23,2009. Product Testing in Common Criteria Product Testing in Common Criteria
More informationStatic analysis of PHP applications
Static analysis of PHP applications Ondřej Šerý DISTRIBUTED SYSTEMS RESEARCH GROUP http://dsrg.mff.cuni.cz CHARLES UNIVERSITY PRAGUE Faculty of Mathematics and Physics References G. Wassermann, Z. Su:
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Ixia NTO 7303 and Vision ONE v4.5.0.29 30 October 2017 383-4-409 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be
More informationExtended Finite-State Machine Induction using SAT-Solver
Extended Finite-State Machine Induction using SAT-Solver Vladimir Ulyantsev, Fedor Tsarev ulyantsev@rain.ifmo.ru, tsarev@rain.ifmo.ru St. Petersburg National Research University of IT, Mechanics and Optics
More informationAnother Brick O the Wall: Deconstructing Web Application Firewalls Using Automata Learning
Another Brick O the Wall: Deconstructing Web Application Firewalls Using Automata Learning George Argyros Columbia University argyros@cs.columbia.edu Ioannis Stais Census S.A. istais@census-labs.com Web
More informationThe Trusted Attribute Aggregation Service (TAAS)
The Trusted Attribute Aggregation Service (TAAS) Privacy Protected Identity Management with User Consent, Minimum Dislosure and Unlinkability George Inman, David Chadwick, Kristy Siu What problems does
More informationSession 5311 Critical Testing Programs for Security Operations
Session 5311 Critical Testing Programs for Security Operations Introduction Neil Lakomiak UL Rodney Thayer Smithee Spelvin Agnew & Plinge, Inc. Coleman Wolf Environmental Systems Design, Inc. Testing Programs
More informationMultiple Choice Questions
Techno India Batanagar Computer Science and Engineering Model Questions Subject Name: Formal Language and Automata Theory Subject Code: CS 402 Multiple Choice Questions 1. The basic limitation of an FSM
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationSoftware Vulnerability
Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the
More informationFinite Automata. Dr. Nadeem Akhtar. Assistant Professor Department of Computer Science & IT The Islamia University of Bahawalpur
Finite Automata Dr. Nadeem Akhtar Assistant Professor Department of Computer Science & IT The Islamia University of Bahawalpur PhD Laboratory IRISA-UBS University of South Brittany European University
More informationLast lecture CMSC330. This lecture. Finite Automata: States. Finite Automata. Implementing Regular Expressions. Languages. Regular expressions
Last lecture CMSC330 Finite Automata Languages Sets of strings Operations on languages Regular expressions Constants Operators Precedence 1 2 Finite automata States Transitions Examples Types This lecture
More informationEffizientere IT-Sicherheitstests mit Hilfe von Usage-based Testing
Effizientere IT-Sicherheitstests mit Hilfe von Usage-based Testing GI TAV 37 5. Februar 2015 Martin Schneider Fraunhofer FOKUS Steffen Herbold Universität Göttingen Outline Challenge: Efficiency of Security
More informationSecure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationFending Off Cyber Attacks Hardening ECUs by Fuzz Testing
Fending Off Cyber Attacks Hardening ECUs by Fuzz Testing In designing vehicle communication networks, security test procedures play an important role in the development process. Fuzz testing, which originated
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT CA Technologies CA API Gateway v9.2 10 October 2017 383-4-417 V 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be
More informationOpenID Security Analysis and Evaluation
University of British Columbia OpenID Security Analysis and Evaluation San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationDes petits bugs aux virus Quelques travaux et études au Laboratoire de Haute Sécurité du Loria. Jean-Yves Marion
Des petits bugs aux virus Quelques travaux et études au Laboratoire de Haute Sécurité du Loria!!! Advertising networks Web applications Compromised XSS SQL Injection Data User User browser http protocole
More informationNotes From The field
Notes From The field tools and usage experiences Jarkko Holappa Antti Laulajainen Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the License.
