0 évaluation0% ont trouvé ce document utile (0 vote)
17 vues8 pages
Vulnerability has defined as “A flaw or weakness in a system's design, implementation, operation,
or management that could be exploited to violate the system's security policy.” In this paper, we
have discussed different types of software vulnerabilities and software auditing tool model. Also,
a comparative analysis of different auditing tools is provided on the basis of subject of detection,
detection techniques and detection time.
Vulnerability has defined as “A flaw or weakness in a system's design, implementation, operation,
or management that could be exploited to violate the system's security policy.” In this paper, we
have discussed different types of software vulnerabilities and software auditing tool model. Also,
a comparative analysis of different auditing tools is provided on the basis of subject of detection,
detection techniques and detection time.
Vulnerability has defined as “A flaw or weakness in a system's design, implementation, operation,
or management that could be exploited to violate the system's security policy.” In this paper, we
have discussed different types of software vulnerabilities and software auditing tool model. Also,
a comparative analysis of different auditing tools is provided on the basis of subject of detection,
detection techniques and detection time.
International Journal of Advance Foundation and Research in Computer (IJAFRC)
Volume 1, Issue 4, April 214! I""# 2$4% & 4%'$
(% ) * 214, IJAFRC All Ri+hts Reserved ,,,!i-afrc!or+
A "urve. of "oft,are Vulnera/ilit. and Auditin+ 0ools Rajender Kumar*, Manish Kumar. NIT Kurukshetra, Haryana rajenderk18@gmail.com , itsmanishsidhu@gmail.com
A 1 " 0 R A C 0 Vulnera/ilit. has defined as 2A fla, or ,ea3ness in a s.stem4s desi+n, implementation, operation, or mana+ement that could /e e5ploited to violate the s.stem4s securit. polic.!6 In this paper, ,e have discussed different t.pes of soft,are vulnera/ilities and soft,are auditin+ tool model! Also, a comparative anal.sis of different auditin+ tools is provided on the /asis of su/-ect of detection, detection techni7ues and detection time! Inde5 0erms8 ".stem "ecurit., Relia/ilit., 9erformance, soft,are auditin+ tools, race condition, /uffer overflo,, ,indo, of vulnera/ilit., spoofin+, cross&site scriptin+!
I! I#0R:;<C0I:# In today!s li"e, Internet #ecomes essential $art o" li"e. %e use it "or #anking, message trans"er, sho$$ing, #usiness etc. %ith the increased use o" internet, danger o" in"ormation the"t and attack are also increased. Most targeted attacks, &iruses, and 'orms ha&e #een made $ossi#le #y &ulnera#ilities in so"t'are that read un(trusted data "rom the net'ork. In com$uter security, &ulnera#ility is a 'eakness 'hich allo's an attacker to reduce a system)s in"ormation assurance. *s sho'n in "ig. 1, +ulnera#ility is the joint or com#ination o" three di""erent elements, a system 'eakness or "la', attacker access to the 'eakness, and attacker ca$a#ility to e-$loit the 'eakness. *ttacker uses some so"t'are tools or some $attern analysis techni.ue to e-$loit &ulnera#ility.
