TY - GEN
T1 - Discovering application-level insider attacks using symbolic execution
AU - Pattabiraman, Karthik
AU - Nakka, Nithin
AU - Kalbarczyk, Zbigniew
AU - Iyer, Ravishankar
PY - 2009
Y1 - 2009
N2 - This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.
AB - This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.
UR - http://www.scopus.com/inward/record.url?scp=84868133952&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84868133952&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-01244-0_6
DO - 10.1007/978-3-642-01244-0_6
M3 - Conference contribution
AN - SCOPUS:84868133952
SN - 3642012434
SN - 9783642012433
SN - 9783642012433
T3 - IFIP Advances in Information and Communication Technology
SP - 63
EP - 75
BT - Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings
T2 - 24th IFIP TC11 International Information Security Conference, SEC 2009
Y2 - 18 May 2009 through 20 May 2009
ER -