T Salausjärjestelmät (Cryptosystems) Security testing. Security testing. Outline. Testing Final stages of life cycle
|
|
- Pierce Francis
- 6 years ago
- Views:
Transcription
1 T Salausjärjestelmät (Cryptosystems) Testing Final stages of life cycle Security testing Outline Security testing Security testing Some testing techniques Final stages of life cycle Security testing A subset of normal testing, but the approach is different A few important aspects make it more difficult Difficult to measure success of a test Expected result security is intact => how to measure this? Silent failures Security failures are often silent Example: cryptographic key at both ends broken in the same way Asymmetry between attacker and defender Requires us to verify functionality of very obscure scenarios It's difficult to simulate attacks, even in white box testing An attacker may be able to feed corrupted data to an internal interface i.e. reach states that are otherwise almost unreachable This may be very difficult to do using valid inputs 2 4
2 Testing in general Determining test cases Glen Myers on testing 1. Testing = execution of a program, with the intent of finding errors 2. Good test case = high probability of finding an as-yet-undiscovered error 3. Successful test = uncovers an as-yet-undiscovered error Black box and white box (glass box) testing White box testing more relevant to security critical software Module testing determining test cases Common goal is to execute all paths of control (various definitions) For security critical software, also the unlikely paths are interesting Normal data select to exercise all control paths Boundary data natural boundaries, + {-1, 0, 1} Random data brute force Exceptions unexpected signals and traps, etc. 5 Boundary data Typical programming errors occur on the boundary Often result in off-by-one (or one-off ) errors Inputs often modelled as equivalence classes Examples Loop is iterated once too often Array index check is off-by-one, and allows overwriting one char Boundary value test cases try to cause such errors to occur Determining test cases is usually straightforward Example: function input integer n must be in range => test boundary data -1, 0, 1, 98, 99, 100 Invalid input Valid input Invalid input 7 Determining test cases Determining test cases Normal data try to exercise all parts of the code Function coverage All functions executed at least once? Statement coverage (aka line coverage ) All statements in function executed at least once? Decision coverage (aka branch coverage ) All branches evaluated to both true and false? Condition coverage and multiple condition coverage All components of logical expressions evaluated to both true and false? Multiple condition coverage => all combinations of true/false values Path coverage All paths of control evaluated? Issues with correlated conditions and loops Relational operator coverage Example: (x < 10) => tested with (x < 10), (x = 10), (x > 10) 6 Random data Generate random inputs using some useful distribution Both valid and invalid inputs should be generated Must be able to determine success or failure of test Example: against a reference implementation Example: mathematical property (y=sqrt(x) => test y*y=x) Exceptions Generate unexpected signals using various timings Generate signals when previous signals are being handled, etc. Time-dependent and thus difficult to arrange in practice Timing inputs In multi-threaded applications timing is often a major headache Testing timing is important, but difficult 8
3 Drivers and stubs A module is typically tested using drivers and stubs Provide a prosthetic environment for the module Drivers and stubs can be used to feed unlikely errors into the module E.g. test invalid inputs that cannot be tested in integration or system testing Attacks often involve causing invalid inputs (from above or below) Can be simulated by stubs / drivers doing the same Driver 1... Driver N Module under test Driver X Module under test Using invalid inputs Typical sources of inputs Specific test cases e.g. boundary conditions, known attacks (Pseudo)random inputs brute force for conditions we can't think of Actual inputs but distorted usually possible in system testing only Internal distortion specific testing code added to module Generating (pseudo)random inputs It's a good idea to use a PRNG with a known seed, so a test can be repeated Not always possible if time dependent module Must ensure that statistical distribution of inputs is reasonably sane Usually must use heuristics Example: 50% of tests on short inputs and 50% on long inputs A natural distribution when an attacker is involved? Stub 1... Stub N Stub Y 9 11 Using invalid inputs Some testing techniques 10 Distorted real inputs Examples For 10% of network packets, packet truncation and/or corruption For 5% of memory allocations, claim out of memory Goals We can test whether the implementation (e.g. protocol) can survive and do it's duty even with partially corrupted inputs Exercise code related to input sanity checking (e.g. can detect TLV decoding loop when length=0) Advantages Can generate errors in system states that cannot be achieved with black box testing (e.g. random inputs from outside) Disadvantages Usually feasible to apply in integration or system testing only 12
