A Secure Framework for Discovering the Liabilities of a Network Server

Автор: Ulya Sabeel, Saima Maqbool

Журнал: International Journal of Modern Education and Computer Science (IJMECS) @ijmecs

Статья в выпуске: 12 vol.6, 2014 года.

Бесплатный доступ

The role of network and information systems is increasing in our day today infrastructures that provide critical services like banking and commerce applications, telecommunications, distribution, transportation, etc. This increases the levels of dependability on such applications, which brings about several pros and cons as well. If these infrastructures are damaged, it can compromise the availability of the critical services. Thus, it is the need of the hour to secure the available network and information systems from malicious attacks. In this paper, we have proposed a secure technique named as Network Liability Detection (NLD) and a software we named as Network Liability Tool (NLT), that points out the liabilities or vulnerabilities of your system that can be exploited to compromise its security. We propose a model based approach where the behavior of each component of the system is carefully monitored to find out the well known as well as as-yet-unknown loopholes in the system. A prototype of the application is built in Windows Platform using Java, to demonstrate the entire functioning of this system and helps in solving the security related loopholes in the network servers. The speculative results affirm that the proposed technique is effective in detecting the liabilities of the network servers.

Еще

Information System, Liability detection, loopholes, Network security, Secure Framework

Короткий адрес: https://sciup.org/15014713

IDR: 15014713

Список литературы A Secure Framework for Discovering the Liabilities of a Network Server

  • http://in.norton.com/security_response/vulnerabilities.jsp
  • Joa˜o Antunes, Nuno Neves, Miguel Correia, Paulo Verissimo, Rui Neves, "Vulnerability Discovery with Attack Injection", 2009 IEEE.
  • Joa˜o Antunes, Nuno Neves, Miguel Correia, Paulo Verissimo, Rui Neves,"Vulnerability Discovery using Attack Injection", IEEE Transactions on Software Engineering, vol. 36, no. 3, May/June 2010.
  • Zhiqiang Wang , Yuqing Zhang, Qixu Liu "A Research on Vulnerability Discovering for Router Protocols Based on Fuzzing", 2012 7th International ICST Conference on Communications and Networking in China (CHINACOM),© 2012 IEEE.
  • Sharon Goldberg, Jennifer Rexford, "Security Vulnerabilities and Solutions for Packet Sampling", Sarnoff Symposium, 2007 IEEE.
  • A. Pasupulati, J. Coit, K. Levitt. S. F. Wu, S.H. Li, J.C. Ku0,K.P. Fan, "Buttercup: On Network-based Detection of Polymorphic Buffer Overflow Vulnerabilities", 2004 IEEE.
  • MeiJunjin, "An approach for SQL injection vulnerability detection", 2009 Sixth International Conference on Information Technology: New Generations, IEEE.
  • J. Arlat, A. Costes, Y. Crouzet, J.-C. Laprie, and D. Powell, "Fault Injection and Dependability Evaluation of Fault-Tolerant Systems," IEEE Trans. Computers, vol. 42, no. 8, pp. 913-923, Aug. 1993.
  • M.-C. Hsueh and T.K. Tsai, "Fault Injection Techniques and Tools," Computer, vol. 30, no. 4, pp. 75-82, Apr. 1997.
  • J. Carreira, H. Madeira, and J.G. Silva, "Xception: Software Fault Injection and Monitoring in Processor Functional Units," Proc. Int'l Working Conf. Dependable Computing for Critical Applications, pp. 135-149, http://citeseer.ist.psu.edu/54044.html; http:// dsg.dei.uc.pt/Papers/dcca95.ps.Z, Jan. 1995.
  • T.K. Tsai and R.K. Iyer, "Measuring Fault Tolerance with the FTAPE Fault Injection Tool," Proc. Int'l Conf. Modeling Techniques and Tools for Computer Performance Evaluation, pp. 26-40, http:// portal.acm.org/citation.cfm?id=746851&dl=ACM&coll= &CFID=15151515&CFTOKEN=6184618, Sept. 1995.
  • B.P. Miller, L. Fredriksen, and B. So, "An Empirical Study of the Reliability of UNIX Utilities," Comm. ACM, vol. 33, no. 12, pp. 32- 44, 1990.
  • Univ. of Oulu, "PROTOS—Security Testing of Protocol Implementations," http://www.ee.oulu.fi/research/ouspg/protos/,1999-2003.
  • M. Sutton, "FileFuzz," http://labs.idefense.com/labs-software.php?show=3, Sept. 2005.
  • M. Sutton, A. Greene, and P. Amini, "Fuzzing: Brute Force Vulnerability Discovery", Addison-Wesley, 2007.
  • Tenable Network Security, "Nessus Vulnerability Scanner," http://www.nessus.org, 2008.
  • Saint Corp., "SAINT Network Vulnerability Scanner," http:// www.saintcorporation.com, 2008.
  • Qualys, Inc., "QualysGuard Enterprise," http://www.qualys.com, 2008.
  • D. Wagner, J.S. Foster, E.A. Brewer, and A. Aiken, "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities," Proc. Network and Distributed System Security Symp., Feb. 2000.
  • E. Haugh and M. Bishop, "Testing C Programs for Buffer Overflow Vulnerabilities," Proc. Symp. Networked and Distributed System Security, pp. 123-130, Feb. 2003.
  • J. Dura?es and H. Madeira, "A Methodology for the Automated Identification of Buffer Overflow Vulnerabilities in Executable Software without Source-Code," Proc. Second Latin-Am. Symp. Dependable Computing, Oct. 2005.
  • C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," Proc. USENIX Security Conf., pp. 63-78, https:// db.usenix.org/publications/library/proceedings/sec98/cowan.html, Jan. 1998.
  • C. Cowan, S. Beattie, J. Johansen, and P. Wagle, "PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities," Proc. USENIX Security Symp., pp. 91-104,http://www.usenix.org/publications/library/proceedings/sec03/tech/cowan.html, Aug. 2003.
Еще
Статья научная