Fi+ure 1! /o"t'are &ulnera#ility International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 1, Issue 4, April 214! I""# 2$4% & 4%'$
(= ) * 214, IJAFRC All Ri+hts Reserved ,,,!i-afrc!or+
* security risk may #e classi"ied as &ulnera#ility. The usage o" &ulnera#ility 'ith the same meaning o" risk can lead to con"usion. The risk is tied to the $otential o" a signi"icant loss. Then there are &ulnera#ilities 'ithout risk, "or e-am$le, 'hen the a""ected asset has no &alue. The 'indo' 011 o" &ulnera#ility is the time "rom 'hen the security hole 'as introduced or mani"ested in de$loyed so"t'are, to 'hen access 'as remo&ed, a security "i- 'as a&aila#le 2 de$loyed, or the attacker 'as disa#led. It can #e classi"ied in the "ollo'ing stages, 1irth, The #irth stage denotes the creation o" the &ulnera#ility during the de&elo$ment $rocess. I" the &ulnera#ility is created intentionally then the #irth stage and the disco&ery stage occur simultaneously. +ulnera#ilities that are detected and corrected #e"ore de$loyment are not considered. ;iscover., 3isco&ery stage is that stage o" li"e cycle in 'hich some indi&iduals ha&e kno'ledge a#out the 'eakness o" the system. ;isclosure, The disclosure stage occurs once the disco&erer re&eals the &ulnera#ility to someone else. This can #e any disclosure, "ull and $u#lic &ia $osting to 4ugtra. or a secret traded among #lack hats. Correction, The correction stage $ersists 'hile the &endor analy5es the &ulnera#ility, de&elo$s a "i-, and releases it to the $u#lic. 9u/licit., In the $u#licity stage the method o" achie&ing $u#licity is not $aramount #ut kno'ledge o" &ulnera#ility is s$read to a much larger audience. "criptin+, 6nce the &ulnera#ility is scri$ted or a tool is created that automates the e-$loitation o" the &ulnera#ility, the scri$ting stage has #een set in motion. ;eath, %hen the num#er o" systems &ulnera#le to an e-$loit is reduced to an insigni"icant amount then the death stage has occurred. This can ha$$en #y $atching &ulnera#le systems, retiring old systems, or a lack o" interest in the e-$loit #y hackers.
Fi+ure 2! %indo' o" &ulnera#ility 011 International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 1, Issue 4, April 214! I""# 2$4% & 4%'$
> ) * 214, IJAFRC All Ri+hts Reserved ,,,!i-afrc!or+
II! ":F0?AR@ V<A#@RA1IAI0I@" CA0@B:RI@"
7ollo'ing is a list o" &ulnera#ly categories 081 along 'ith #rie" descri$tions, 1. Calformed data8 This category is .uite #road, encom$assing any instance o" data "lo'ing into a $rogram that causes it to o$erate outside o" its original s$eci"ication. /ome o" the $ro#lems o#ser&ed include sending "ragmented net'ork $ackets, sending long streams that the $rogram is not $re$ared to handle and including s$ecial characters in data 'ithout $ro$erly esca$ing them. This mal"ormed in$ut can come directly "rom a user 9'ho might #e #reaking the a$$lication either intentionally or #y mistake:, remote de&ices that share a net'ork 'ith the target com$uter 9com$uters, ;3*s, net'ork e.ui$ment, etc.:, or e&en other $rocesses on the same com$uter. 8. Race Condition8 In a race condition 0<1, t'o or more clients try to access a resource that su$$orts only serial access. I" the timing is right, the clients may o#tain access simultaneously, #e"ore the su#system in charge o" seriali5ation can deny access. *lso, since &alidation and granting access are t'o se$arate ste$s 9non(atomic:, a malicious $rogram can e-ecute #et'een them and alter the $arameters o" the transaction 9e-., user is &alidated as ha&ing access to a certain "ile, a $rogram changes the "ile name #e"ore access is $ro&ided= the user might #e gi&en non(&alidated access to a "ile:. <. Format "trin+ Vulnera/ilit. D4E8 This &ulnera#ility in&ol&es using "ormatted in$ut2out$ut 9e-. ;rint"9: and scan"9: in >2>??: 'here user(s$eci"ied data is treated as a "ormatting string. This allo's access to the $rogram stack 'here the