Download
spacite web application testing engine n.
Skip this Video
Loading SlideShow in 5 Seconds..
SPaCiTE – Web Application Testing Engine PowerPoint Presentation
Download Presentation
SPaCiTE – Web Application Testing Engine

SPaCiTE – Web Application Testing Engine

145 Views Download Presentation
Download Presentation

SPaCiTE – Web Application Testing Engine

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SPaCiTE – Web Application Testing Engine Matthias Büchler, Johan Oudinet, and Alexander Pretschner April 21, 2012

  2. Motivation / Purpose of the Tool Web Application Secure Model: M ⊨ φ Is Web Application Secure ? How does a secure model help to answer this question?

  3. Motivation / Purpose of the Tool Client Side Server Side

  4. Motivation / Purpose of the Tool

  5. SPaCiTE Workflow • How SPaCiTE executes test cases (attack traces) based on secure models

  6. The Secure Model – Abstract Messages

  7. The Secure Model – Horn Clauses

  8. The Secure Model – The Honest User

  9. The Secure Model – The Server

  10. The Secure Model – Secrecy Goal

  11. Model-Based Flaw Injection Library <configuration> <ACflaw> <funcname>isAuthorizedTo*</funcname> </ACflaw> </configuration>

  12. Model Checking Reuse AVANTSSAR Backends SATMC CL-ATSE OFMC

  13. Abstract Attack Trace <tom> ->* webServer : login(tom,password(tom,webServer)) webServer -> <tom> : listStaffOf(tom) <tom> *-> webServer : viewProfileOf(jerry) webServer *->* <tom> : profileOf(jerry)

  14. Transform AAT to WAAL • Configuration Information • How are abstract messages translated into actions How is a viewProfileOf message generated in the browser?

  15. Transform AAT to WAAL • How are abstract messages translated into actions

  16. Transform AAT to WAAL • Translate WAAL actions to Java source code • Embed them into a test execution engine skeleton

  17. Execution • Execute the test case • Recovery actions might be needed

  18. Example of a Recovery Action

  19. Verdict

  20. Conclusion • Semi-automatic security testing of web applications • Automatic at browser level • May request help from a test expert at HTTP level • Interesting abstract attack traces were generated by injecting relevant source code level faults into the model • Relevant fault = known vulnerability that have been exploited to violate any security goal in the secure model. • We were able to reproduce all 4 Abstract Attack Traces coming from 2 RBAC and 2 XSS models

  21. Future Work • Target different vulnerabilities and security goals • Address side effects during recovery actions • Extend the tool when global observation is not possible • Integration work as part of SPaCiOS EU project www.spacios.eu * Demo on request, or visit: http://zvi.ipd.kit.edu/26_500.php

  22. Model-Based Flaw Injection Library • Mutation Operator represent vulnerabilities at model level • They combine a security property and a vulnerability

  23. Assumptions and Limitations • Secure model must exist • → If not, try to make use of model inference • Each abstract message must be mappable to WAAL actions • that means every abstract message must be expressed in terms of generating and/or verifying actions at browser level • that doesn’t imply that action must be performed in browser→ see Recovery Actions • → If not, WAAL actions can be bypassed and abstract message is directly mapped to protocol level messages (no guidance by SPaCiTE) • Used model checker considers the Dolev Yao Model for the intruder behavior • Intruder is the network (Every component must be wrapped by a Proxy to have global observation property) • No side effects during recovery actions • Deterministic system