combinatorial security testing combinatorial testing
play

Combinatorial Security Testing: Combinatorial Testing Meets - PowerPoint PPT Presentation

Jan 29, 2024 •169 likes •675 views

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E. Simos SBA Research Applied & Computational Mathematics Division Seminar Series National Institute of Standards and Technology (NIST) Gaithersburg,

  1. Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E. Simos SBA Research Applied & Computational Mathematics Division Seminar Series National Institute of Standards and Technology (NIST) Gaithersburg, MD, USA September 22, 2015

  2. Who is Talking? • Current Positions ◮ 03.2014 - now: Key Researcher, SBA Research, Austria ◮ 03.2014 - now: Combinatorics, Codes and Information Security (CCIS) Group Leader, SBA Research, Austria ◦ Design Combinatorics and Codes ◦ Error Correcting Codes for Post-quantum Cryptography ◦ Combinatorial Testing for Information Security ◮ 03.2014 - now: Adjunct Lecturer, Vienna University of Technology • Past Positions ◮ 03.2013 – 02.2015: Marie Curie Fellow, SBA Research, Austria ◮ 03.2012 – 02.2013: Marie Curie Fellow, INRIA Paris-Rocquencourt, SECRET Team, France • Ph.D. Thesis ◮ 11.2011: Discrete Mathematics & Combinatorics, NTUA, Greece • Honors and Awards ◮ 03.2012: Fellow of the Institute of Combinatorics and its Applications (FTICA), ICA, Canada ◮ 12.2011: ERCIM “Alain Bensoussan” Fellowship, ERCIM/EU co-fund • Publication Record ◮ Around 60 papers in Discrete Mathematics and their applications in Computer Science 2/46

  3. Acknowledgements for this Talk • CCIS Group @ SBA Research: Bernhard Garn, Kristoffer Kleine, Ludwig Kampel, Peter Aufner • CCIS Alumni: Manuel Leitner, Raschin Tavakoli, Ioannis Kapsalis • Collaborators @ SBA Research: Artemios Voyiatzis, Martin Graf, Severin Winkler, Andreas Bernauer • External Collaborators: Raghu Kacker, Rick Kuhn, Jeff Lei, Franz Wotawa, Josip Bozic, Paris Kitsos, Jose Torres-Jimenez 3/46

  4. SBA Research at a Glance Mission • Advance the field of Information Security through basic & applied research • The largest non-profit research center in Austria that exclusively addresses Information Security ( ≈ 80 researchers & security experts) Figure: Research Programme for 2017-2025 4/46

  5. Outline of the Talk Introduction Combinatorial Testing Recent Results 5/46

  6. Outline of the Talk Introduction Combinatorial Testing Recent Results Web Security Testing Challenges Milestones 5/46

  7. Outline of the Talk Introduction Combinatorial Testing Recent Results Web Security Testing Challenges Milestones Kernel Testing Challenges Milestones 5/46

  8. Outline of the Talk Introduction Combinatorial Testing Recent Results Web Security Testing Challenges Milestones Kernel Testing Challenges Milestones Combinatorial Security Testing Achievements Vision Network Security Hardware Malware 5/46

  9. Outline of the Talk Introduction Combinatorial Testing Recent Results Web Security Testing Challenges Milestones Kernel Testing Challenges Milestones Combinatorial Security Testing Achievements Vision Network Security Hardware Malware Research Problems 5/46

  10. Combinatorial Testing Motivation: Why Combinatorial Testing for Information Security? • We cannot test everything • Combinatorial explosion: Exhaustive search of input space increases time needed exponentially • Domain-specific: Modeling of security vulnerabilities Combinatorial Testing (CT) • Provide 100% coverage of t -way combinations of input parameters; higher interaction strength t reveals more faults (conjecture) • Ensure automation during test generation • Fault localization, coverage measurement 6/46

  11. Empirical Evidence: Fault Coverage vs. Interactions • Rick Kuhn, Yu Lei, and Raghu Kacker. 2008. Practical Combinatorial Testing: Beyond Pairwise. IT Professional 10, 3 (May 2008), 19-23. http://dx.doi.org/10.1109/MITP.2008.54 • 1 interaction: enter value age > 100 and device crashes • 2 interactions: age > 100 and zip-code = 5001, DB push fails • 3 interactions: a = 2 and b = FALSE and update = Tuesday , system enters infinite loop 7/46

  12. Technical Challenges Technical Challenges • Generation of optimal covering arrays is NP-hard ◮ These arrays form test suites • Modeling parameters, values, constraints (domain specific) ◮ Generate test inputs or system configurations Figure: A covering array (CA) with 10 boolean parameters and 13 tests. Every 8/46 3-way combination is covered at least once