arguments o" "ormatting "unction are, 'hich can lead to stack o&er"lo's and denials o" ser&ice. @. Cemor. Aea38 Memory leaks occur 'hen the $rogrammer allocates memory dynamically 9e-. Asing malloc9: in >: and ne&er "rees it. Modern languages like >B and Ca&a $ro&ide gar#age collection, #ut memory management in >2>?? is di""icult to im$lement. *n attacker can use mal"ormed data to e-$loit a memory leak and cause a denial o" ser&ice #y using all a&aila#le hea$ s$ace. D. 1uffer overflo,8 4u""er o&er"lo's 0D1 occur 'hen a $rogrammer allocates a #u""er that is not large enough to handle an incoming data stream. 3e$ending on the location o" the #u""er 9stack or hea$:, data 'ill o&er'rite user(allocated &aria#les, "unction arguments or return addresses. E. Code in-ections D(E8 This attack relies on inserting code in an already running $rogram. 7or e-am$le, i" a $rogrammer does not $ro$erly esca$e .uotes in ;FRG, a user might #e a#le to a$$end custom /HG code to .ueries generated #y the ;FRG scri$t. >ode can also #e injected using a stack o&er"lo' 'ith a string that contains the e-ecuta#le code. I. Inte+er errors8 Integer o&er"lo' and under"lo' occur 'hen a &alue assigned to a &aria#le goes #eyond the #ounds "or the integer ty$e 9e-. a E@#it integer is assigned to a <8#it &aria#le, or a loo$ e-ecutes more than <8IEI times using an Junsigned short intK &aria#le:. 8. ! (;ot dot) attac38 %ith this attack, a user can access locations outside o" their restricted s$ace #y sending mal"ormed data 9in&ol&ing su#strings like J..2K: to a $rogram 'ith the desired $ri&ilege 9e-. 7T; ser&er:. This is $ossi#le i" the a$$lication does not &alidate user(s$eci"ied "ilenames. L. Cross&site scriptin+8 *$$lications that are &ulnera#le to a M//8 attack allo' a malicious user to insert a link to their code in the original a$$lication 9e-. instant messaging 'indo's, 'e# $ages, etc.:. I" a regular user "ollo's that link 9#y accident or #y #eing tricked to click on it:, the International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 1, Issue 4, April 214! I""# 2$4% & 4%'$
>1 ) * 214, IJAFRC All Ri+hts Reserved ,,,!i-afrc!or+
a$$lication 'ill e-ecute code "rom the e-ternal source. In com#ination 'ith 6/ &ulnera#ilities, this may lead to the installation o" malicious $rograms 9e-. 4ackdoors, s$y('are, etc.:. 1N. "poofin+8 /$oo"ing 0I1 is the $rocess o" arti"icially changing the source o" data. 3i""erent "la&ors include ARG s$oo"ing 9changing the $ercei&ed ARG o" a ser&er to gain a user!s con"idence:, I; s$oo"ing 9changing the I; sender address in net'ork $ackets:. I" an a$$lication grants access to remote machines #ased on I; only, an attacker can s$oo" the identity o" an authori5ed machine and gain access. /$oo"ing is also a social engineering issue 9tricking users to o#tain their trust: 'ith some so"t'are #eing more &ulnera#le than others 9e-. 'e# #ro'sers and ARG s$oo"ing:. 11. ?ea3 @ncr.ption8 In some cases, sensiti&e data are transmitted 'ith a $oorly designed encry$tion or no encry$tion at all. This category in&ol&es issues 'ith storing unencry$ted2sensiti&e data in user(accessi#le locations 9log "iles, registry, etc.:, transmitting data o&er a net'ork and user authentication. 18. "tora+e 9rotection8 This category com#ines issues 'ith data storage such as creating "iles 'ith 'rong $ermissions or in a shared location. Many attacks ha&e #een $ossi#le #ecause o" $oorly $rotected tem$orary "iles, 'hich may contain sensiti&e and2or unencry$ted in"ormation. 1<. 0rustin+ the @nvironment8 This &ulnera#ility mainly in&ol&es using en&ironment &aria#les 'ithout &alidation, such as $ath strings or storing data in en&ironment &aria#les. 1@. ".mlin3 attac38 /ymlink attacks in&ol&e gi&ing a $rogram a $ointer to a "ile instead o" the "ile itsel". *n attacker can redirect the in$ut or out$ut o" a $rogram #y creating a symlink 'ith the same name as that o" a "ile the $rogram uses. 1D. ;efaultFIncorrect confi+urations8 This category co&ers &ulnera#ilities that arise "rom im$ro$er con"iguration or installation o" so"t'are. Most issues in&ol&e installation o" a ser&er a$$lication 'ith a de"ault username and2or $ass'ord that can allo' unauthori5ed users to gain access to the system. III! ":F0?AR@ A<;I0I#B 0::A"