More informationInference and Abstraction of Communication Protocols
IT 09 058 Examensarbete 45 hp November 2009 Inference and Abstraction of Communication Protocols Fides Aarts Institutionen för informationsteknologi Department of Information Technology Abstract Inference
More informationModel-based Behavioural Fuzzing. Martin Schneider (Fraunhofer FOKUS)
Model-based Behavioural Fuzzing Martin Schneider (Fraunhofer FOKUS) Outline Introduction to fuzzing Behavioural fuzzing of UML sequence diagrams Test case selection by augmenting the model Conclusions
More information(a) R=01[((10)*+111)*+0]*1 (b) ((01+10)*00)*. [8+8] 4. (a) Find the left most and right most derivations for the word abba in the grammar
Code No: R05310501 Set No. 1 III B.Tech I Semester Regular Examinations, November 2008 FORMAL LANGUAGES AND AUTOMATA THEORY (Computer Science & Engineering) Time: 3 hours Max Marks: 80 Answer any FIVE
More informationWEB APPLICATION SCANNERS. Evaluating Past the Base Case
WEB APPLICATION SCANNERS Evaluating Past the Base Case GREG OSE PATRICK TOOMEY Presenter Intros Overview An overview of web application scanners Why is it hard to evaluate scanner efficacy? Prior Work
More informationOverview of Timed Automata and UPPAAL
Overview of Timed Automata and UPPAAL Table of Contents Timed Automata Introduction Example The Query Language UPPAAL Introduction Example Editor Simulator Verifier Conclusions 2 Introduction to Timed
More informationSoftware Security IV: Fuzzing
1 Software Security IV: Fuzzing Chengyu Song Slides modified from Dawn Song 2 Administrivia Homework1 Due: Friday Oct 27 11:59pm Questions regarding reading materials Talk Security R&D in a Security Company:
More informationLexical Analysis. Introduction
Lexical Analysis Introduction Copyright 2015, Pedro C. Diniz, all rights reserved. Students enrolled in the Compilers class at the University of Southern California have explicit permission to make copies
More informationConversion of Fuzzy Regular Expressions to Fuzzy Automata using the Follow Automata
Conversion of Fuzzy Regular Expressions to Fuzzy Automata using the Follow Automata Thesis submitted in partial fulfillment of the requirements for the award of degree of Master of Engineering in Software
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationA systematic approach to eliminating the vulnerabilities in smart cards evaluation
A systematic approach to eliminating the vulnerabilities in smart cards evaluation Hongsong Shi, Jinping Gao, Chongbing Zhang hongsongshi@gmail.com China Information Technology Security Evaluation Center
More informationJNTUWORLD. Code No: R
Code No: R09220504 R09 SET-1 B.Tech II Year - II Semester Examinations, April-May, 2012 FORMAL LANGUAGES AND AUTOMATA THEORY (Computer Science and Engineering) Time: 3 hours Max. Marks: 75 Answer any five
More informationLearning Path Queries on Graph Databases
Learning Path Queries on Graph Databases Radu Ciucanu joint work with Angela Bonifati and Aurélien Lemay University of Lille, France INRIA Lille Nord Europe Links Project EDBT 15 March 24, 2015 Radu Ciucanu
More informationProfessional Services Overview
Professional Services Overview Internet of Things (IoT) Security Assessment and Advisory Services IOT APPLICATION MOBILE CLOUD NETWORK Company Overview HISTORY HISTORY Founded in 2010 Headquartered in
More informationIntegration of the softscheck Security Testing Process into the V-Modell
Integration of the softscheck Security Testing Process into the V-Modell Wilfried Kirsch, Prof. Dr. Hartmut Pohl softscheck GmbH Köln Büro: Bonnerstr. 108. 53757 Sankt Augustin www. softscheck.com Products
More informationResearch Overview. Provenance Themes. Dr. Martin Chapman March 17, King s College London
Research Overview Provenance Themes Dr. Martin Chapman March 17, 2017 King s College London martin.chapman@kcl.ac.uk 1 Overview Learning the language of error Playing Hide-And-Seek Storing and processing
More informationTesting! Prof. Leon Osterweil! CS 520/620! Spring 2013!
Testing Prof. Leon Osterweil CS 520/620 Spring 2013 Relations and Analysis A software product consists of A collection of (types of) artifacts Related to each other by myriad Relations The relations are
More informationInference and Analysis of Formal Models of Botnet Command and Control Protocols
Inference and Analysis of Formal Models of net Command and Control Protocols Chia Yuan Cho Domagoj Babić Eui Chul Richard Shin Dawn Song University of California, Berkeley {chiayuan@cs,babic@cs,ricshin,dawnsong@cs}.berkeley.edu
More informationSTAMP: AN AUTOMATED UNKNOWN ZERO- DAY VULNERABILITY DISCOVERY SYSTEM FOR MOBILE PLATFORMS
STAMP: AN AUTOMATED UNKNOWN ZERO- DAY VULNERABILITY DISCOVERY SYSTEM FOR MOBILE PLATFORMS Dr. S. P. T. Krishnan Institute for Infocomm Research Ms. Seetha M. J. Institute for Infocomm Research Session
More informationHuman vs Artificial intelligence Battle of Trust
Human vs Artificial intelligence Battle of Trust Hemil Shah Co-CEO & Director Blueinfy Solutions Pvt Ltd About Hemil Shah hemil@blueinjfy.net Position -, Co-CEO & Director at BlueInfy Solutions, - Founder
More informationOur sponsors Zequi V Autopsy of Vulnerabilities
Our sponsors Our sponsors Our sponsors About me Who s me? Ezequiel Zequi Vázquez Backend Developer Sysadmin & DevOps Hacking & Security Speaker since 2013 About me Index 1 Introduction 2 Analysis of Vulnerabilities
More informationStatic Analysis and Bugfinding
Static Analysis and Bugfinding Alex Kantchelian 09/12/2011 Last week we talked about runtime checking methods: tools for detecting vulnerabilities being exploited in deployment. So far, these tools have
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationDevelopment*Process*for*Secure* So2ware
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationDetecting Self-Mutating Malware Using Control-Flow Graph Matching
Detecting Self-Mutating Malware Using Control-Flow Graph Matching Danilo Bruschi Lorenzo Martignoni Mattia Monga Dipartimento di Informatica e Comunicazione Università degli Studi di Milano {bruschi,martign,monga}@dico.unimi.it
More informationSchema-Guided Query Induction
Schema-Guided Query Induction Jérôme Champavère Ph.D. Defense September 10, 2010 Supervisors: Joachim Niehren and Rémi Gilleron Advisor: Aurélien Lemay Introduction Big Picture XML: Standard language for
More informationIntroduction to Dynamic Analysis
Introduction to Dynamic Analysis Reading assignment Gary T. Leavens, Yoonsik Cheon, "Design by Contract with JML," draft paper, http://www.eecs.ucf.edu/~leavens/jml//jmldbc.pdf G. Kudrjavets, N. Nagappan,
More informationLiveEngage Messaging Platform: Security Overview Document Version: 2.0 July 2017
LiveEngage Messaging Platform: Security Overview Document Version: 2.0 July 2017 Contents Introduction... 3 Supported Platforms... 3 Protecting Data in Transit... 3 Protecting Data at Rest... 3 Encryption...