  13. Recent Results Focus • Modelling of Covering Arrays (CAs) • Optimization algorithms for combinatorial testing • Relation of CAs with error-correcting codes Milestones ( ACA2015, RTA2015 ) • Modelling vertical extension of In-Parameter-Order (IPO) strategy (Lei et al.) in terms of computational algebra algorithms • Construction of symbolic test suites ◮ Expressing the constraints as systems of multivariate polynomial systems ◮ Rewriting techniques (equational unification) via Groebner bases 9/46

  14. Components of a Testing Framework Policy SUT Test case Check execution output Test suite PASS FAIL Test suite generator Model This Talk • Automated generation of test cases for security testing • Evaluation of the applicability of combinatorial testing 10/46

  15. Web Security Testing Focus • Modelling of attack vectors and exploitation of XSS vulnerabilities • SUTs: Everything running in your browser! Challenges • Reduce the JavaScript language complexity to (XSS) injection attacks ◮ Semantically infeasible to determine ◮ XSS one of top vulnerabilities in OWASP Top 10 • Ensure automation, generate quality vectors and saving of resources ◮ Most testing tools (BURP, ZAP) require interaction from the tester; reduction of test suites w.r.t. bypassing defense mechanisms; • Real-world testing far away from academic approaches ◮ Translation between combinatorics, software testing and penetration testing; 11/46

  16. Generation of XSS Attack Vectors Cross-Site-Scripting (XSS) • Inject client-side script(s) into web-pages viewed by other users • Malicious (JavaScript) code gets executed in the victim’s browser Valid URLs vs Attack Vectors • normal case: http://www.foo.com/error.php?msg=hello • attacker injects client-side script in parameter msg: http://www.foo.com/error.php?msg= <script>alert(1)</script> Input Parameter Modelling for XSS Attack Vectors AV := ( parameter 1 , parameter 2 , . . . , parameter k ) 12/46

  17. A BNF Grammar for XSS Attack Vectors A Fragment of The Grammar G JSO(15)::= <script> | <img | ... WS1(3)::= tab | space | ... INT(14)::= "’; | ">> | ... WS2(3)::= tab | space | ... EVH(3)::= onLoad( | onError( | ... WS3(3)::= tab | space | ... PAY(23)::= alert(’XSS’) | ONLOAD=alert(’XSS’) | ... WS4(3)::= tab | space | ... PAS(11)::= ’) | ’> | ... WS5(3)::= tab | space | ... JSE(9)::= </script> | > | ... Table: Different sizes of test suites for MCA ( t , 11 , (3 , 3 , 3 , 3 , 3 , 3 , 9 , 11 , 14 , 15 , 23)) Str. G G_c IPOG IPOG-F IPOG IPOG-F 2 345 345 250 252 3 4875 4830 1794 2012 4 53706 53130 8761 9760 13/46

  18. A Sample of XSS Attack Vectors Figure: Figure in ACTS generation tool (Courtesy of NIST) 14/46

  19. Evaluation Results Figure: Exploitation Rate ( # pos # tot ) Comparison: IPOG vs IPOG-F for G_c using BURP in DVWA 15/46

  20. Comparison: CT vs fuzzers Figure: Exploitation Rate ( # pos # tot ) Comparison: Attack Pattern-based CT vs fuzzers 16/46

  21. Measurement Analysis in CCM Tool Figure: Comparison of combination coverage measurement for passing tests in DVWA (inp_id 1, DL 0) when their respective test suites are generated in IPOG-F with interaction strength t = 2. 17/46

  22. Multiple XSS Vulnerabilities in Koha Library Penetration Tests for Koha Library • SUT: open source Integrated Library System (used by Museum of Natural History in Vienna, UNESCO, Spanish Ministry of Culture) • Results: unauthenticated SQL Injection, Local File Inclusions, XSS • References: CVE-2015-4633, CVE-2015-4632, CVE-2015-4631 Figure: One of the vulnerabilities found by XSSInjector (Prototype tool for 18/46 automated mounting of XSS attacks)

  23. W3C Vulnerability Scan of the Whole W3C Website • www: 122 URLs, Services: 1 URL, Validator: 56 URLs • Acknowledgements : Ted Guild and Rigo Wenning (W3C Team) Figure: Vulnerability found in tidy service using XSSInjector (Prototype tool for automated mounting of XSS attacks) 19/46

