the spacios tool
play

The SPaCIoS Tool property-driven and vulnerability-driven security - PowerPoint PPT Presentation

Apr 17, 2023 •587 likes •775 views

The SPaCIoS Tool property-driven and vulnerability-driven security testing for Web-based apps Alessandro Armando DIBRIS University of Genova and Security & Trust FBK, Trento (on behalf of the SPaCIoS consortium) STREP Project number:

  1. The SPaCIoS Tool property-driven and vulnerability-driven security testing for Web-based apps Alessandro Armando DIBRIS – University of Genova and Security & Trust – FBK, Trento (on behalf of the SPaCIoS consortium) STREP Project number: 257876 Objective ICT-2009.1.4 c: Technology and Tools for Trustworthy ICT 01.10.10 − 31.01.14 www.spacios.eu

  2. Motivations

  3. Goal

  4. Model Checking vs Penetration Testing Model Penetration Testing The SPaCIoS Ideal Checking Target of Abstraction of Actual System (the 1. Use model to test Verification Actual System System Under system (the Model) Validation, SUV) 2. Use system to discharge spurious attacks 3. Use system to build model Scope Design flaws Implementation flaws Design and Implementation flaws (and their interaction) Input Model + Spec Vulnerabilities to seek Partial model, sec. of Sec. Goals (attack surface goals & assumptions, & Assumptions automatically vulnerabilities (in user discovered) friendly notation) Automation High Low High

  5. Research prototype • model checking Security • security testing Analyst • penetration testing • … The SPaCIoS Tool Complements state-of-the-art User Interface SUV Fault Security Model of User source location goals the attacker guidance Model code of the Targets industrially-relevant SUV Trace- Source Test Results Security Protocols & Web Apps Libraries driven fault based localization inference Model Property-driven inference and and vulnerability-driven adjustment test case generation Broad security range Model of the SUV • logic- flaws, injections, AC, … Abstract Test case Vulnerabilities execution trace • good coverage of OWASP top 10 Attack Patterns Security Goals Test Execution Engine Attacker Models Promising results • SAML SSO, OAuth2, .. (System Under Validation) • WebGoat, Shopping Cart, .. SUV On-going transfers to SAP and SIEMENS

  6. Research prototype • model checking • security testing • penetration testing • … Complements state-of-the-art Targets industrially-relevant Security Protocols & Web Apps Broad security range • logic- flaws, injections, AC, … • good coverage of OWASP top 10 Promising results • SAML SSO, OAuth2, .. • WebGoat, Shopping Cart, .. On-going transfers to SAP and SIEMENS

  7. The SPaCIoS Tool  Property-driven Security Testing  Model Inference  Mutation-based Testing  Vulnerabilty-driven Testing

  8. property-driven security testing Security impact? Property Model Property Model 1. Step_C_1(…) 2. Step_SP_1(…) Model 3. Step_C_2(…) Checker …`` Attack GET http:// … trace HTTP/1.1 200 OK … GET http:// … HTTP/1.1 302… SUV data Concretization … Test execution SUV Test case engine Input Output

  9. Model inference : black-box Models? Property Model Model Property Model Model Model Checker Attack Black-box model- trace inference SUV data Concretization Test execution SUV Test case engine Input Output

  10. Model inference: white-box Models? Property Model Model Property Model Model Model Checker Attack White-box model- trace inference source code SUV data Concretization of system Test execution SUV Test case engine Input Output

  11. Model inference: sequence diagrams Models? Property Model Model Property Model Model Model Checker Attack translator trace Sequence SUV data Concretization diagrams Test execution SUV Test case engine Input Output

  12. Mutation-based Testing No attack traces? Property Model Property Model Model Checker Mutated Mutation Mutation Attack Model engine operators trace SUV data Concretization Test execution SUV Test case engine Input Output

  13. Vulnerability-driven Testing Well-known vulnerabilities? Property Model Property Model Model Checker Attack trace SUV data Concretization Test execution SUV Test case engine Input Output

  14. Well-known vulnerabilities? Attack Instantiation pattern files models SUV data Concretization Test execution SUV Test case engine Input Output

  15. Attack Pattern + Instantiation file + SUV data

  16. OWASP Top 10 The SPaCIoS Tool A1 Injection WebGoat lesson: String SQL Injection WebGoat lesson: Numeric SQL Injection SIEMENS InfoBase and eHealth A2 Broken Authentication & SAML, OpenID, OAuth: e.g., authentication logic-flaws Session Management Password brute-forcing on SIEMENS InfoBase and eHealth A3 Cross-Site Scripting WebGoat lesson: Stored XSS WebGoat lesson: Reflected XSS SIEMENS InfoCase and eHealth A4 Insecure Direct Object SIEMENS InfoBase and eHealth: File Enumeration and Path Traversal References A5 Security Misconfiguration WebGoat lesson: Forced Browsing (File Enumeration) A6 Sensitive Data Exposure SAML, OpenID, OAuth: data confidentiality logic flaws A7 Missing Function Level WebGoat lesson: Bypass Business Layer Access Control, Access Control WebGoat lesson: Bypass Data Layer Access Control WebGoat lesson: Role Based Access Control SIEMENS eHealth A8 CSRF SIEMENS InfoBase and eHealth A9 Using Components with Known Vulnerabilities A10 Unvalidated Redirects and Forwards