4 Using invalid inputs Internal distortion Add distortion code to module under test Code distorts internal data in well chosen locations We assume attacker might be able to do this in real life Example: buffer overflow in internal code Distortion code enabled conditionally for a test build Dangerous ensure that the build identifies itself as a test build Advantages Can exercise internal error handling which is otherwise difficult Simulates the impact of an attack, i.e. measures containment Disadvantages We cannot distort completely arbitrarily if we violate basic invariants, the code is not supposed to deal with it Of course, secure code should detect inconsistency and bail out Penetration testing ( Tiger team ) A third party who attempts to penetrate a system Try to avoid motivation conflict May be black box or white box White box (= source given) more relevant Have to assume that attacker has source, even with closed source (consider Windows source code theft) Advantages Avoids motivation conflict, semi-objective Third party may have better competence Disadvantages Cost and time Results limited by third party's competence (difficult to assess) Using invalid inputs Test vectors Determining success (= no security issue) is difficult A test case requires an expected result part for ensuring success But typical effects from testing on invalid inputs include random memory corruption, crashes, etc. => Typical criterion: code is stable (= no crash) Best to combine with a dynamic analysis tool (e.g. Valgrind) Ensure no complaints from the tool during testing May catch e.g. buffer overflows or NULL pointers A valuable technique in practice Simulates conditions that are often very difficult to reach otherwise For some testing, a stub approach can be used instead E.g. out-of-memory conditions 14 Simply test cases for cryptographic primitives and constructs Try to maximize coverage of code and functionality with a reasonable set of tests Randomized tests against a reference implementation Useful in many stages Crypto specification for clarifying interpretation Software implementation for testing correctness of implementation Regression testing for ensuring primitives are still correct May catch e.g. compiler bugs, or differences between compilers Deployed, running system for ensuring integrity of code and data Very important A faulty cryptographic primitive may be very difficult to find Especially if the bug is not total 16
5 Interoperability testing Testing for Denial-of-Service Test against other implementations Typically used for cryptographic protocols But can also be used for other things (e.g. PGP interoperability) Advantages Tests functionality of cryptographic constructs Catches most differences in cryptographic constructs, e.g. if key derivation algorithms differ Real-world system test Also has marketing value to vendor => motivation Disadvantages Two vendors may misinterpret specification the same way Does not ensure security, just functionality Often costly e.g. interoperability meeting ( bake-off ) Specific to particular standards 17 Denial-of-Service may result from many things Actual exploits of implementation flaws But may also be inherent to a protocol For instance, in IKE Aggressive Mode, responding host must compute Diffie-Hellman after receiving first message If DoS can be caused legitimately, it needs to be measured Use attack software to cause legitimate DoS If DoS unavoidable because of e.g. protocol requirements Desirable result is to have clean and predictable behavior Bounded memory or processor use Recovery to normal after attack ceases If DoS can be avoided, e.g. protocol provides ways to do that Desirable result is to experience only a minimal level of DoS 19 Leak testing Product installer Memory leaks (and other resources leaks) are nasty Software may leak resources in error conditions only, for instance Leaking software is susceptible to Denial-of-Service If out-of-resources condition exposes other bugs, may also be a security issue Leaks can be found in several ways Dynamic analysis tools Monitoring process statistics in UNIX systems Periodic printouts (in event loop, for instance) Most methods require that a leak is triggered Thus often invalid inputs and internal corruption used 18 Product installer is an important system component Goal is to get system into an initial secure state (or fail completely) Important to test effect of media / bus corruption If files are copied incorrectly, can have fatal consequences Broken crypto library can cause various problems Errors in code can have arbitrary impact Installer should verify copy operations and detect copy errors If product does not have integrity protection Consider encapsulating product files for distribution Example: compression improves likelihood of corruption detection Corruption on hard drive less likely than corruption of e.g. floppy or CD Still, better to fix at the source 20