  24. Milestones Expertise at SBA Research • Knowledge transfer of combinatorial designs = ⇒ combinatorial testing • Benefit from experts’ domain knowledge (penetration testers) Milestones ( AST/ICSE2014, JAMAICA/ISSTA2014, IWCT/ICST2015, QRS2015 ) • Modelling: Combinatorial attack grammars via IPM ◮ Automated translation layers = ⇒ largest repo of XSS attack vectors (ahead of IBM AppScan, OWASP Xenotix) • XSSInjector: Prototype tool for automated mounting of XSS attacks • Experience Reports: Multi-dimensional (Comparison of SUTs, attack grammars, algorithms, fuzzers, penetration testing tools) ◮ Exploits caused due to interaction of a few parameters ◮ Combinatorial coverage measurement (CCM) of passing tests • Real-World Vulnerabilities: XSS in tidy service (HTML validation) of W3C portal, multiple XSS in Koha Library 20/46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing

Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing

Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing Applying empirical results to reduce the cost of testing. Example: 2.5 year study ~ 20% lower test development cost and 20% - 50% better

479 views • 13 slides
NIST Combinatorial Testing project Goals reduce testing cost, improve cost-benefit ratio

NIST Combinatorial Testing project Goals reduce testing cost, improve cost-benefit ratio

Combinatorial Methods in Software Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD Federal Computer Security Managers Forum, Dec. 6, 2011 NIST Combinatorial Testing project Goals reduce testing cost,

491 views • 46 slides
Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification

Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification

Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification Wednesday, November 28, 12 Combinatorial testing: Basic idea Identify distinct attributes that can be varied In the data, environment, or

1.02k views • 52 slides
Combinatorial Interaction Testing for Test Selection in Grammar-Based Testing Elke Salecker,

Combinatorial Interaction Testing for Test Selection in Grammar-Based Testing Elke Salecker,

Combinatorial Interaction Testing for Test Selection in Grammar-Based Testing Elke Salecker, Sabine Glesner Technical University of Berlin, Germany Workshop on Combinatorial Testing (CT) 2012 Montreal, Canada Introduction Background Approach

632 views • 45 slides
Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and

Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and

Combinatorial Software Testing Covering Arrays Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and Computer Science University of Ottawa lucia@eecs.uottawa.ca Winter 2017 Combinatorial Testing and

569 views • 19 slides
Learning objectives Understand rationale and basic approach for systematic combinatorial

Learning objectives Understand rationale and basic approach for systematic combinatorial

Learning objectives Understand rationale and basic approach for systematic combinatorial testing Learn how to apply some representative Combinatorial testing combinatorial approaches Category-partition testing Pairwise

558 views • 14 slides
Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD

Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD

Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD Carnegie-Mellon University, 26 January 2010 Tutorial Overview 1. Why are we doing this? 2. What is combinatorial testing? 3. How is it used and

966 views • 79 slides
Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD

Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD

Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD NDIA Software Test and Evaluation Summit Sept 16, 2009 What is NIST? A US Government agency The nations measurement and testing

537 views • 40 slides
Combinatorial Group Testing in Telecommunications II. Hosszu va Budapesti Mszaki s

Combinatorial Group Testing in Telecommunications II. Hosszu va Budapesti Mszaki s

Combinatorial Group Testing in Telecommunications II. Hosszu va Budapesti Mszaki s Gazdasgtudomnyi Egyetem Villamosmrnki s Informatikai Kar Tvkzlsi s Mdiainformatikai Tanszk High-Speed Networks Laboratory (HSNLab)

525 views • 29 slides
Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan

Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan

IWCT2017 (ICST 2017 Workshop), Tokyo, Mar 13, 2017 Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan and Jian Zhang Institute of Software, Chinese Academy of Sciences dengxi15@otcaix.iscas.ac.cn

670 views • 21 slides
Detection of Data Corruption via Combinatorial Group Testing and beyond Kazuhiko Minematsu

Detection of Data Corruption via Combinatorial Group Testing and beyond Kazuhiko Minematsu

Detection of Data Corruption via Combinatorial Group Testing and beyond Kazuhiko Minematsu NEC The 9th Asian-workshop on Symmetric Key Cryptography (ASK 2019) December 14, 2019 Kobe, Japan Joint Work with Norifumi Kamiya 1 / 26

418 views • 28 slides
Combinatorial Group Testing Problems on Various Models Speaker: Huilan Chang Advisor: Hung-Lin

Combinatorial Group Testing Problems on Various Models Speaker: Huilan Chang Advisor: Hung-Lin

Combinatorial Group Testing Problems on Various Models Speaker: Huilan Chang Advisor: Hung-Lin Fu National Chiao Tung University Speaker: Huilan Chang Advisor: Hung-Lin Fu Combinatorial Group Testing Problems on Various Models Group Testing

638 views • 27 slides
Introduction to Combinatorial Testing Rick Kuhn National Institute of Standards and Technology

Introduction to Combinatorial Testing Rick Kuhn National Institute of Standards and Technology

Introduction to Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD Carnegie-Mellon University, 7 June 2011 What is NIST and why are we doing this? A US Government agency The nations

