Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download An Extensible Architecture for Enterprise
Document related concepts
Database model wikipedia , lookup
Microsoft Access wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Clusterpoint wikipedia , lookup
Relational model wikipedia , lookup
Object-relational impedance mismatch wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Transcript
Security Vulnerabilities and
Their Impact upon Poirot
< SE690 Initial Presentation >
Jun Lin
LinkJoin@163.com
http://students.depaul.edu/~jlin8/SE690
Supervised by Dr. Jane Huang
Agenda
Project Description
Poirot Introduction
Security Issues
Rose-based Access Control
SQL Injection
Other Security Problems
Reference
Project Plan
Question & Answer
Security Vulnerabilities and Their Impact upon Poirot
Project Description
Background
This master project is a extended project
of a larger project named Poirot.
Poirot is an automated traceability tool
that has been developed in the RE
research center.
Poirot will be open-sourced in the
Summer, and has already been
requested by organizations such as
Motorola and Siemens. Security issues
are therefore important to address.
Security Vulnerabilities and Their Impact upon Poirot
Project Description
Objectives
To analyze security issues related to
Poirot. Those issues specifically include
Role-based access control, SQL injection,
and other typical types of security
problems. The work will involve a full
evaluation of Poirot in respect to
common security failures.
Security Vulnerabilities and Their Impact upon Poirot
Poirot Instroduction
Poirot
Is an enterprise level automated
traceability tool
Web based application
Distributed system
Use database to store traceable data
Security Vulnerabilities and Their Impact upon Poirot
Poirot Instroduction
Architecture
Web Brower
Broker
Poirot Server
Traceable Data
Artifacts
(XML)
MR Service
MR Adapter
Artifacts
In case tool
Security Vulnerabilities and Their Impact upon Poirot
Security Issues
SQL Injection
Unauthenticated access
Web Brower
Disclosure,
Integrity
Threat
Broker
Poirot Server
MR Service
MR Adapter
Sensitive data
Traceable Data
Artifacts
(XML)
Artifacts
In case tool
Data integrity
Security Vulnerabilities and Their Impact upon Poirot
Security Issues
S1: Security
+
+
+
+
S5: Role based
access control
+
S2: Only
authorized
access to
project artifacts.
S6: Screens
timeout after
15 minutes
of inactivity
S3: Secure
communication
S4: Minimize
system
vulnerabilities
+
+
S7: Encrypt
all communication
+
S8: Prevent
dangerous
characters from
being passed to
SQL queries
from free text.
S9: Limit
system
access to
approved IP
addresses
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
Access Control Models
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Task-Based Access Control (TBAC)
Object-Based Access Control (OBAC)
Role-Based Access Control (RBAC)
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
Advantages
Natively fits to Poirot
Simplifies authorization administration
by assigning permissions to users
through roles
Can easily handle large numbers of users
Confirms with job positions within
organization, hence promotes usability.
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
Model
Permission
Permission assignment
User assignment
User
Role
1
Role
hierarchy
n
n
m
Session
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
Permission
System
System configuration
Projects
Project Configuration
Artifacts
Read
Write
More…
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
Role
System Administrator
V
Project Manager
V
Common User
Architect
Programmer
QA
…
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
"SQL Injection" is subset of the an
unverified/insanities user input
vulnerability ("buffer overflows" are a
different subset), and the idea is to
convince the application to run SQL
code that was not intended.
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Attack Intent
Identifying injectable parameters
Performing database finger-printing
Determining database schema
Extracting data
Adding or modifying data
Performing denial of service
Evading detection
Bypassing authentication
Executing remote commands
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Example
Html
<FORM action=Login method=post>
<input type=hidden name=userid value=[user input]>
</FORM>
URL
http://webserver/login.jsp?userid=[user input]
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Example
SQL & Code
SELECT count(*) as count FROM table
WHERE field = ‘[user input]'
Granted = count > 1 ? True : False
How about: user input = whatever’ or ‘1’ =
‘1 ?
The SQL becomes: SELECT count(*) as
count FROM table WHERE field = ‘whatever’
or ‘1’ = ‘1’
Result: once the table has records, the
Granted will always be true.
