Vulnerability Discovery with Attack Injection
; Neves, N.
; Correia, M.V.
; Verissimo, P.
IEEE Transactions on Software Engineering Vol. 36, Nº 3, pp. 357 - 370, June, 2010.
ISSN (print): 0098-5589
ISSN (online): 0098-5589
Journal Impact Factor: 3,569 (in 2008)
Digital Object Identifier: 10.1109/TSE.2009.91
Download Full text PDF ( 2 MBs)
The increasing reliance put on networked computer systems demands higher levels of dependability. This is even more
relevant as new threats and forms of attack are constantly being revealed, compromising the security of systems. This paper
addresses this problem by presenting an attack injection methodology for the automatic discovery of vulnerabilities in software
components. The proposed methodology, implemented in AJECT, follows an approach similar to hackers and security analysts to
discover vulnerabilities in network-connected servers. AJECT uses a specification of the server’s communication protocol and
predefined test case generation algorithms to automatically create a large number of attacks. Then, while it injects these attacks
through the network, it monitors the execution of the server in the target system and the responses returned to the clients. The
observation of an unexpected behavior suggests the presence of a vulnerability that was triggered by some particular attack (or group
of attacks). This attack can then be used to reproduce the anomaly and to assist the removal of the error. To assess the usefulness of
this approach, several attack injection campaigns were performed with 16 publicly available POP and IMAP servers. The results show
that AJECT could effectively be used to locate vulnerabilities, even on well-known servers tested throughout the years.