Security Vulnerabilities and Their Impact upon Poirot < SE 690 Initial Presentation > Jun Link. Join@163. com http: //students. depaul. edu/~jlin 8/SE 690 Supervised by Dr. Jane Huang
Agenda o o o o o Project Description Poirot Introduction Security Issues Rose-based Access Control SQL Injection Other Security Problems Reference Project Plan Question & Answer Security Vulnerabilities and Their Impact upon Poirot
Project Description o Background n This master project is a extended project of a larger project named Poirot. n Poirot is an automated traceability tool that has been developed in the RE research center. n Poirot will be open-sourced in the Summer, and has already been requested by organizations such as Motorola and Siemens. Security issues are therefore important to address. Security Vulnerabilities and Their Impact upon Poirot
Project Description o Objectives n To analyze security issues related to Poirot. Those issues specifically include Role-based access control, SQL injection, and other typical types of security problems. The work will involve a full evaluation of Poirot in respect to common security failures. Security Vulnerabilities and Their Impact upon Poirot
Poirot Instroduction o Poirot n Is an enterprise level automated traceability tool n Web based application n Distributed system n Use database to store traceable data Security Vulnerabilities and Their Impact upon Poirot
Poirot Instroduction o Architecture Web Brower Broker Poirot Server Traceable Data Artifacts (XML) MR Service MR Adapter Artifacts In case tool Security Vulnerabilities and Their Impact upon Poirot
Security Issues o SQL Injection Unauthenticated access Web Brower Disclosure, Integrity Threat Broker Poirot Server MR Service MR Adapter Sensitive data Traceable Data Artifacts (XML) Artifacts In case tool Data integrity Security Vulnerabilities and Their Impact upon Poirot
Security Issues S 1: Security + + S 5: Role based access control + S 2: Only authorized access to project artifacts. S 6: Screens timeout after 15 minutes of inactivity S 3: Secure communication + + S 7: Encrypt all communication + S 8: Prevent dangerous characters from being passed to SQL queries from free text. S 4: Minimize system vulnerabilities S 9: Limit system access to approved IP addresses Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control o Access Control Models n n n Discretionary Access Control (DAC) Mandatory Access Control (MAC) Task-Based Access Control (TBAC) Object-Based Access Control (OBAC) Role-Based Access Control (RBAC) Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control o Advantages n Natively fits to Poirot n Simplifies authorization administration by assigning permissions to users through roles n Can easily handle large numbers of users n Confirms with job positions within organization, hence promotes usability. Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control o Model Permission assignment User Role 1 Role hierarchy n n m Session Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control o Permission System configuration Projects Project Configuration Artifacts Read Write More… Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control o Role System Administrator V Project Manager V Common User Architect Programmer QA … Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o "SQL Injection" is subset of the an unverified/insanities user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Attack Intent n n n n n Identifying injectable parameters Performing database finger-printing Determining database schema Extracting data Adding or modifying data Performing denial of service Evading detection Bypassing authentication Executing remote commands Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Example n Html o <FORM action=Login method=post> <input type=hidden name=userid value=[user input]> o </FORM> n URL o http: //webserver/login. jsp? userid=[user input] Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Example n SQL & Code o SELECT count(*) as count FROM table WHERE field = ‘[user input]' o Granted = count > 1 ? True : False o How about: user input = whatever’ or ‘ 1’ = ‘ 1 ? o The SQL becomes: SELECT count(*) as count FROM table WHERE field = ‘whatever’ or ‘ 1’ = ‘ 1’ o Result: once the table has records, the Granted will always be true. Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Example n User input = whatever’; drop table –n User input = whatever’; xp_cmdshell(…) -- Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o SQL Injection Types n n n n Tautologies Illegal/Logically Incorrect Queries Union Query Piggy Backed Queries Stored Procedures Inference Alternate Encodings Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Tautologies n Intent o Bypassing authentication, extracting data. n Example o SELECT accounts FROM users WHERE login=’’ or 1=1 -- AND pass=’’ Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Illegal/Logically Incorrect Queries n Intent o Identifying injectable parameters, performing database finger-printing. n Example o SELECT accounts FROM users WHERE login=’’ AND 1 = convert (int, (select top 1 name from sysobjects where xtype=’u’)) -- AND pass=’’ o Shown Error: ”Microsoft OLE DB Provider for SQL Server (0 x 80040 E 07) Error converting nvarchar value ’Credit. Cards’ to a column of data type int. ” Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Stored Procedures n Intent o performing denial of service, executing remote commands. . . n Example o SELECT accounts FROM users WHERE login=’admin’; SHUTDOWN; -- AND pass=’’ Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Alternate Encodings n Intent o Evading detection n Example o SELECT accounts FROM users WHERE login=’legal. User’; exec(char(0 x 73687574646 f 776 e)) -- AND pass=’’ o legal. User == char(0 x 73687574646 f 776 e) Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Prevention n Sanitize the input n Escape the input n Limit database permissions and segregate users n Use stored procedures for database access n Configure error reporting n Using tools Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Second-Order SQL Injection n Assume that single quote has been handled o Replace(“ ’ ”, “ ’’ ”) n Attacker add a new account: o Username:admin‘ –o Password:password n Insert SQL: o insert into users values(123, ’admin’’ – ’, ’password’) Security Vulnerabilities and Their Impact upon Poirot
SQL Injection o Second-Order SQL Injection n Attacker update password o Sql = “update users set password = '" + newpassword + "' where username = '" + rs. get. String("username") + "'" o update users set password = 'password' where username='admin‘ -- ‘ o What happen? Security Vulnerabilities and Their Impact upon Poirot
Other Security Problems o Unauthenticated access Web Brower Broker Poirot Server MR Service MR Adapter Sensitive data Traceable Data Artifacts (XML) Artifacts In case tool Data integrity Security Vulnerabilities and Their Impact upon Poirot
Reference o o o Poirot: Trace. Maker: A Tool for Dynamically Retrieving Traceability Links, Xuchang Zou, Chuan Duan, Raffaella Settimi, Jane Cleland-Huang. An Extensible Architecture for Enterprise-wide Automated Requirements Traceability, Jun Lin, Chan Chou Lin, Joseph Amaya, Massimo Illario, Jane Cleland-Huang, CTIRS, 2006. Building Secure Software: How to Avoid Security Problems the Right Way, John Viega, Gary Mc. Graw, Addison-Wesley The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus, Version 6. 01 November 28, 2005 Copyright (C) 2005, SANS Institute, http: //www. sans. org/top 20/ A Classification of SQL Injection Attacks and Countermeasures, William G. J. Halfond, Jeremy Viegas, and Alessandro Orso SQL Injection Attacks by Example, Steve Friedl, http: //www. unixwiz. net/techtips/sql-injection. html Security Vulnerabilities and Their Impact upon Poirot
Project Plan o Phase 1: Analysis n n n o Initially research into Role-based access control and SQL injection, 05/29/2006 Make initial presentation, 06/02/2006 Further research into Role-based access control, SQL injection, and other typical types of security problems, 06/30/2006 Phase 2: Implementation n n o o Design: Class diagrams and sequence diagrams, 07/08/2006 Coding and unit testing, 08/05/2006 Integration testing, 08/10/2006 Write developer Instruction, 08/13/2006 Prepare final presentation, 08/15/2006 Phase 3: Documentation Completion: 08/15/2006 Security Vulnerabilities and Their Impact upon Poirot
Question? Security Vulnerabilities and Their Impact upon Poirot
Thanks Security Vulnerabilities and Their Impact upon Poirot
Скачать презентацию Security Vulnerabilities and Their Impact upon Poirot
b62dbdb3485db0c0e44467f573469697.ppt