Upload
quyn-case
View
18
Download
0
Embed Size (px)
DESCRIPTION
Automated security testing with Flinder SEARCH-LAB Security Evaluation Analysis and Research Laboratory Ltd. Danger of programming bugs. “Every interesting program contains at least one variable, at least one cycle and at least one bug. ” – Murphy ’s law - PowerPoint PPT Presentation
Citation preview
Automated security testing with Flinder
SEARCH-LAB Security Evaluation Analysis and Research Laboratory Ltd.
2 | 10
Automated security testing with Flinder
Danger of programming bugs
“Every interesting program contains at least one variable, at least one cycle and at least one bug.” – Murphy’s law
Global security danger of programming bugs Automated intrusions Virus spreading With the help of cracked computers it is possible to
operate illegal web servers distribute spam carry out phishing commit credit card fraud
Any application can contain a bug!
3 | 10
Automated security testing with Flinder
Security testing
Programming bugs
Security-relevant programming bugs
Typical security-relevant programming bugs
Exploitable security holes
FLINDER
4 | 10
Automated security testing with Flinder
Automated testing and verification
Formal verification Requires the specification of correct behavior
Static source code analysis Complexity problems Many false positives
Test-based evaluation Test vector generation Detection of typical bugs Detects true positives, but not necessarily all Can be used without the source code
5 | 10
Automated security testing with Flinder
Black-box & white-box testing
Black-box testing Analysis of concrete protocols Complex description of the input Fuzzing: manipulation of existing input
Less and scalable customization needs
White-box testing Test vector generation based
on source code evaluation Fault injection
6 | 10
Automated security testing with Flinder
Flinder features
Looks for typical security-relevant programming bugs Test-based evaluation
Black-box and white-box test modes From applications to complex protocols
Required from the developer Input Generator – according to the correct behavior Input format description (XML-based) Protocol Statechart (UML state machine)
Re-usable generic test algorithms for typical bugs Proactive, multiple-step testing considering former reactions of the
ToE
Cryptographic support Plug-ins for cipher and compression methods
7 | 10
Automated security testing with Flinder
Fuzzing...
By definition: fuzzing is algorithmic modification of binary input Fuzzing based on descriptors
Random fuzzing
Reactively iterating fuzzing
Different fuzzers Conformance checking
Stress test
Testing typical mistakes
8 | 10
Automated security testing with Flinder
... and more
Flinder can Parse and serialize protocol messages Decode and encode cryptograms, compressed data Follow complex protocols
like IPSec, TCP, SSL
Test Logic works on field level Generic test algorithms
can be applied for different ToEs, protocols, messages and fields without modification
9 | 10
Automated security testing with Flinder
Flinder modules
Input Generator TOE
IG Capturer
Parser
Protocol Logic
IG Actuator TOE Actuator
TOE Capturer IG Dispatcher
Serializer
Test Logic
TOE Dispatcher
10 | 10
Automated security testing with Flinder
Example typical mistakes
Buffer Overflow With successive
approximation
Signedness bug
Integer Overflow
Encoding bug Unicode bug
OK ERROR REJECTION
if ((unsigned int) i < 0)
if (i*256 <= 1024)