770 views • 48 slides
Combinatorial Testing Of ACTS: A Case Study Mehra N.Borazjany, Linbin Yu, Yu Lei - UTA Raghu

Combinatorial Testing Of ACTS: A Case Study Mehra N.Borazjany, Linbin Yu, Yu Lei - UTA Raghu

Combinatorial Testing Of ACTS: A Case Study Mehra N.Borazjany, Linbin Yu, Yu Lei - UTA Raghu Kacker, Rick Kuhn - NIST 4/17/12 Outline Introduction Major Features of ACTS Input Parameter Modeling Experiments Conclusion

455 views • 26 slides
Combinatorial Testing Rick Kuhn Raghu Kacker National Institute of Standards and

Combinatorial Testing Rick Kuhn Raghu Kacker National Institute of Standards and

Combinatorial Testing Rick Kuhn Raghu Kacker National Institute of Standards and Technology Gaithersburg, MD Institute for Defense Analyses 6 April 2011 Outline 1. Why we are doing this? 2. Number of variables involved in actual

1.19k views • 116 slides
Combinatorial Interaction Testing Justyna Petke C entre for R esearch in E volution, S earch and

Combinatorial Interaction Testing Justyna Petke C entre for R esearch in E volution, S earch and

Combinatorial Interaction Testing Justyna Petke C entre for R esearch in E volution, S earch and T esting University College London CREST Using materials from: http://cse.unl.edu/ citportal/ http://csrc.nist.gov/groups/SNS/acts/ftfi.html

2.09k views • 182 slides
(Video credit: NASA's Goddard Space Flight Center) Meng Su Collaborators: Douglas P.

(Video credit: NASA's Goddard Space Flight Center) Meng Su Collaborators: Douglas P.

(Video credit: NASA's Goddard Space Flight Center) Meng Su Collaborators: Douglas P. Finkbeiner, Tracy R. Slatyer Harvard University Jet 2012, NRAO, Charlottesville 2012.03.04 Fermi Bubbles Giant gamma-ray structure with sharp edges

977 views • 55 slides
Deepwater Drilling Risk Mitigation and Safety August 11, 2010 Outline Risk Mitigation

Deepwater Drilling Risk Mitigation and Safety August 11, 2010 Outline Risk Mitigation

Deepwater Drilling Risk Mitigation and Safety August 11, 2010 Outline Risk Mitigation Commence Additional Deepwater Operation in the GOM Brief Overview of Different Drilling Operations Exploration Drilling Appraisal /

486 views • 14 slides
Security Champions Only YOU Can Prevent File Forgery! Marisa Fagan at QCon London 2018 Agenda

Security Champions Only YOU Can Prevent File Forgery! Marisa Fagan at QCon London 2018 Agenda

Security Champions Only YOU Can Prevent File Forgery! Marisa Fagan at QCon London 2018 Agenda Who am I? Whats a Security Champion? What can YOU do as the lone champion? What can your company do to support YOU? Takeaways

637 views • 17 slides
Continued Concern rns Surro rrounding DEC Application ID# ID#0-9999 9999-00075/ 00075/00001

Continued Concern rns Surro rrounding DEC Application ID# ID#0-9999 9999-00075/ 00075/00001

Continued Concern rns Surro rrounding DEC Application ID# ID#0-9999 9999-00075/ 00075/00001 00001 (Carg rgill Mine Shaft #4) 4) May 1 st 2017 2:30PM 4:00 PM Photo: Bill Hecht 1 Thank you Introductions Dale Baker

398 views • 24 slides
The above pictures are from Jawalakhel, in front of a complex and opposite to Staff College. The

The above pictures are from Jawalakhel, in front of a complex and opposite to Staff College. The

Hacking Fiber optics easier than copper cable Sachin Jung Karki Freelance IT Security professional February 1, 2016 You know that your copper-wired networks and wireless LANs can be sniffed and that your data can be compromised. But fiber-optic

272 views • 6 slides
Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi From Myself Associate Professor at UiO Teaching Ethical Hacking since 2012 Lecturer of the IN5290 Ethical Hacking at UiO Leader

878 views • 66 slides
Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE SECURITY SPECIALIST Agenda Software Security Overview Software Security Methodologies Security Test Methods Analysis Tools Tools

497 views • 25 slides
SIBUR FIELD TRIP: TOBOLSK PRODUCTION SITE 3-4 October 2013 DISCLAIMER The information contained

SIBUR FIELD TRIP: TOBOLSK PRODUCTION SITE 3-4 October 2013 DISCLAIMER The information contained

SIBUR FIELD TRIP: TOBOLSK PRODUCTION SITE 3-4 October 2013 DISCLAIMER The information contained herein pertaining to SIBUR (the &quot;Company&quot;) has been provided by the Company solely for use at this presentation. By attending this

601 views • 34 slides

More recommend