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Example
User input = whatever’; drop table – User input = whatever’; xp_cmdshell(…)
--
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
SQL Injection Types
Tautologies
Illegal/Logically Incorrect Queries
Union Query
Piggy Backed Queries
Stored Procedures
Inference
Alternate Encodings
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Tautologies
Intent
Bypassing authentication, extracting data.
Example
SELECT accounts FROM users WHERE
login=’’ or 1=1 -- AND pass=’’
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Illegal/Logically Incorrect Queries
Intent
Identifying injectable parameters, performing
database finger-printing.
Example
SELECT accounts FROM users WHERE login=’’
AND 1 = convert (int,(select top 1 name from
sysobjects where xtype=’u’)) -- AND pass=’’
Shown Error: ”Microsoft OLE DB Provider for
SQL Server (0x80040E07) Error converting
nvarchar value ’CreditCards’ to a column of data
type int.”
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Stored Procedures
Intent
performing denial of service, executing
remote commands...
Example
SELECT accounts FROM users WHERE
login=’admin’; SHUTDOWN; -- AND
pass=’’
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Alternate Encodings
Intent
Evading detection
Example
SELECT accounts FROM users WHERE
login=’legalUser’;
exec(char(0x73687574646f776e)) -- AND
pass=’’
legalUser == char(0x73687574646f776e)
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Prevention
Sanitize the input
Escape the input
Limit database permissions and
segregate users
Use stored procedures for database
access
Configure error reporting
Using tools
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Second-Order SQL Injection
Assume that single quote has been
handled
Replace(“ ’ ”, “ ’’ ”)
Attacker add a new account:
Username:admin‘ – Password:password
Insert SQL:
insert into users values(123,’admin’’ – ’,’password’)
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
Second-Order SQL Injection
Attacker update password
Sql = “update users set password = '" +
newpassword + "' where username = '" +
rs.getString("username") + "'"
update users set password = 'password'
where username='admin‘ -- ‘
What happen?
Security Vulnerabilities and Their Impact upon Poirot
Other Security Problems
Unauthenticated access
Web Brower
Broker
Poirot Server
MR Service
MR Adapter
Sensitive data
Traceable Data
Artifacts
(XML)
Artifacts
In case tool
Data integrity
Security Vulnerabilities and Their Impact upon Poirot
Reference
Poirot: TraceMaker: A Tool for Dynamically Retrieving
Traceability Links, Xuchang Zou, Chuan Duan, Raffaella
Settimi, Jane Cleland-Huang.
An Extensible Architecture for Enterprise-wide Automated
Requirements Traceability, Jun Lin, Chan Chou Lin, Joseph
Amaya, Massimo Illario, Jane Cleland-Huang,CTIRS, 2006.
Building Secure Software: How to Avoid Security Problems the
Right Way, John Viega, Gary McGraw, Addison-Wesley
The Twenty Most Critical Internet Security Vulnerabilities
(Updated) ~ The Experts Consensus, Version 6.01 November
28, 2005 Copyright (C) 2005, SANS Institute,
http://www.sans.org/top20/
A Classification of SQL Injection Attacks and
Countermeasures, William G.J. Halfond, Jeremy Viegas, and
Alessandro Orso
SQL Injection Attacks by Example, Steve Friedl,
http://www.unixwiz.net/techtips/sql-injection.html
Security Vulnerabilities and Their Impact upon Poirot
Project Plan
Phase 1: Analysis
Initially research into Role-based access control and SQL
injection, 05/29/2006
Make initial presentation, 06/02/2006
Further research into Role-based access control, SQL injection,
and other typical types of security problems, 06/30/2006
Phase 2: Implementation
Design: Class diagrams and sequence diagrams, 07/08/2006
Coding and unit testing, 08/05/2006
Integration testing, 08/10/2006
Write developer Instruction, 08/13/2006
Prepare final presentation, 08/15/2006
Phase 3: Documentation
Completion: 08/15/2006
Security Vulnerabilities and Their Impact upon Poirot
Question?
Security Vulnerabilities and Their Impact upon Poirot
Thanks
Security Vulnerabilities and Their Impact upon Poirot
