Discovering application-level insider attacks using symbolic execution

Karthik Pattabiraman, Nithin Nakka, Zbigniew Kalbarczyk, Ravishankar Iyer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.

Original languageEnglish (US)
Title of host publicationEmerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings
Pages63-75
Number of pages13
DOIs
StatePublished - 2009
Event24th IFIP TC11 International Information Security Conference, SEC 2009 - Pafos, Cyprus
Duration: May 18 2009May 20 2009

Publication series

NameIFIP Advances in Information and Communication Technology
Volume297
ISSN (Print)1868-4238

Other

Other24th IFIP TC11 International Information Security Conference, SEC 2009
Country/TerritoryCyprus
CityPafos
Period5/18/095/20/09

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Discovering application-level insider attacks using symbolic execution'. Together they form a unique fingerprint.

Cite this