TY - GEN
T1 - Using attack injection to discover new vulnerabilities
AU - Neves, Nuno
AU - Antunes, João
AU - Correia, Miguel
AU - Veríssimo, Paulo
AU - Neves, Rui
N1 - Generated from Scopus record by KAUST IRTS on 2021-03-16
PY - 2006/12/22
Y1 - 2006/12/22
N2 - Due to our increasing reliance on computer systems, security incidents and their causes are important problems that need to be addressed. To contribute to this objective, the paper describes a new tool for the discovery of security vulnerabilities on network connected servers. The AJECT tool uses a specification of the server's communication protocol to automatically generate a large number of attacks accordingly to some predefined test classes. Then, while it performs these attacks through the network, it monitors the behavior of the server both from a client perspective and inside the target machine. The observation of an incorrect behavior indicates a successful attack and the potential existence of a vulnerability. To demonstrate the usefulness of this approach, a considerable number of experiments were carried out with several IMAP servers. The results show that AJECT can discover several kinds of vulnerabilities, including a previously unknown vulnerability. © 2006 IEEE.
AB - Due to our increasing reliance on computer systems, security incidents and their causes are important problems that need to be addressed. To contribute to this objective, the paper describes a new tool for the discovery of security vulnerabilities on network connected servers. The AJECT tool uses a specification of the server's communication protocol to automatically generate a large number of attacks accordingly to some predefined test classes. Then, while it performs these attacks through the network, it monitors the behavior of the server both from a client perspective and inside the target machine. The observation of an incorrect behavior indicates a successful attack and the potential existence of a vulnerability. To demonstrate the usefulness of this approach, a considerable number of experiments were carried out with several IMAP servers. The results show that AJECT can discover several kinds of vulnerabilities, including a previously unknown vulnerability. © 2006 IEEE.
UR - http://ieeexplore.ieee.org/document/1633534/
UR - http://www.scopus.com/inward/record.url?scp=33845597598&partnerID=8YFLogxK
U2 - 10.1109/DSN.2006.72
DO - 10.1109/DSN.2006.72
M3 - Conference contribution
SN - 0769526071
SP - 457
EP - 466
BT - Proceedings of the International Conference on Dependable Systems and Networks
ER -