6 Deployment issues Final stages of lifecycle Physical environment If cryptosystem relies on physical protection, must ensure its adequacy Example: often servers required to be physically protected but organizational policies not good enough (social engineering) Hardware and software environment Hardware and software must match system requirements Requirements in user documentation If operating system not delivered as part of product, a specific, tested version should be used Example: kernel level exploits in some Linux systems => choice of operating system version not trivial Certification is often relative to a certain OS In general, we must check that security assumptions are met Deployment issues Overall goals Deployed system configuration is secure Security services and their limitations are understood (e.g. by customer) Required organizational policies and processes are in place Deployed components haven't been tampered with Documentation Like a specification, documentation must be clear, complete, and consistent Must also be easily understandable Difficult, how to ensure administrator understands e.g. rationale for choosing cryptographic parameters? Documentation must provide enough information to... Understand intended usage and limitations of the system Configure system properly to achieve security goals Deployment issues Default configuration Security critical should always be safe out of the box Surprising how often this is not the case If feature X cannot be secure by default, it must be disabled Software may indicate this to administrator to improve usability Should also be noted in configuration ( initial configuration ) A configuration wizard may be used to enter into one of welldefined starting configurations for different usage scenarios Must ensure components haven't been tampered with More difficult than it sounds e.g. how to ensure smartcards are OK? Several techniques, e.g. sealing by manufacturer, difficult to forge For software, various alternatives Network download + signed MD5 sums, or physical trusted media 22 24
7 Maintenance issues Maintenance needs caused by many factors Hardware breakdown and upgrades => may require software changes New features requested by customer to improve usage Bug fixes (functional or security) Changes to deployment = mini-deployment Must apply testing procedures and re-think deployment scenario Have some essential requirements or assumptions changed compared to time before new version? In addition, must think of backwards compatibility In client-server protocols, is new version compatible with old clients? Do clients need to be upgraded? Does configuration need changing? Incremental or complete update? Incremental must consider security of intermediate configuration Retirement Typical goals Controlled process of dismantling system Cryptography => what to do with system data? a) Ensure it's properly erased (or destroyed) b) Ensure it's properly archived Erasing data properly Hard drives are a particular problem, since they retain a lot of data Example: Some methods Disk eraser software (e.g. IBAS ExpertEraser, Linux shred) Strong magnetic field ( Degausser ) Erasing individual files is often very difficult Underlying file system may e.g. relocate files Thus, typically entire partitions / drives are erased Maintenance issues Summary Software updates are becoming more and more important Necessitated by penetrate-and-patch method of software development Pressure caused by viruses, worms, and other exploits increasing Market requires quicker fixes (competitive pressure) Typical goal is to fix and deploy before problem become public Common rules of conduct for security incidents is to give vendor time to fix and deploy problem before wider publicity Several models can be used for updating software securely Media deliveries with trusted media (seals, etc) Network updates Digital signatures a key method in providing assurance Unfortunately many systems don't use a secure update mechanism Example: many Linux distributions are insecure in this respect! 26 Security testing Some testing techniques Final stages of life cycle This concludes the main lectures of this course Next time: Visiting lecturer After that: Summary lecture 28
8 Thank you! Questions? 29
Testing Objectives. Successful testing: discovers previously unknown errors
Testing Objectives Informal view: Testing: a process of executing software with the intent of finding errors Good testing: a high probability of finding as-yetundiscovered errors Successful testing: discovers
More informationOverview. State-of-the-Art. Relative cost of error correction. CS 619 Introduction to OO Design and Development. Testing.
