共查询到20条相似文献,搜索用时 619 毫秒
1.
2.
《Information and Software Technology》2012,54(9):997-1013
ContextPassive testing is a technique in which traces collected from the execution of a system under test are examined for evidence of flaws in the system.ObjectiveIn this paper we present a method for detecting the presence of security vulnerabilities by detecting evidence of their causes in execution traces. This is a new approach to security vulnerability detection.MethodOur method uses formal models of vulnerability causes, known as security goal models and vulnerability detection conditions (VDCs). The former are used to identify the causes of vulnerabilities and model their dependencies, and the latter to give a formal interpretation that is suitable for vulnerability detection using passive testing techniques. We have implemented modeling tools for security goal models and vulnerability detection conditions, as well as TestInv-Code, a tool that checks execution traces of compiled programs for evidence of VDCs.ResultsWe present the full definitions of security goal models and vulnerability detection conditions, as well as structured methods for creating both. We describe the design and implementation of TestInv-Code. Finally we show results obtained from running TestInv-Code to detect typical vulnerabilities in several open source projects. By testing versions with known vulnerabilities, we can quantify the effectiveness of the approach.ConclusionAlthough the current implementation has some limitations, passive testing for vulnerability detection works well, and using models as the basis for testing ensures that users of the testing tool can easily extend it to handle new vulnerabilities. 相似文献
3.
渗透测试是发现重要网络信息系统弱点并进而保护网络安全的重要手段. 传统的渗透测试深度依赖人工, 并且对测试人员的技术要求很高, 从而限制了普及的深度和广度. 自动化渗透测试通过将人工智能技术引入渗透测试全过程, 在极大地解决对人工的重度依赖基础上降低了渗透测试技术门槛. 自动化渗透测试主要可分为基于模型和基于规则的自动渗透测试. 二者的研究各有侧重, 前者是指利用模型算法模拟黑客攻击, 研究重点是攻击场景感知和攻击决策模型; 后者则聚焦于攻击规则和攻击场景如何高效适配等方面. 主要从攻击场景建模、渗透测试建模和决策推理模型等3个环节深入分析相关自动化渗透测试实现原理, 最后从攻防对抗、漏洞组合利用等维度探讨自动化渗透的未来发展方向. 相似文献
4.
智能合约是运行在区块链合约层的计算机程序, 能够管理区块链上的加密数字货币和数据, 实现多样化的业务逻辑, 扩展了区块链的应用. 由于智能合约中通常涉及大量资产, 吸引了大量攻击者试图利用其中的安全漏洞获得经济利益. 近年来, 随着多起智能合约安全事件的发生(例如TheDAO、Parity安全事件等), 针对智能合约的安全漏洞检测技术成为国内外研究热点. 提出智能合约安全漏洞检测的研究框架, 分别从漏洞发现与识别、漏洞分析与检测、数据集与评价指标这3个方面分析现有检测方法研究进展. 首先, 梳理安全漏洞信息收集的基本流程, 将已知漏洞根据基础特征归纳为13种漏洞类型并提出智能合约安全漏洞分类框架; 然后, 按照符号执行、模糊测试、机器学习、形式化验证和静态分析5类检测技术对现有研究进行分析, 并讨论各类技术的优势及局限性; 第三, 整理常用的数据集和评价指标; 最后, 对智能合约安全漏洞检测的未来研究方向提出展望. 相似文献
5.
6.
ContextSoftware vulnerabilities in general, and software vulnerabilities with publicly available exploits in particular, are important to manage for both developers and users. This is however a difficult matter to address as time is limited and vulnerabilities are frequent.ObjectiveThis paper presents a Bayesian network based model that can be used by enterprise decision makers to estimate the likelihood that a professional penetration tester is able to obtain knowledge of critical vulnerabilities and exploits for these vulnerabilities for software under different circumstances.MethodData on the activities in the model are gathered from previous empirical studies, vulnerability databases and a survey with 58 individuals who all have been credited for the discovery of critical software vulnerabilities.ResultsThe proposed model describes 13 states related by 17 activities, and a total of 33 different datasets.ConclusionEstimates by the model can be used to support decisions regarding what software to acquire, or what measures to invest in during software development projects. 相似文献
7.
8.
9.
10.
环境错误注入是一种动态的测试软件脆弱性的技术,建立在对系统脆弱性分类模型的基础上,通过选择一个恰当的错误模型,测试系统有意识地触发软件内部存在的安全漏洞。该测试方法对于通常使用的静态检测方法,是一种重要的补充。文章论述了环境错误注入系统的一种实现机制。 相似文献
11.
12.
