Discovering application-level insider attacks using symbolic execution

Karthik Pattabiraman; Nithin Nakka; Zbigniew Kalbarczyk; Ravishankar Iyer

doi:10.1007/978-3-642-01244-0_6

Discovering application-level insider attacks using symbolic execution

Karthik Pattabiraman, Nithin Nakka, Zbigniew Kalbarczyk, Ravishankar Iyer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.

Original language	English (US)
Title of host publication	Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings
Pages	63-75
Number of pages	13
DOIs	https://doi.org/10.1007/978-3-642-01244-0_6
State	Published - 2009
Event	24th IFIP TC11 International Information Security Conference, SEC 2009 - Pafos, Cyprus Duration: May 18 2009 → May 20 2009

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	297
ISSN (Print)	1868-4238

Other

Other	24th IFIP TC11 International Information Security Conference, SEC 2009
Country/Territory	Cyprus
City	Pafos
Period	5/18/09 → 5/20/09

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications
Information Systems and Management

Online availability

10.1007/978-3-642-01244-0_6

Library availability

Discover UIUC Full Text

Cite this

Pattabiraman, K., Nakka, N., Kalbarczyk, Z., & Iyer, R. (2009). Discovering application-level insider attacks using symbolic execution. In Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings (pp. 63-75). (IFIP Advances in Information and Communication Technology; Vol. 297). https://doi.org/10.1007/978-3-642-01244-0_6

Discovering application-level insider attacks using symbolic execution. / Pattabiraman, Karthik; Nakka, Nithin; Kalbarczyk, Zbigniew et al.
Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings. 2009. p. 63-75 (IFIP Advances in Information and Communication Technology; Vol. 297).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Pattabiraman, K, Nakka, N, Kalbarczyk, Z & Iyer, R 2009, Discovering application-level insider attacks using symbolic execution. in Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings. IFIP Advances in Information and Communication Technology, vol. 297, pp. 63-75, 24th IFIP TC11 International Information Security Conference, SEC 2009, Pafos, Cyprus, 5/18/09. https://doi.org/10.1007/978-3-642-01244-0_6

Pattabiraman K, Nakka N, Kalbarczyk Z , Iyer R. Discovering application-level insider attacks using symbolic execution. In Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings. 2009. p. 63-75. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-642-01244-0_6

@inproceedings{057883123feb4d4686e9bd78b1385fb2,

title = "Discovering application-level insider attacks using symbolic execution",

abstract = "This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.",

author = "Karthik Pattabiraman and Nithin Nakka and Zbigniew Kalbarczyk and Ravishankar Iyer",

year = "2009",

doi = "10.1007/978-3-642-01244-0_6",

language = "English (US)",

isbn = "3642012434",

series = "IFIP Advances in Information and Communication Technology",

pages = "63--75",

booktitle = "Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings",

note = "24th IFIP TC11 International Information Security Conference, SEC 2009 ; Conference date: 18-05-2009 Through 20-05-2009",

}

TY - GEN

T1 - Discovering application-level insider attacks using symbolic execution

AU - Pattabiraman, Karthik

AU - Nakka, Nithin

AU - Kalbarczyk, Zbigniew

AU - Iyer, Ravishankar

PY - 2009

Y1 - 2009

N2 - This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.

AB - This paper presents a technique to systematically discover insider attacks in applications. An attack model where the insider is in the same address space as the process and can corrupt arbitrary data is assumed. A formal technique based on symbolic execution and model-checking is developed to comprehensively enumerate all possible insider attacks corresponding to a given attack goal. The main advantage of the technique is that it operates directly on the program code in assembly language and no manual effort is necessary to translate the program into a formal model. We apply the technique to security-critical segments of the OpenSSH application.

UR - http://www.scopus.com/inward/record.url?scp=84868133952&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84868133952&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-01244-0_6

DO - 10.1007/978-3-642-01244-0_6

M3 - Conference contribution

AN - SCOPUS:84868133952

SN - 3642012434

SN - 9783642012433

T3 - IFIP Advances in Information and Communication Technology

SP - 63

EP - 75

BT - Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings

T2 - 24th IFIP TC11 International Information Security Conference, SEC 2009

Y2 - 18 May 2009 through 20 May 2009

ER -

Discovering application-level insider attacks using symbolic execution

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this