“Network Attack Injection”
Ph.D. dissertation, Faculty of Sciences, University of Lisbon, Lisbon, Portugal, May 2012
Abstract: The increasing reliance on networked computer systems demands for high levels of dependability. Unfortunately, new threats and forms of attack are constantly emerging to exploit vulnerabilities in systems, compromising their correctness. An intrusion in a network server may affect its users and have serious repercussions in other services, possibly leading to new security breaches that can be exploited by further attacks. Software testing is the first line of defense in opposing attacks because it can support the discovery and removal of weaknesses in the systems. However, searching for flaws is a difficult and error-prone task, which has invariably overlooked vulnerabilities. The thesis proposes a novel methodology for vulnerability discovery that systematically generates and injects attacks, while monitoring and analyzing the target system. An attack that triggers an unexpected behavior provides a strong indication of the presence of a flaw. This attack can then be given to the developers as a test case to reproduce the anomaly and to assist in the correction of the problem. The main focus of the investigation is to provide a theoretical and experimental framework for the implementation and execution of attack injection on network servers. Several innovative solutions related to this approach are covered, including ways to infer a specification of the protocol implemented by the server, the generation of a comprehensive set of attacks, the injection and monitoring of the target system, and the automatic analysis of results. Furthermore, we apply some of the developed techniques to other areas of network security, namely to intrusion tolerance and detection. In particular, a new method is proposed to assist on the evaluation of the compliance of diverse replicas in intrusion-tolerant systems.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)