Fuzzing是一种自动化的漏洞挖掘技术。该文介绍了一种基于Fuzzing的漏洞挖掘思路,并将这一漏洞挖掘思路应用在TFTP协议上。设计并实现了一个针对TFTP服务器的fuzzer工具——tftpServerFuzzer,并对现有的从互联网上搜集到的Windows平台下11种TFTP服务器进行了安全测试,发现了8种TFTP服务器的13个安全漏洞,其中未曾公布过的漏洞有7个。该实践结果表明了tftpServerFuzzer的有效性和先进性。 相似文献
13.
SQL注入(SQLinjection)漏洞是网站中普遍存在的漏洞之一,同时也是影响企业运营且最具破坏性的漏洞之一。SQL注入漏洞的检测模式可分为手工分析和自动化工具扫描分析两种方式。虽然有很多自动化工具可以帮助我们快速检测SQL注入漏洞,但工具检测能力十分有限,就目前而言,扫描工具的最大瓶颈在于如何确保爬虫所得待测数据的全面性。由于爬虫技术的限制,大部分扫描工具的误报和漏报概率都比较大。人工分析虽然可以保证漏洞检测的准确度,但检测过程需要消耗大量时间且效率比较低下。针对此种情况,文章提出一种基于代理模式的SQL注入漏洞检测方法,该方法在兼顾准确率和效率的基础之上,综合利用已有漏洞检测工具的优点,实现快速全面收集待测数据,以此确保SQL注入漏洞检测的高效性和准确性。另外,文章还利用该方法对Web应用中的XSS漏洞进行了检测分析,并取得了非常好的效果。 相似文献
14.
渗透测试的核心问题是渗透测试路径的规划,手动规划依赖测试人员的经验,而自动生成渗透路径主要基于网络安全的先验知识和特定的漏洞或网络场景,所需成本高且缺乏灵活性。针对这些问题,提出一种基于强化学习的渗透路径推荐模型QLPT,通过多回合的漏洞选择和奖励反馈,最终给出针对渗透对象的最佳渗透路径。在开源靶场的渗透实验结果表明,与手动测试的渗透路径相比,所提模型推荐的路径具有较高一致性,验证了该模型的可行性与准确性;与自动化渗透测试框架Metasploit相比,该模型在适应所有渗透场景方面也更具灵活性。 相似文献
15.
ContextMemory safety errors such as buffer overflow vulnerabilities are one of the most serious classes of security threats. Detecting and removing such security errors are important tasks of software testing for improving the quality and reliability of software in practice.ObjectiveThis paper presents a goal-oriented testing approach for effectively and efficiently exploring security vulnerability errors. A goal is a potential safety violation and the testing approach is to automatically generate test inputs to uncover the violation.MethodWe use type inference analysis to diagnose potential safety violations and dynamic symbolic execution to perform test input generation. A major challenge facing dynamic symbolic execution in such application is the combinatorial explosion of the path space. To address this fundamental scalability issue, we employ data dependence analysis to identify a root cause leading to the execution of the goal and propose a path exploration algorithm to guide dynamic symbolic execution for effectively discovering the goal.ResultsTo evaluate the effectiveness of our proposed approach, we conducted experiments against 23 buffer overflow vulnerabilities. We observed a significant improvement of our proposed algorithm over two widely adopted search algorithms. Specifically, our algorithm discovered security vulnerability errors within a matter of a few seconds, whereas the two baseline algorithms failed even after 30 min of testing on a number of test subjects.ConclusionThe experimental results highlight the potential of utilizing data dependence analysis to address the combinatorial path space explosion issue faced by dynamic symbolic execution for effective security testing. 相似文献
16.
攻击图技术研究进展 总被引:2,自引:0,他引:2
目前网络攻击技术逐步多样化和智能化,攻击者对目标网络内存在的脆弱性会采取多步骤的组合攻击方式进行逐步渗透。攻击图是一种新型的网络脆弱性分析技术,它在对目标网络和攻击者建模的基础上,根据二者之间的相互作用关系计算产生攻击图,展示攻击者利用目标网络脆弱性实施网络攻击的各种可能攻击路径。该技术能够自动发现未知的系统脆弱性以及脆弱性之间的关系,因此是目前研究的热点之一。攻击图技术经历了从面向小型网络的手工分析到自动分析的发展,目前正在向面向大规模网络的自动分析发展。总结了攻击图技术的发展现状,阐述了它的巨大应用前景,最后分析了该技术目前所面临的主要挑战。 相似文献
17.
渗透测试是一种有效的安全测试方法,自动化渗透测试的关键问题之一是将发现的系统漏洞与已知漏洞利用代码进行匹配。文章提出基于开放端口和基于漏洞编号的两种匹配方法,通过将系统漏洞的端口号或漏洞编号,与漏洞利用代码中描述的端口号或漏洞编号对应检查完成匹配。实验结果表明,两种方法的查全率分别达到96.8%和90.3%,可以有效实现匹配。该方法可实际应用于自动化渗透测试。 相似文献
18.
19.