  17. Research prototype • model checking • security testing • penetration testing • … Thank you! Complements state-of-the-art Security Analyst Targets industrially-relevant Security Protocols & Web Apps The SPaCIoS Tool User Interface SUV Fault Security Model of User source location goals the attacker guidance Model code of the Broad security range SUV Trace- Source Test Results Libraries driven fault based inference localization Model Property-driven inference and and vulnerability-driven • logic- flaws, injections, AC, … adjustment test case generation Model of the SUV Abstract Test case Vulnerabilities execution trace • good coverage of OWASP top 10 Attack Patterns Security Goals Test Execution Engine Attacker Models Promising results SUV • SAML SSO, OAuth2, .. • WebGoat, Shopping Cart, .. The SPaCIoS Tool is available for public download at http://www.spacios.eu On-going transfers to SAP and SIEMENS

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SPaCIoS Secure Provision and Consumption in the Internet of Services STREP Project number: 257876

SPaCIoS Secure Provision and Consumption in the Internet of Services STREP Project number: 257876

SPaCIoS Secure Provision and Consumption in the Internet of Services STREP Project number: 257876 Objective ICT-2009.1.4 c: Technology and Tools for Trustworthy ICT 01 Oct 2010 30 Sep 2013 www.spacios.eu Alexander Pretschner, POFI 2011,

780 views • 24 slides
SynAthina Onli line Tools 1. . A mapping tool 2. A Community Tool 3. An Archive Tool 3. An

SynAthina Onli line Tools 1. . A mapping tool 2. A Community Tool 3. An Archive Tool 3. An

SynAthina Onli line Tools 1. . A mapping tool 2. A Community Tool 3. An Archive Tool 3. An Archive Tool 4. A Booking Tool 5. A Connecting Tool 5. A Connecting Tool 6. A Crowdsourcing Tool 7. A Data Collection Tool 7. A Data Collection

313 views • 14 slides
Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool

Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool

Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool allows 10 signatures to be captured within a single workflow request Example How Can I Use This Tool ? Create a workflow, and in the definition

247 views • 8 slides
Com m ission (CRC) Feedback on Com m unity of Interest (COI) Tool Name for the tool

Com m ission (CRC) Feedback on Com m unity of Interest (COI) Tool Name for the tool

Com m ission (CRC) Feedback on Com m unity of Interest (COI) Tool Name for the tool Questions to explain the Communities of Interest in tool Requested user information Desired language translation options SWDB Reporting and

204 views • 5 slides
Using the Tool Information Requirements To complete this tool, you will need to have access to the

Using the Tool Information Requirements To complete this tool, you will need to have access to the

Using the Tool Information Requirements To complete this tool, you will need to have access to the following information: Your proposed output measure - the unit costing tool is available for 'hours' and 'places' measures. Refer to the

324 views • 13 slides
General Tool Maintenance Oiling is the most important step in tool maintenance Blow out moisture

General Tool Maintenance Oiling is the most important step in tool maintenance Blow out moisture

General Tool Maintenance Oiling is the most important step in tool maintenance Blow out moisture in air line BEFORE connecting the tool Examine tool for loose bolts, nuts, handles, side-rods, retainers Check air connections / fittings for

553 views • 8 slides
Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same

Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same

Toshis Approach to Runtime Analysis Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same approach as: Cenzic SPI Dynamics Watchfire Toshis tool is unique because: Built on Microsoft Visual Studio

583 views • 18 slides
EX-ANTE CARBON BALANCE TOOL PRESENTATION OF THE TOOL AND SOME APPLICATIONS JUNE 2020 EX-ACT

EX-ANTE CARBON BALANCE TOOL PRESENTATION OF THE TOOL AND SOME APPLICATIONS JUNE 2020 EX-ACT

EX-ANTE CARBON BALANCE TOOL PRESENTATION OF THE TOOL AND SOME APPLICATIONS JUNE 2020 EX-ACT FAO Regional Office for Africa Team LOUIS BOCKEL PADMINI GOPAL OUTLINE Presentation of the tool Role of the tool Why using EX-ACT?

974 views • 51 slides
Similix Sketch Tool The Similix Sketch Tool is A tool for making easy sketches of future

Similix Sketch Tool The Similix Sketch Tool is A tool for making easy sketches of future

Similix Sketch Tool The Similix Sketch Tool is A tool for making easy sketches of future installations in the utility network Enabling project managers, engineers, and designers to express initial design considerations and requirements

537 views • 8 slides
Workflow Plus URL Hyperlinks Tool for Synergy Enterprise What is This Tool ? This tool will

Workflow Plus URL Hyperlinks Tool for Synergy Enterprise What is This Tool ? This tool will

Workflow Plus URL Hyperlinks Tool for Synergy Enterprise What is This Tool ? This tool will allow the use of URL Hyperlinks in: 15 standard Free Text fields 50 Additional Free Text fields bundled with this tool Uneditable