Overview CS 619 Introduction to OO Design and Development ing! Preliminaries! All sorts of test techniques! Comparison of test techniques! Software reliability Fall 2012! Main issues: There are a great
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationTest Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,
Test Conditions Closed book, closed notes, no calculator, no laptop just brains 75 minutes Steven M. Bellovin October 19, 2005 1 Form 8 questions I m not asking you to write programs or even pseudo-code
More informationSoftware Testing Strategies. Slides copyright 1996, 2001, 2005, 2009, 2014 by Roger S. Pressman. For non-profit educational use only
Chapter 22 Software Testing Strategies Slide Set to accompany Software Engineering: A Practitioner s Approach, 8/e by Roger S. Pressman and Bruce R. Maxim Slides copyright 1996, 2001, 2005, 2009, 2014
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationT Salausjärjestelmät (Cryptosystems) Introduction to the second part of the course. Outline. What we'll cover. Requirements and design issues
T-110.470 Salausjärjestelmät (Cryptosystems) Requirements and design issues Introduction to the second part of the course 25.10.2004 1 3 Outline What we'll cover Introduction to the second part of the
More informationIntroduction to Assurance
Introduction to Assurance Overview Why assurance? Trust and assurance Life cycle and assurance April 1, 2015 Slide #1 Overview Trust Problems from lack of assurance Types of assurance Life cycle and assurance
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationChapter 9. Software Testing
Chapter 9. Software Testing Table of Contents Objectives... 1 Introduction to software testing... 1 The testers... 2 The developers... 2 An independent testing team... 2 The customer... 2 Principles of
More informationTypes of Software Testing: Different Testing Types with Details
Types of Software Testing: Different Testing Types with Details What are the different Types of Software Testing? We, as testers are aware of the various types of Software Testing such as Functional Testing,
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationLecture 20: SW Testing Presented by: Mohammad El-Ramly, PhD
Cairo University Faculty of Computers and Information CS251 Software Engineering Lecture 20: SW Testing Presented by: Mohammad El-Ramly, PhD http://www.acadox.com/join/75udwt Outline Definition of Software
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationExamples of Code Roaches. First Draft List Cem Kaner September 11, 2005
Examples of Code Roaches First Draft List Cem Kaner September 11, 2005 Why a Potential-Bug List? Given a potential error, you can develop a method to test for it Foundation for Code inspections Glass box
More informationLecture 15 Software Testing
Lecture 15 Software Testing Includes slides from the companion website for Sommerville, Software Engineering, 10/e. Pearson Higher Education, 2016. All rights reserved. Used with permission. Topics covered
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationBuffer Overflow Defenses
Buffer Overflow Defenses Some examples, pros, and cons of various defenses against buffer overflows. Caveats: 1. Not intended to be a complete list of products that defend against buffer overflows. 2.
More informationPart 5. Verification and Validation
Software Engineering Part 5. Verification and Validation - Verification and Validation - Software Testing Ver. 1.7 This lecture note is based on materials from Ian Sommerville 2006. Anyone can use this
More informationNetwork Security. Random Number Generation. Chapter 6. Network Security (WS 2003): 06 Random Number Generation 1 Dr.-Ing G.
Network Security Chapter 6 Random Number Generation Network Security (WS 2003): 06 Random Number Generation 1 Tasks of Key Management (1) Generation: It is crucial to security, that keys are generated
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationQUIZ #5 - Solutions (5pts each)
CS 435 Spring 2014 SOFTWARE ENGINEERING Department of Computer Science Name QUIZ #5 - Solutions (5pts each) 1. The best reason for using Independent software test teams is that a. software developers do
More informationSoftware Quality Assurance. David Janzen
Software Quality Assurance David Janzen What is quality? Crosby: Conformance to requirements Issues: who establishes requirements? implicit requirements Juran: Fitness for intended use Issues: Who defines
More informationTesting. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?
Testing ECE/CS 5780/6780: Embedded System Design Scott R. Little Lecture 24: Introduction to Software Testing and Verification What is software testing? Running a program in order to find bugs (faults,
More informationExamination Questions Time allowed: 1 hour 15 minutes
Swedish Software Testing Board (SSTB) International Software Testing Qualifications Board (ISTQB) Foundation Certificate in Software Testing Practice Exam Examination Questions 2011-10-10 Time allowed:
More informationCS 167 Final Exam Solutions
CS 167 Final Exam Solutions Spring 2018 Do all questions. 1. [20%] This question concerns a system employing a single (single-core) processor running a Unix-like operating system, in which interrupts are
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationPayment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.
Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.0 May 2012 Document Changes Date Version Author Description April 2009
More informationHigher-order Testing. Stuart Anderson. Stuart Anderson Higher-order Testing c 2011
Higher-order Testing Stuart Anderson Defining Higher Order Tests 1 The V-Model V-Model Stages Meyers version of the V-model has a number of stages that relate to distinct testing phases all of which are
More informationTesting. Prof. Clarkson Fall Today s music: Wrecking Ball by Miley Cyrus
Testing Prof. Clarkson Fall 2017 Today s music: Wrecking Ball by Miley Cyrus Review Previously in 3110: Modules Specification (functions, modules) Today: Validation Testing Black box Glass box Randomized
More informationLecture 17: Testing Strategies. Developer Testing
Lecture 17: Testing Strategies Structural Coverage Strategies (White box testing): Statement Coverage Branch Coverage Condition Coverage Data Path Coverage Function Coverage Strategies (Black box testing):
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT McAfee VirusScan Enterprise 8.8 and epolicy Orchestrator 5.1.3 v1.0 9 May 2016 FOREWORD This certification report is an UNCLASSIFIED publication, issued under the authority
More informationAn Attack Surface Driven Approach to Evaluation
An Attack Surface Driven Approach to Evaluation Helmut Kurth atsec information security corp. 10th ICCC, Tromso - atsec information security Content What is the attack surface? Attack surface and TSFI
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationBrave New 64-Bit World. An MWR InfoSecurity Whitepaper. 2 nd June Page 1 of 12 MWR InfoSecurity Brave New 64-Bit World
Brave New 64-Bit World An MWR InfoSecurity Whitepaper 2 nd June 2010 2010-06-02 Page 1 of 12 Abstract Abstract Memory requirements on server and desktop systems have risen considerably over the past few
More informationCS 161 Computer Security. Security Throughout the Software Development Process
Popa & Wagner Spring 2016 CS 161 Computer Security 1/25 Security Throughout the Software Development Process Generally speaking, we should think of security is an ongoing process. For best results, it
More informationTaking White Hats to the Laundry: How to Strengthen Testing in Common Criteria
Taking White Hats to the Laundry: How to Strengthen Testing in Common Criteria Apostol Vassilev, Principal Consultant September 23,2009. Product Testing in Common Criteria Product Testing in Common Criteria
More informationSoftware Vulnerability
Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the
More informationProgram Correctness and Efficiency. Chapter 2
Program Correctness and Efficiency Chapter 2 Chapter Objectives To understand the differences between the three categories of program errors To understand the effect of an uncaught exception and why you
More information"Secure" Coding Practices Nicholas Weaver
"Secure" Coding Practices based on David Wagner s slides from Sp 2016 1 Administrivia Computer Science 161 Fall 2016 2 3 This is a Remarkably Typical C Problem Computer Science 161 Fall 2016 if ((options
More informationBridge Course On Software Testing
G. PULLAIAH COLLEGE OF ENGINEERING AND TECHNOLOGY Accredited by NAAC with A Grade of UGC, Approved by AICTE, New Delhi Permanently Affiliated to JNTUA, Ananthapuramu (Recognized by UGC under 2(f) and 12(B)
More informationSoftware Testing Fundamentals. Software Testing Techniques. Information Flow in Testing. Testing Objectives
Software Testing Fundamentals Software Testing Techniques Peter Lo Software Testing is a critical element of software quality assurance and represents the ultimate review of specification, design and coding.
More informationPrinciples of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)
Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems) More Analysis for Functional Correctness Jonathan Aldrich Charlie Garrod School of Computer Science
More informationSOFTWARE ENGINEERING DECEMBER. Q2a. What are the key challenges being faced by software engineering?
Q2a. What are the key challenges being faced by software engineering? Ans 2a. The key challenges facing software engineering are: 1. Coping with legacy systems, coping with increasing diversity and coping
More informationSoftware Engineering (CSC 4350/6350) Rao Casturi
Software Engineering (CSC 4350/6350) Rao Casturi Testing Software Engineering -CSC4350/6350 - Rao Casturi 2 Testing What is testing? Process of finding the divergence between the expected behavior of the
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationSoftware Engineering Fall 2015 (CSC 4350/6350) TR. 5:30 pm 7:15 pm. Rao Casturi 11/10/2015
Software Engineering Fall 2015 (CSC 4350/6350) TR. 5:30 pm 7:15 pm Rao Casturi 11/10/2015 http://cs.gsu.edu/~ncasturi1 Class announcements Final Exam date - Dec 1 st. Final Presentations Dec 3 rd. And
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationStatic Analysis and Bugfinding
Static Analysis and Bugfinding Alex Kantchelian 09/12/2011 Last week we talked about runtime checking methods: tools for detecting vulnerabilities being exploited in deployment. So far, these tools have