More informationYour Auth is open! Oversharing with OpenAuth & SAML
Your Auth is open! Oversharing with OpenAuth & SAML Andrew Pollack Northern Collaborative Technologies 2013 by the individual speaker Sponsors 2013 by the individual speaker Who Am I? Andrew Pollack President
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationSecurity Testing. John Slankas
Security Testing John Slankas jbslanka@ncsu.edu Course Slides adapted from OWASP Testing Guide v4 CSC 515 Software Security What is Security Testing? Validate security controls operate as expected What
More informationMessage authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:
Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationEfficient Algorithms for Test Sequence Selection. (Extended Abstract)
Efficient Algorithms for Test Sequence Selection (Extended Abstract) David Lee and Ruibing Hao Bell Labs Research China, Beijing, China Abstract:We study the test sequence selection problem. Given a large
More informationPart I: Preliminaries 24
Contents Preface......................................... 15 Acknowledgements................................... 22 Part I: Preliminaries 24 1. Basics of Software Testing 25 1.1. Humans, errors, and testing.............................
More informationFine-grained Compatibility and Replaceability Analysis of Timed Web Service Protocols
Fine-grained Compatibility and Replaceability Analysis of Timed Web Service Protocols Julien Ponge 1,2, Boualem Benatallah 2, Fabio Casati 3 and Farouk Toumani 1 (1) Université Blaise Pascal, Clermont-Ferrand,
More informationModel-Based Testing. (DIT848 / DAT260) Spring Lecture 10 FSMs, EFSMs and ModelJUnit
Model-Based Testing (DIT848 / DAT260) Spring 2015 Lecture 10 FSMs, EFSMs and ModelJUnit Gerardo Schneider Department of Computer Science and Engineering Chalmers University of Gothenburg 1 Outline The
More informationR10 SET a) Construct a DFA that accepts an identifier of a C programming language. b) Differentiate between NFA and DFA?
R1 SET - 1 1. a) Construct a DFA that accepts an identifier of a C programming language. b) Differentiate between NFA and DFA? 2. a) Design a DFA that accepts the language over = {, 1} of all strings that
More informationLigRE: Reverse-Engineering of Control and Data Flow Models for Black-Box XSS Detection
LigRE: Reverse-Engineering of Control and Data Flow Models for Black-Box XSS Detection Fabien Duchène LIG Lab, Grenoble INP Ensimag Grenoble F-38402, France [lastname]@car-online.fr Sanjay Rawat LIG Lab,
More informationApplying Machine Learning to Real Problems: Why is it Difficult? How Research Can Help?
Applying Machine Learning to Real Problems: Why is it Difficult? How Research Can Help? Olivier Bousquet, Google, Zürich, obousquet@google.com June 4th, 2007 Outline 1 Introduction 2 Features 3 Minimax
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationConfigure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationAutomated Extraction of Network Protocol Specifications
Automated Extraction of Network Protocol Specifications ARO MURI on Cyber Situation Awareness Kick Off Meeting Christopher Kruegel Computer Security Group, Motivation Stateful protocol specifications are
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationVulnerability & Attack Injection for Web Applications
Vulnerability & Attack Injection for Web Applications José Fonseca Marco Vieira Henrique Madeira DSN, Estoril, Portugal, 30/06/2009 University of Coimbra, Portugal Presentation Outline Research problem
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More informationGenerating a Model of a Communication Protocol from Test Data
IT 09 012 Examensarbete 45 hp Juni 2009 Generating a Model of a Communication Protocol from Test Data Siavash Soleimanifard Institutionen för informationsteknologi Department of Information Technology
More information