Using Attack Injection to Discover New Vulnerabilities

Philadelphia, Pennsylvania June 25-June 28

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DSN.2006.72

International Conference on Dependabl ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nuno Neves Articles by Joao Antunes Articles by Miguel Correia Articles by Paulo Verissimo Articles by Rui Neves

	ASCII Text	x
	Nuno Neves, Joao Antunes, Miguel Correia, Paulo Verissimo, Rui Neves, "Using Attack Injection to Discover New Vulnerabilities," Dependable Systems and Networks, International Conference on, pp. 457-466, International Conference on Dependable Systems and Networks (DSN'06), 2006.

	BibTex	x
	@article{ 10.1109/DSN.2006.72, author = {Nuno Neves and Joao Antunes and Miguel Correia and Paulo Verissimo and Rui Neves}, title = {Using Attack Injection to Discover New Vulnerabilities}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2006}, isbn = {0-7695-2607-1}, pages = {457-466}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2006.72}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - Using Attack Injection to Discover New Vulnerabilities SN - 0-7695-2607-1 SP457 EP466 A1 - Nuno Neves, A1 - Joao Antunes, A1 - Miguel Correia, A1 - Paulo Verissimo, A1 - Rui Neves, PY - 2006 KW - null VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Nuno Neves, Fac. de Ci.encias da Univ. de Lisboa

Joao Antunes, Fac. de Ci.encias da Univ. de Lisboa

Miguel Correia, Fac. de Ci.encias da Univ. de Lisboa

Paulo Verissimo, Fac. de Ci.encias da Univ. de Lisboa

Rui Neves, Univ. Tecnica de Lisboa

Due to our increasing reliance on computer systems, security incidents and their causes are important problems that need to be addressed. To contribute to this objective, the paper describes a new tool for the discovery of security vulnerabilities on network connected servers. The AJECT tool uses a speci-cation of the server's communication protocol to automatically generate a large number of attacks accordingly to some prede-ned test classes. Then, while it performs these attacks through the network, it monitors the behavior of the server both from a client perspective and inside the target machine. The observation of an incorrect behavior indicates a successful attack and the potential existence of a vulnerability. To demonstrate the usefulness of this approach, a considerable number of experiments were carried out with several IMAP servers. The results show that AJECT can discover several kinds of vulnerabilities, including a previously unknown vulnerability.

Citation:

Nuno Neves, Joao Antunes, Miguel Correia, Paulo Verissimo, Rui Neves, "Using Attack Injection to Discover New Vulnerabilities," dsn, pp.457-466, International Conference on Dependable Systems and Networks (DSN'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.