Abstract
This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Randazzo, M.R., et al.: Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, p. 25. ERT Coordination Center/Software Engineering Institute, Philadelphia, PA (2004)
Keeney, M.M., Kowalski, E.F.: Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. CERT/CC, Philadelphia, PA (2005)
Chinchani, R., et al.: Towards a Theory of Insider Threat Assessment. In: Proceedings of the 2005 International Conference on Dependable Systems and Networks. IEEE Computer Society, Los Alamitos (2005)
Probst, C.W., Hansen, R.R., Nielson, F.: Where Can an Insider Attack? In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 127–142. Springer, Heidelberg (2007)
Pattabiraman, K., Nakka, N., Kalbarczyk, Z.: SymPLFIED: Symbolic Program Level Fault-Injection and Error-Detection Framework. In: International Conference on Dependable Systems and Networks (DSN) (2008)
OpenSSH Development Team., OpenSSH 4.21 (2004)
Clavel, M., et al.: The Maude 2.0 System. In: Rewriting Technologies and Applications. Springer, Heidelberg (2001)
Pattabiraman, K., et al.: Discovering Application-level Insider Attacks using Symbolic Execution, CRHC Technical Report, UIUC, Champaign, IL (2008)
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on New security paradigms. ACM, Charlottesville (1998)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on Computer and communications security. ACM, Washington (2002)
Sheyner, O., et al.: Automated Generation and Analysis of Attack Graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos (2002)
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
Costa, M., et al.: Bouncer: securing software by blocking bad input. In: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles. ACM, Stevenson (2007)
Kruegel, C., et al.: Automating mimicry attacks using static binary analysis. In: Proceedings of the 14th conference on USENIX Security Symposium, vol. 14. USENIX, Baltimore (2005)
Molnar, D.A., Wagner, D.: Catchconv: Symbolic execution and run-time type inference for integer conversion errors, EECS Department, University of California, Berkeley (2007)
Cadar, C., et al.: EXE: automatically generating inputs of death. In: Proceedings of the 13th ACM conference on Computer and communications security. ACM, Virginia (2006)
Hsueh, M.-C., Tsai, T.K., Iyer, R.K.: Fault Injection Techniques and Tools. IEEE Computer 30(4), 75–82 (1997)
Boneh, D., DeMillo, R., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999)
Xu, J., et al.: An Experimental Study of Security Vulnerabilities Caused by Errors. In: Proceedings of International Conference on Dependable Systems and Networks (DSN) (2001)
Govindavajhala, S., Appel, A.W.: Using Memory Errors to Attack a Virtual Machine. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Pattabiraman, K., Nakka, N., Kalbarczyk, Z., Iyer, R. (2009). Discovering Application-Level Insider Attacks Using Symbolic Execution. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)