Title :
An Attack Simulator for Systematically Testing Program-based Security Mechanisms
Author :
Breech, B. ; Tegtmeyer, Mike ; Pollock, Lori
Author_Institution :
Comput. & Info Sci., Delaware Univ., Newark, DE
Abstract :
The use of insecure programming practices has led to a large number of vulnerable programs that can be exploited for malicious purposes. These vulnerabilities are often difficult to find during traditional software testing. In response to these difficulties, various program-based security mechanisms have been proposed to help protect potentially vulnerable programs. Testing these security mechanisms, however, also can be difficult and is currently rather ad hoc. In this paper, we describe the design, implementation, and evaluation of an attack simulator that enables the systematic and semi-automatic testing and evaluation of the effectiveness of current and future security mechanisms by automatically providing numerous contexts for testing the reliability of the mechanisms. Capable of automatically creating attacks on running programs by dynamically adding code (but not modifying existing code), the attack simulator can run in different modes and simulate attacks at various program points systematically. Through a case study, we demonstrate how our tool can be used to test two well-known security mechanisms for stack smashing attacks in several different testing modes
Keywords :
program testing; security of data; software reliability; attack simulator; program vulnerability; program-based security testing; semiautomatic testing; software reliability; software testing; stack smashing attacks; systematic testing; Automatic testing; Computational modeling; Computer security; Computer simulation; Context modeling; Military computing; Performance evaluation; Protection; Software testing; System testing;
Conference_Titel :
Software Reliability Engineering, 2006. ISSRE '06. 17th International Symposium on
Conference_Location :
Raleigh, NC
Print_ISBN :
0-7695-2684-5
DOI :
10.1109/ISSRE.2006.12
