Abstract
|
Our reliance on computer systems for every … Our reliance on computer systems for everyday life activities has increased
over the years as more and more tasks are accomplished with their help.
The increasing complexity of the problems they address also require the
development of more elaborated solutions. So, applications tend to become
larger and more complex. On the other hand, the ever present tradeoff
between time to deployment and thorough testing puts pressure on the
quality of the software. Hence, applications tend to be released with little
testing. Software bugs are continuously detected afterwards, resulting in
security vulnerabilities that can be exploited by malicious adversaries and
compromise the systems’ security. The discovery of security vulnerabilities
is then a valuable asset in the development of dependable systems.
AJECT is presented as a new tool for vulnerability assessment, without requiring
access to the source code or to any updated vulnerability database.
The methodology utilized in the construction of AJECT emulates the behavior
of an adversary by injecting attacks to trigger and detect abnormal
behavior in the target systems. Preliminary experimental results in IMAP
servers showed that AJECT was able to discover not only all known vulnerabilities, but also a previously unknown one. lities, but also a previously unknown one.
|