The Oi&en auditing tool 081 detects malicious codes 9+irus, Trojan: in source code and so"t'are &ulnera#ilities 9#u""er o&er"lo', "ormat string #ug, race condition:./ome o" the main auditing tools can #e gi&en as, 1. RA0"8 R*T/ stands "or Rough *uditing Tool "or /ecurity. /ecure so"t'are security engineers de&elo$ R*T/ "or scanning ;ython, ;erl, >, >?? and ;H; code. It scans the source code "iles "or security(related issues. Major $ro#lem detected #y R*T/ are #u""er o&er"lo's and race conditions 9Time 6" >heck, Time 6" Ase:, dangerous "unction calls. R*T/ $er"orm only rough analysis o" source code and it is not a#le to "ind e&ery #ugs and errors in the code. Manual checking is necessary a"ter R*T/!s scan. 8. Fla,Finder8 7la'7inder is a static source(code security scanner "or > and >?? $rograms that looks "or commonly misused "unctions, ranks their risk, and re$orts a list o" $otential &ulnera#ilities ranked #y risk le&el. It analy5es the $rogram source code and detects all $ossi#le security "la's and $roduces them according to their risk le&el. It is &ery use"ul tool to remo&e some "la' "rom the $rogram #e"ore release them to $u#lic. <. 9"CA#8 ;/>*N detects the $ro#lematic use o" "unctions like $rint"9: and scan"9: in the source code o" > $rogram. It also "inds the mishandling o" "unctions used to dis$lay 'arning and error message. It is not a#le to identi"y #u""er o&er"lo's in the source code. International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 1, Issue 4, April 214! I""# 2$4% & 4%'$
>2 ) * 214, IJAFRC All Ri+hts Reserved ,,,!i-afrc!or+
@. I0"48 >igital de&elo$s the IT/@ in 1LLL. It is de&elo$ed to automatically $er"orm source code re&ie' "or security. It statically scans > and >?? source code "or detecting &ulnera#ility and security "la's. It scans all the source code o" a > language $rogram to determine dangerous "unction calls. *"ter detecting &ulnera#ilities, it determines the risk le&el and $roduces a $ro#lem re$ort 'hich includes the descri$tion o" $ro#lem and suggestion ho' to "i- the code. D. 1::#8 466N is a tool that automates the $rocess o" scanning "or #u""er o&errun &ulnera#ilities in > source code using dee$ semantic analysis. It detects $ossi#le #u""er o&er"lo' &ulnera#ilities #y in"erring &alues to #e $art o" an im$licit ty$e 'ith a $articular #u""er si5e. 466N is #ased on the conce$t that #u""er o&er"lo' detection is an integer range analysis $ro#lem. The algorithm #uilds a &alue $air #y taking the allocated si5e and the actual length o" each character string. This a$$roach is also taken 'ith the $arameters o" the standard > li#rary "unctions that handle character strings. E. 1AA"08 4last stands "or 4erkeley Ga5y *#straction /o"t'are +eri"ication Tool. It is so"t'are tool 'hich act as a &eri"ication system or checker "or > $rograms. 4last checks the #eha&ioral $ro$erty o" inter"ace and sa"ety $ro$erty o" $rogram in a so"t'are system. It checks reach( a#ility o" a s$eci"ied la#el in the $rogram. I" there is no $ath to the s$eci"ied error la#el, 4last re$orts that the system is in sa"e condition. 6ther'ise, it checks i" the $ath is "easi#le using sym#olic e-ecution o" the $rogram. I" the $ath is "easi#le, 4last out$uts the $ath as an error trace. I. "tac3Buard8 /tackOuard 0L1 is a com$iler techni.ue "or $ro&iding code $ointer integrity checking to the return address in "unction acti&ation records. It is im$lemented as a small $atch to gcc that enhances the code generator "or emitting code to set u$ and tear do'n "unctions 0L1. The enhanced setu$ code $laces a JcanaryK 'ord ne-t to the return address on the stack. The enhanced "unction tear do'n code "irst checks to see that the canary 'ord is intact #e"ore jum$ing to the address $ointed to #y the return address 'ord. >ritical to the /tackOuard JcanaryK a$$roach is that the attacker is $re&ented "rom "orging a canary #y em#edding the canary 'ord in the o&er"lo' string 01N1. 