279 views • 8 slides
EU Taxonomy Technical Expert Group on Sustainable Finance The taxonomy is a tool, an extremely

EU Taxonomy Technical Expert Group on Sustainable Finance The taxonomy is a tool, an extremely

EU Taxonomy Technical Expert Group on Sustainable Finance The taxonomy is a tool, an extremely useful TOOL A dictionary - style tool A measuring tool A transition tool Provides clarity on what is an environmentally Measures the degree

775 views • 11 slides
UNEP Training Tool Kit Presenta2on of the tool and

UNEP Training Tool Kit Presenta2on of the tool and

UNEP Training Tool Kit Presenta2on of the tool and challenges Farid.yaker@unep.org 20 May 2014 SPLC Annual Mee<ng Washington DC Capacity Building

498 views • 14 slides
RELIEF TOOL OVERVIEW PRESENTATION OVERVIEW The RC2 Relief Tool is a customized application

RELIEF TOOL OVERVIEW PRESENTATION OVERVIEW The RC2 Relief Tool is a customized application

RC 2 RELIEF TOOL OVERVIEW PRESENTATION OVERVIEW The RC2 Relief Tool is a customized application built on the ODK-X Tool Suite. It facilitates the collection, storage, analysis, and visualization of data more quickly and efficiently. This

699 views • 30 slides
CNA e Tool Briefing: Release 2.3 & Assessment Tool 1.2 v 7 September 12, 2018 Office of

CNA e Tool Briefing: Release 2.3 & Assessment Tool 1.2 v 7 September 12, 2018 Office of

CNA e Tool Briefing: Release 2.3 & Assessment Tool 1.2 v 7 September 12, 2018 Office of Multifamily Housing Programs The CNA e-Tool an important step in Multifamily toward a more efficient and consistent underwriting approach

824 views • 33 slides
**** PPR Monitoring and Assessment Tool A Companion Tool of the Global Strategy for the PPR

**** PPR Monitoring and Assessment Tool A Companion Tool of the Global Strategy for the PPR

Dr Giancarlo Ferrari (FAO) Dr Nadge Leboucq (OIE) Members of the GFTADs PPR Working Group **** PPR Monitoring and Assessment Tool **** PPR Monitoring and Assessment Tool A Companion Tool of the Global Strategy for the PPR MONITORING and

566 views • 33 slides
Digital Tool Kit Training The Crunch Digital Tool Kit is one of the most advanced

Digital Tool Kit Training The Crunch Digital Tool Kit is one of the most advanced

Digital Tool Kit Training The Crunch Digital Tool Kit is one of the most advanced fully integrated sales presentation platforms ever created in the fitness industry. Its designed to do one thing: HELP YOU MAKE MONEY. Craig

919 views • 40 slides
Topics in Security Testing [Reading assignment: Chapter 13, pp. 193-209. Note that many more

Topics in Security Testing [Reading assignment: Chapter 13, pp. 193-209. Note that many more

Topics in Security Testing [Reading assignment: Chapter 13, pp. 193-209. Note that many more topics are covered in these slides and in class.] Computer Security The goal of computer security is to protect computer assets ( e.g., servers,

1.53k views • 119 slides
Testing Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel

Testing Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel

Testing Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Admin Issues The exam will take place on the 28th of June Check web site for exam location (tentative might

998 views • 33 slides
Move left in the SDLC z - Jaswinder Kaur z Jaswinder Kaur Senior Security Engineer at

Move left in the SDLC z - Jaswinder Kaur z Jaswinder Kaur Senior Security Engineer at

Move left in the SDLC z - Jaswinder Kaur z Jaswinder Kaur Senior Security Engineer at T-Mobile, Washington Worked previously in DC government and Bank of America Expertise in web application security testing, architecture

286 views • 16 slides
Security Testing TDDC90 Software Security Ulf Kargn Department of Computer and Information

Security Testing TDDC90 Software Security Ulf Kargn Department of Computer and Information

Security Testing TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Security testing vs regular testing Regular testing aims to

1.06k views • 54 slides
dradis Dradis Daniel Martn Gmez etd september '07 1 Agenda Scenario: where are we?

dradis Dradis Daniel Martn Gmez etd september '07 1 Agenda Scenario: where are we?

dradis Dradis Daniel Martn Gmez etd september '07 1 Agenda Scenario: where are we? System design Architecture Implementation Demo What's next? scenario: where are we? Penetration testing is about information

626 views • 23 slides
Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student

Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student

Joe Slowik / @jfslowik Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student Officer Network Defender ICS Defender

725 views • 46 slides
TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING This talk IS NOT about Android platform itself This talk IS about how we want to contribute auditing apps that run on Android systems With

975 views • 74 slides
From Training to Education: Building Offensive Curriculum from Training Certifications * or

From Training to Education: Building Offensive Curriculum from Training Certifications * or

From Training to Education: Building Offensive Curriculum from Training Certifications * or Why I watched the entire movie library over Spring Break By: Michael Kranch CANSec 2018 October 27-28 Who Am I? B.S. / M.S. in Computer

507 views • 24 slides

More recommend