Property-based testing of privileged programs

Fink, George; Levitt, Karl N.

doi:10.1109/csac.1994.367311

Cited by 20 publications

(17 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, several specific security testing techniques have been developed [3][4][5][6][7][8]. Adaptive Vulnerability Analysis (AVA) has been designed by Ghosh et al to quantitatively assess information system security and survivability.…”

Section: Security Testingmentioning

confidence: 99%

Testing for software vulnerability using environment perturbation

Mathur

2002

Quality & Reliability Eng

View full text Add to dashboard Cite

SUMMARYWe describe a methodology for testing a software system for possible security flaws. Based on the observation that most security flaws are caused by the program's inappropriate interactions with the environment, and are triggered by a user's malicious perturbation on the environment (which we call an environment fault), we view the security testing problem as the problem of testing for the fault-tolerance properties of a software system. We consider each environment perturbation as a fault and the resulting security compromise a failure in the toleration of such faults. Our approach is based on the well-known technique of fault injection. Environment faults are injected into the system under test and system behavior observed. The failure to tolerate faults is an indicator of a potential security flaw in the system. An Environment-Application Interaction (EAI) fault model is proposed which guides us to decide what faults to inject. Based on EAI, we have developed a security testing methodology, and applied it to several applications. We have successfully identified a number of vulnerabilities including vulnerabilities in the Windows NT operating system.

show abstract

Section: Security Testingmentioning

confidence: 99%

Testing for software vulnerability using environment perturbation

Mathur

2002

Quality & Reliability Eng

View full text Add to dashboard Cite

show abstract

“…We chose a proxy in the form of short sequences of system calls executed by running programs. Our focus on system calls followed earlier work by Fink, Levitt and Ko [13,39] that used system calls in a specification-based intrusion detection system. System call sequences can be monitored from the operating system, without necessitating recompilation or instrumentation of binary or source code, making the system extremely portable and potentially applicable to any program that exhibits regular code paths.…”

Section: Behavioral Characteristicsmentioning

confidence: 99%

The Evolution of System-Call Monitoring

Forrest

Hofmeyr

Somayaji

2008

2008 Annual Computer Security Applications Conference (ACSAC)

101

View full text Add to dashboard Cite

Computer security systems protect computers and networks from unauthorized use by external agents and insiders. The similarities between computer security and the problem of protecting a body against damage from externally and internally generated threats are compelling and were recognized as early as 1972 when the term computer virus was coined. The connection to immunology was made explicit in the mid 1990s, leading to a variety of prototypes, commercial products, attacks, and analyses. The paper reviews one thread of this active research area, focusing on system-call monitoring and its application to anomaly intrusion detection and response.The paper discusses the biological principles illustrated by the method, followed by a brief review of how system call monitoring was used in anomaly intrusion detection and the results that were obtained. Proposed attacks against the method are discussed, along with several important branches of research that have arisen since the original papers were published. These include other data modeling methods, extensions to the original system call method, and rate limiting responses. Finally, the significance of this body of work and areas of possible future investigation are outlined in the conclusion.

show abstract

“…Fink et al [6] use specifications against which a program is sliced to significantly reduce the size of code that needs to be checked for flaws [6]. Similarly, privilege separation creates a smaller trust base that is more easily secured.…”

Section: Related Workmentioning

confidence: 99%

Towards Automated Privilege Separation

Bapat

Butler

McDaniel

Information Systems Security

View full text Add to dashboard Cite

Abstract. Applications are subject to threat from a number of attack vectors, and limiting their attack surface is vital. By using privilege separation to constrain application access to protected resources, we can mitigate the threats against the application. Previous examinations of privilege separation either entailed significant manual effort or required access to the source code. We consider a method of performing privilege separation through black-box analysis. We consider similar applications to the target and infer states of execution, and determine unique trigger system calls that cause transitions. We use these for the basis of statebased policy enforcement by leveraging the Systrace policy enforcement mechanism. Our results show that we can infer state transitions with a high degree of accuracy, while our modifications to Systrace result in more granular protection by limiting system calls depending on the application's state. The modified Systrace increases the size of the Apache web server's policy file by less than 17.5%.

show abstract

Property-based testing of privileged programs

Cited by 20 publications

References 10 publications

Testing for software vulnerability using environment perturbation

Testing for software vulnerability using environment perturbation

The Evolution of System-Call Monitoring

Towards Automated Privilege Separation

Contact Info

Product

Resources

About