Discovering Application-Level Insider Attacks Using Symbolic Execution

  • Karthik Pattabiraman
  • Nithin Nakka
  • Zbigniew Kalbarczyk
  • Ravishankar Iyer
Conference paper

DOI: 10.1007/978-3-642-01244-0_6

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 297)
Cite this paper as:
Pattabiraman K., Nakka N., Kalbarczyk Z., Iyer R. (2009) Discovering Application-Level Insider Attacks Using Symbolic Execution. In: Gritzalis D., Lopez J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg

Abstract

This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Karthik Pattabiraman
    • 1
  • Nithin Nakka
    • 1
  • Zbigniew Kalbarczyk
    • 1
  • Ravishankar Iyer
    • 1
  1. 1.Center for Reliable and High-Performance Computing (CRHC)University of Illinois at Urbana-Champaign (UIUC)UrbanaUSA

Personalised recommendations