Abstract
|
Due to our increasing reliance on computer … Due to our increasing reliance on computer systems, security incidents and their causes are important problems that need to be addressed. To contribute to this objective, the paper describes a new tool for the discovery of security vulnerabilities on network connected servers. The AJECT tool uses a speci?cation of the server?s communication protocol to automatically generate a large number of attacks accordingly to some prede?ned test classes. Then, while it performs these attacks through the network, it monitors the behavior of the server both from a client perspective and inside the target machine. The observation of an incorrect behavior indicates a successful attack and the potential existence of a vulnerability. To demonstrate the usefulness of this approach, a considerable number of experiments were carried out with several IMAP servers. The results show that AJECT can discover several kinds of vulnerabilities, including a previously unknown vulnerability. luding a previously unknown vulnerability.
|
Author
|
Nuno Ferreira Neves +
, João Antunes +
, Miguel Correia +
, Paulo Verissimo +
, Rui Neves +
|
Booktitle
|
Proceedings of the International Conference on Dependable Systems and Networks (DSN), Philadelphia, USA, June 2006. +
|
Key
|
Nuno-ferreira-neves2006using-attack-179 +
|
Month
|
jun +
|
NumPubDate
|
2,006.06 +
|
Project
|
Project:AJECT +
, Project:CRUTIAL +
|
ResearchLine
|
Fault And Intrusion Tolerance in Open Distributed Systems (FIT) +
|
Title
|
Using Attack Injection to Discover New Vulnerabilities +
|
Type
|
inproceedings +
|
Url
|
http://www.navigators.di.fc.ul.pt/archive/papers/neves06a.pdf +
|
Year
|
2006 +
|
Categories |
Publication +
|
Modification dateThis property is a special property in this wiki.
|
14 January 2013 14:41:23 +
|