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationSOFTWARE ENGINEERING IT 0301 Semester V B.Nithya,G.Lakshmi Priya Asst Professor SRM University, Kattankulathur
SOFTWARE ENGINEERING IT 0301 Semester V B.Nithya,G.Lakshmi Priya Asst Professor SRM University, Kattankulathur School of Computing, Department of IT 1 School of Computing, Department 2 SOFTWARE TESTING
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 14: Software Security Department of Computer Science and Engineering University at Buffalo 1 Software Security Exploiting software vulnerabilities is paramount
More informationVector and Free Store (Pointers and Memory Allocation)
DM560 Introduction to Programming in C++ Vector and Free Store (Pointers and Memory Allocation) Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark [Based on slides
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationOther array problems. Integer overflow. Outline. Integer overflow example. Signed and unsigned
Other array problems CSci 5271 Introduction to Computer Security Day 4: Low-level attacks Stephen McCamant University of Minnesota, Computer Science & Engineering Missing/wrong bounds check One unsigned
More informationUnit Testing as Hypothesis Testing
Unit Testing as Hypothesis Testing Jonathan Clark September 19, 2012 5 minutes You should test your code. Why? To find bugs. Even for seasoned programmers, bugs are an inevitable reality. Today, we ll
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationControl Flow Hijacking Attacks. Prof. Dr. Michael Backes
Control Flow Hijacking Attacks Prof. Dr. Michael Backes Control Flow Hijacking malicious.pdf Contains bug in PDF parser Control of viewer can be hijacked Control Flow Hijacking Principles Normal Control
More informationSoftware Engineering Fall 2014
Software Engineering Fall 2014 (CSC 4350/6350) Mon.- Wed. 5:30 pm 7:15 pm ALC : 107 Rao Casturi 11/10/2014 Final Exam date - Dec 10 th? Class announcements Final Presentations Dec 3 rd. And Dec 8 th. Ability
More information18-642: Code Style for Compilers
18-642: Code Style for Compilers 9/6/2018 2017-2018 Philip Koopman Programming can be fun, so can cryptography; however they should not be combined. Kreitzberg and Shneiderman 2017-2018 Philip Koopman
More informationSoftware Testing. Minsoo Ryu. Hanyang University. Real-Time Computing and Communications Lab., Hanyang University
Software Testing Minsoo Ryu Hanyang University Topics covered 1. Testing Goals and Principles 2. Testing Process 3. Testing Strategies Component testing Integration testing Validation/system testing 4.
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationIn Java we have the keyword null, which is the value of an uninitialized reference type
+ More on Pointers + Null pointers In Java we have the keyword null, which is the value of an uninitialized reference type In C we sometimes use NULL, but its just a macro for the integer 0 Pointers are
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationTopics. File Buffer Cache for Performance. What to Cache? COS 318: Operating Systems. File Performance and Reliability
Topics COS 318: Operating Systems File Performance and Reliability File buffer cache Disk failure and recovery tools Consistent updates Transactions and logging 2 File Buffer Cache for Performance What
More information12 th January MWR InfoSecurity Security Advisory. WebSphere MQ xcsgetmem Heap Overflow Vulnerability. Contents
Contents MWR InfoSecurity Security Advisory WebSphere MQ xcsgetmem Heap Overflow Vulnerability 12 th January 2009 2009-01-05 Page 1 of 9 Contents Contents 1 Detailed Vulnerability Description...5 1.1 Introduction...5
More informationModern Buffer Overflow Prevention Techniques: How they work and why they don t
Modern Buffer Overflow Prevention Techniques: How they work and why they don t Russ Osborn CS182 JT 4/13/2006 1 In the past 10 years, computer viruses have been a growing problem. In 1995, there were approximately
More informationThreat Modeling Using STRIDE
Threat Modeling Using STRIDE By: Girindro Pringgo Digdo, M.T., CSX-F http://www.girindropringgodigdo.net/ girindigdo@gmail.com 1 About Dealing with Information Security Fields: VAPT Generate New Attack
More informationSystem Administration and Network Security
System Administration and Network Security Master SSCI, M2P subject Duration: up to 3 hours. All answers should be justified. Clear and concise answers will be rewarded. 1 Network Administration To keep
More informationThreat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
More informationOperating System Structure
Operating System Structure Joey Echeverria joey42+os@gmail.com April 18, 2005 Carnegie Mellon University: 15-410 Spring 2005 Overview Motivations Kernel Structures Monolithic Kernels Open Systems Microkernels
More informationSecond assignment came out Monday evening. Find defects in Hnefetafl rules written by your classmates. Topic: Code Inspection and Testing
