“Vulnerability Assessment Through Attack Injection”
From Navigators
(Difference between revisions)
(Created page with "{{Publication |type=mastersthesis |title=Vulnerability Assessment Through Attack Injection |author=João Antunes, |ResearchLine=Fault and Intrusion Tolerance in Open Distributed...") |
|||
| Line 2: | Line 2: | ||
|type=mastersthesis | |type=mastersthesis | ||
|title=Vulnerability Assessment Through Attack Injection | |title=Vulnerability Assessment Through Attack Injection | ||
| - | |author=João Antunes, | + | |author=João Antunes, |
|ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT) | |ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT) | ||
|month=nov | |month=nov | ||
| Line 23: | Line 23: | ||
behavior in the target systems. Preliminary experimental results in IMAP | behavior in the target systems. Preliminary experimental results in IMAP | ||
servers showed that AJECT was able to discover not only all known vulnerabilities, but also a previously unknown one. | servers showed that AJECT was able to discover not only all known vulnerabilities, but also a previously unknown one. | ||
| - | | | + | |school=Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa |
| - | + | |advisor=Nuno Ferreira Neves, | |
| - | |advisor=Nuno Ferreira Neves, | + | |
}} | }} | ||
Latest revision as of 17:54, 2 October 2018
João Antunes (advised by Nuno Ferreira Neves)
Master’s thesis, Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Nov. 2006
Abstract: Our reliance on computer systems for everyday life activities has increased over the years as more and more tasks are accomplished with their help. The increasing complexity of the problems they address also require the development of more elaborated solutions. So, applications tend to become larger and more complex. On the other hand, the ever present tradeoff between time to deployment and thorough testing puts pressure on the quality of the software. Hence, applications tend to be released with little testing. Software bugs are continuously detected afterwards, resulting in security vulnerabilities that can be exploited by malicious adversaries and compromise the systems’ security. The discovery of security vulnerabilities is then a valuable asset in the development of dependable systems. AJECT is presented as a new tool for vulnerability assessment, without requiring access to the source code or to any updated vulnerability database. The methodology utilized in the construction of AJECT emulates the behavior of an adversary by injecting attacks to trigger and detect abnormal behavior in the target systems. Preliminary experimental results in IMAP servers showed that AJECT was able to discover not only all known vulnerabilities, but also a previously unknown one.
Export citation
Project(s):
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