8. 9ointBuard8 It generali5es the /tackOuard de"ense to $lace JcanariesK ne-t to all code $ointers 9"unction $ointers and longjm$ #u""ers: and to check "or the &alidity o" these canaries 'hene&er a code $ointer is dere"erenced. I" the canary has #een tram$led, then the code $ointer is corru$t and the $rogram should issue an intrusion alert and e-it, as it does under /tackOuard $rotection. L. RaceBuard8 RaceOuard 01N1 detects attem$ts to e-$loit race condition &ulnera#ilities at run time #y detecting a change in the en&ironment #et'een the times the $rogram $ro#es "or the e-istence o" a "ile, and the time it tries to create it. RaceOuard achie&es this #y caching the "ile names that are $ro#ed, and 'hen creation attem$ts occur that hit e-isting "iles= the names are com$ared to the cache. It seeks to detect $ertinent changes in the "ile system #et'een the time an a$$lication $ro#es "or a nominated tem$orary "ile name, and the time the "ile is actually created 01N1. IV! "@C<RI0G A<;I0I#B 0::A C:;@A Malicious #eha&ior can #e caused "rom de"ect o" $rogram or e-ecution o" code that is inserted in the $rogram "or malicious $ur$ose. I" malicious $rogram 'ill #e e-ecuted, the com$uter is occurred any damage. Hence, 'e need a measure to $re&ent the damage. The method o" auditing tool 081 com$iles source code and analy5es e-ecution "lo' o" $rogram 'ith the result and com$ares 'ith e-ecution "lo' o" e-isting malicious code. 4ecause the method com$ares 'ith in"ormation a#out e-ecution "lo' o" International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 1, Issue 4, April 214! I""# 2$4% & 4%'$
>$ ) * 214, IJAFRC All Ri+hts Reserved ,,,!i-afrc!or+
malicious code, analysis o" malicious code should #e achie&ed in the ad&ance. *nd it re.uires a techni.ue that analy5es the e-ecution "lo' in com$iled source code.
Fi+ure $! Architecture of securit. auditin+ tool D%E To detect malicious code and so"t'are &ulnera#ility, analysis in"ormation and automata theory o" malicious code are used. *lso, there are methods that can e-amine &ulnera#ility o" $rogram &ia e-ecution "lo' o" $rogram. In so"t'are auditing tool consists o" analysis module, rule $rocess, detection module, and re$orter. *nalysis module analy5es target code. Rule $rocess analy5es malicious code and so"t'are &ulnera#ilities and creates rule. *lso, detection module e-amines using analy5ed intermediate codes and rule. 3etection module consists o" malicious code detector and &ulnera#ility detector. It se$arates and e-amines malicious codes and so"t'are &ulnera#ilities that are included on source code inside. It e&aluates security o" so"t'are through t'o e-aminations. Re$orter dis$lays results that detection module e-amined. *rchitecture o" so"t'are auditing tool descri#es in "igure <. V! C:C9ARA0IV@ A#AAG"I" Oi&en security, auditing tool can &eri"y security o" so"t'are that use in u#i.uitous com$uting en&ironment com#ining e-istent &ulnera#ility audit tool and malicious code detection tool. IT/@, M6;/, and 4G*/T are a tool that is used in s$eci"ication area. Ho'e&er, gi&en security auditing tool can &eri"y security o" so"t'are e""ecti&ely than other tool. ;ro$osed tool can e&aluate e-actly so"t'are security, #ecause it can detect #oth malicious codes and so"t'are &ulnera#ilities simultaneously. Moreo&er, it di""ers "rom sim$ly $attern matching tool in many res$ects, and detection o" ne' malicious codes is easy #ecause it is #ased on rule. Ta#le 1 is results that com$are 081 e-istent detection tools 'ith $ro$osed security auditing tool.