Announcements Second assignment came out Monday evening Topic: Code Inspection and Testing Find defects in Hnefetafl rules written by your classmates Compare inspection, coverage testing, random testing,
More informationDevelopment*Process*for*Secure* So2ware
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationL17: Assurance. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L17: Assurance Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 11/06/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from or are revised
More informationAutomated Validation of T&E Instrumentation Systems
Automated Validation of T&E Instrumentation Systems Austin Whittington Benefiting government, industry and the public through innovative science and technology 1/30/2017 Copyright 2017 SwRI. All rights
More informationSecurity Analyses For The Lazy Superhero
#1 Security Analyses For The Lazy Superhero #2 One-Slide Summary We can statically detect buffer overruns in programs by modeling the space allocated for a buffer and the space used for a buffer. We cannot
More informationCertification Requirements for High Assurance Systems
for High Assurance Systems Gordon M. Uchenick Senior Mentor/Principal Engineer Objective Interface Systems, Inc. and W. Mark Vanfleet Senior Cryptologic Mathematician/ Senior INFOSEC Analyst National Security
More informationChapter 19 Security. Chapter 19 Security
Chapter 19 Security Outline 19.1 Introduction 19.2 Cryptography 19.2.1 Secret-Key Cryptography 19.2.2 Public-Key Cryptography 19.3 Authentication 19.3.1 Basic Authentication 19.3.2 Biometrics and Smart
More informationUnit Testing as Hypothesis Testing
Unit Testing as Hypothesis Testing Jonathan Clark September 19, 2012 You should test your code. Why? To find bugs. Even for seasoned programmers, bugs are an inevitable reality. Today, we ll take an unconventional
More information7/20/2008. What Operating Systems Do Computer-System Organization
Introduction to Operating Systems Introduction What Operating Systems Do Computer-System Organization Computer-System Architecture Operating-System Structure Operating-System Operations Process Management
More informationLecture Notes on Memory Layout
Lecture Notes on Memory Layout 15-122: Principles of Imperative Computation Frank Pfenning André Platzer Lecture 11 1 Introduction In order to understand how programs work, we can consider the functions,
More informationWritten exam TDDD04 Software Testing
LiTH, Linköpings tekniska högskola IDA, Institutionen för datavetenskap Ola Leifler Written exam TDDD04 Software Testing 2016-10-26 Permissible aids Dictionary (printed, NOT electronic) Teacher on duty
More informationSOFTWARE ENGINEERING. Lecture 6. By: Latifa ALrashed. Networks and Communication Department
1 SOFTWARE ENGINEERING Networks and Communication Department Lecture 6 By: Latifa ALrashed Outline q q q q q q q q Define the concept of the software life cycle in software engineering. Identify the system
More informationOperating Systems Design Exam 3 Review: Spring Paul Krzyzanowski
Operating Systems Design Exam 3 Review: Spring 2012 Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 An Ethernet device driver implements the: (a) Data Link layer. (b) Network layer. (c) Transport layer.
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More information17. Assertions. Outline. Built-in tests. Built-in tests 3/29/11. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen
17. Assertions Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen Outline Introduction (BIT, assertion, executable assertion, why?) Implementation-based vs responsability-based assertions Implementation
More informationOutline. Classic races: files in /tmp. Race conditions. TOCTTOU example. TOCTTOU gaps. Vulnerabilities in OS interaction
Outline CSci 5271 Introduction to Computer Security Day 3: Low-level vulnerabilities Stephen McCamant University of Minnesota, Computer Science & Engineering Race conditions Classic races: files in /tmp
More informationTerms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course
Terms, Methodology, Preparation, Obstacles, and Pitfalls Vulnerability Assessment Course All materials are licensed under a Creative Commons Share Alike license. http://creativecommons.org/licenses/by-sa/3.0/
More informationMODELS OF DISTRIBUTED SYSTEMS
Distributed Systems Fö 2/3-1 Distributed Systems Fö 2/3-2 MODELS OF DISTRIBUTED SYSTEMS Basic Elements 1. Architectural Models 2. Interaction Models Resources in a distributed system are shared between
More informationA Secured Key Generation Scheme Using Enhanced Entropy
236 A Secured Key Generation Scheme Using Enhanced Entropy M.S. Irfan Ahmed Asst. Professor, VLB Engineering College, Coimbatore E.R. Naganathan Reader, Computer Science Department Alagappa University,
More informationSoftware Testing. Massimo Felici IF
Software Testing Massimo Felici IF-3.46 0131 650 5899 mfelici@staffmail.ed.ac.uk What is Software Testing? Software Testing is the design and implementation of a special kind of software system: one that
More information