International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 1, Issue 4, April 214! I""# 2$4% & 4%'$
>4 ) * 214, IJAFRC All Ri+hts Reserved ,,,!i-afrc!or+
VI! C:#CA<"I:# The Internet 'ill continue to gro' and change the role that so"t'are $lays in our li&es. *s our li&es de$end more and more on the Internet and so"t'are, security #ecomes essential. %hen so"t'are &ulnera#ilities are disco&ered, it is in the $u#lic interest that e-isting systems 'ith &ulnera#ilities are #eing "i-ed in a timely "ashion. The .uestion is that 'hen &ulnera#ilities are disco&ered, ho' disco&erers should disclose them. 3i""erent ty$e o" &ulnera#ility ha&e di""erent e""ect on so"t'are or 'e# a$$lication. 3i""erent tools and techni.ues are used according to the demand o" en&ironment. %e ha&e discussed se&eral ty$es o" &ulnera#ilities and their detection and $re&ention measures. 4ut continuous e&olution o" &ulnera#ilities $arallel to e&olution o" so"t'are is a challenge that needs to #e addressed #y making ne' techni.ues to enconunter the &ulnera#ilities. %e ha&e discussed a security auditing tool to detect so"t'are &ulnera#ilities and malicious code $atterns. +ulnera#ility $re&ention is easier than curing it, so the so"t'ares should #e so designed that they address e-isting &ulnera#ilities.
VII! R@F@R@#C@" 011 %. *. *r#augh , %. G. 7ithen , C. McHugh , J%indo's o" &ulnera#ility, * case study analysisK, in journal o" com$uter, *>M, &ol. <<, issue 18, $$. D8(DL, 8NNN. 081 K. ;etko&, J6&ercoming $rogramming "la's, inde-ing o" common so"t'are &ulnera#ilities,K In $roceedings o" the 8nd annual con"erence on in"ormation security curriculum de&elo$ment, $$. 18I(1<D, 8NND. 0<1 C. Phang, /. /u, 7. Qang,R3etecting race conditions in 'e# ser&ices,R In International con"erence on internet and 'e# a$$lications and ser&ices, $$. 18@, 7e# 8NNE. International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 1, Issue 4, April 214! I""# 2$4% & 4%'$
>' ) * 214, IJAFRC All Ri+hts Reserved ,,,!i-afrc!or+
0@1 %. Han, M. Ren, /. Tian, G. 3ing, Q. He, R/tatic *nalysis o" 7ormat /tring +ulnera#ilities,R In 7irst *>I/ International /ym$osium on /o"t'are and Net'ork Fngineering 9//NF:, $$. 188(18I, 3ec. 8N11. 0D1 3. 7u , 7. /hi ,K4u""er o&er"lo' e-$loit and de"ensi&e techni.uesK, in 7ourth IFFF International >on"erence on Multimedia In"ormation Net'orking and /ecurity , $$. 88(LN, 8N18. 0E1 ;. Kumar , R.K. ;ateriya ,K* /ur&ey on /HG Injection *ttacks, 3etection and ;re&ention Techni.uesK, in Third IFFF International >on"erence on >om$uting >ommunication S Net'orking Technologies 9I>>>NT:,$$. 1(D, 8N18. 0I1 H. Peng, RResearch on 3e&elo$ing a Ga# Fn&ironment "or >ookie /$oo"ing *ttack and 3e"ense Fducation,R In 7i"th International >on"erence on >om$utational and In"ormation /ciences 9I>>I/:,$$. 1LIL(1L88, 8N1<. 081 M. Gee, /. >ho, >. Cang, H. ;ark, F. >hoi, J* Rule(#ased /ecurity *uditing Tool "or /o"t'are +ulnera#ility 3etection,K in International >on"erence on Hy#rid In"ormation Technology, IFFF , $$. @ID(@8<, 8NNE. 0L1 >. >o'an, ;. %agle, >. ;u, R4u""er 6&er"lo's, *ttacks and 3e"enses "or the +ulnera#ility o" the 3ecade,R In ;roceedings 3*R;* In"ormation /ur&i&a#ility >on"erence and F-$osition, &ol. 8, $$. 11L(18L, 8NNN. 01N1 >. >o'an, /. 4eattie, >. %right and O. K. Hartman, RRaceOuard, Kernel ;rotection 7rom Tem$orary 7ile Race +ulnera#ilities,R In ;roceedings o" the 1Nth A/FNIM /ecurity /ym$osium, *ug. 8NN1.