1 / 68

Taxonomies of Attacks and Vulnerabilities in Computer Systems

Taxonomies of Attacks and Vulnerabilities in Computer Systems. Igure, V.M.; Williams, R.D. IEEE Communications Surveys & Tutorials, Volume: 10  Issue: 1 (2008). R96725034 林昕彥 R96725036 陳政彥. Why do we need taxonomy?.

kiril
Download Presentation

Taxonomies of Attacks and Vulnerabilities in Computer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Taxonomies of Attacks and Vulnerabilities in Computer Systems Igure, V.M.; Williams, R.D. IEEE Communications Surveys & Tutorials, Volume: 10  Issue: 1 (2008) R96725034 林昕彥 R96725036 陳政彥

  2. Why do we need taxonomy? • Their main goal was to organize information about known vulnerabilities or attacks, so that designers could use that information to build more secure systems or defense systems • If the classification is based on the actual vulnerability exploited by the attack, the dimension of classification can be considered as the cause of flaw • The taxonomy provides useful information to find unknown vulnerabilities as well as to avoid introducing similar vulnerabilities in future designs. • They provide a classification of testing techniques based on the vulnerability the test is meant to discover. Each test class discovers all the vulnerabilities that have similar characteristics

  3. Attack sophistication vs. intruder technical knowledge

  4. INTRODUCTION

  5. Introduction • Security assessment of a system is the process of determining the system’s capability to resist attacks • This process typically involves probing the system to detect the presence of known vulnerabilities • most attacks typically exploit known vulnerabilities • This process is limited because it only searches for known vulnerabilities • Security assessment is an objective process only as long as it is limited to searching for known weaknesses • Probing a system to detect previously unidentified flaws is still a very subjective process

  6. Introduction • Prior work has attempted to gain an understanding of the characteristics and nature of known vulnerabilities to support the prediction of vulnerabilities in new systems • The first step in understanding vulnerabilities is to classify them into a taxonomy based on their characteristics • A taxonomy classifies the large number of vulnerabilities into a few well defined and easily understood categories • Such classification can serve as a guiding framework for performing a systematic security assessment of a system • This article provides a state-of-the-art survey of existing security related taxonomies • The survey covers papers published between 1974 and 2006

  7. TAXONOMIES AND SECURITY ASSESSMENT

  8. Taxonomies and Security Assessment • A taxonomy is formally defined as “the study of the general principles of scientific classification” • This classification is done according to the relationships between the characteristics of the objects • A good taxonomy also provides a common language for the study of the field

  9. Taxonomies and Security Assessment • taxonomies of vulnerabilities and attacks might be useful in the security assessment process • can also be useful for system designers • can also provide a way to explore unknown attacks • Many taxonomies of attacks and vulnerabilities have been published over the years, but there is still no standard or universally accepted taxonomy • Our primary interest is in the development and use of attack and vulnerability taxonomies in the security assessment process

  10. ATTACK TAXONOMIES

  11. Types of Computer Crimes [17] The six classes of users are not distinct • Two-dimensional matrix of computer attacks • First dimension: Users • Operators, programmers, data entry, internal users, outside users, and intruders • Second dimension: Computer crimes • Physical destruction, information destruction, data diddling, theft of services, browsing, and theft of information

  12. Types of Computer Misuse [18] • Level One: • Theft of computer resources • Disruption of computer resources • Unauthorized disclosure of information • Unauthorized modification of information • Level Two: • Human error • User abuse of authority • Direct probing • Probing with malicious software • Direct penetration • Subversion of security mechanism

  13. Information System Attacks [19] • First attempts at developing a taxonomy to help the security assessment process • put all possible attacks under a single taxonomy • could be used to predict future attacks in existing systems • The biggest drawback of [19] is that it is not a classification • It is merely a long list of all known attacks • The article lists 94 different attacks on information systems

  14. Computer Attack [24] • In [24] Neumann identified 26 different kinds of computer attacks and classified them into nine categories: • External • Hardware misuse • Masquerading • Pest programs • Bypasses • Active misuse • Passive misuse • Inactive misuse • Indirect misuse • This can be considered a hierarchical taxonomy because it has two levels of classification

  15. Classify Computer Security Intrusions [7] • Lindquist and Jonsson’s taxonomy [7, 26] is a very good example of one that is suitable for a security assessment process • the first to introduce the notion of dimension of classification • they extended three of Neumann and Parker’s categories into multiple subdivisions: • Bypass of intended controls • Active misuse of resources • Passive misuse of resources

  16. IDS Related Taxonomies • Two main types of IDSs: • Signature-based system • Anomaly-based system • The primary motivation for this classification was to provide a defense-centric taxonomy to help network defenders

  17. Signature-based system • Every attack manifests itself as some kind of event or sequence of events in a network • These unique events are called the signatures of the attack • Every known attack is given a signature based on its characteristics • Attack taxonomy can ensure that all known attacks are represented in the database

  18. Signature-based system • In [27] Kumar presents a taxonomy signatures to help build an effective IDS • Attack signatures are classified into five categories: • Existence • Sequence • Partial order • Duration • Interval

  19. Anomaly-based system • Looking for any network activity that deviates from the norm • Killourhy et al. [28] developed a taxonomy of attacks based on their manifestation as anomalies in IDS sensor data • Every attack manifests itself either as a: • Foreign symbol • Minimal foreign sequence • Dormant sequence • Non-anomalous sequence

  20. DoS Attack Related Taxonomies • Attacker can carry out a successful attack without penetrating the target network • In [29] Neumann lists three types of DoS attacks based on the source of the attack • no network penetration and can be carried out remotely over the Internet • attacker exploits some known vulnerability to penetrate the network and then carries out resource exhaustion attacks • distributed DoS (DDoS) attacks, attackers penetrate or compromise many third party computers and use them to launch a DoS attack against the target network

  21. DoS Attack Related Taxonomies • Mirkovic and Reiher [8] intended to build a taxonomy that would provide a complete overview of the field of DDoS attacks and defenses • Each attack has multiple characteristics, and Mirkovic and Reiher classify attacks along multiple dimensions • This classification is not mutually exclusive • Eight dimensions: • Degree of automation • Exploited weakness • Source address validity • Attack rate dynamics • Possibility of characterization (based on packet content) • Persistence of agent set • Victim type • Impact on the victim

  22. DoS Attack Related Taxonomies • In [35] Campbell uses a novel dance metaphor to characterize DoS attacks • He characterizes a DoS attacker as a third person interrupting two dancing partners • He groups all DoS attacks under four classes that represent the attacker’s strategy for success: • Partner -> spoofing • Flood -> flooding • Trip -> shutting down • Intervene -> interception

  23. Web Attack Taxonomies • Alvarez and Petrovic [34] analyzed and classified Web attacks, their goal was to extract useful information for application developers to build more secure systems

  24. Specialized Attack Taxonomies • There are many attack taxonomies that cover only certain specific applications • Man and Wei [42] developed a taxonomy of attacks againstmobile agents • The goal of the work was to understand allpossible attacks against mobile agents and then use thisunderstanding to develop appropriate protection mechanisms • The first level of classification in [42] dividesattacks into two categories based on the intentions of theattack • hierarchical, and this characteristic is useful forsecurity assessment

  25. Taxonomies for Security Assessment • Lough presents an exhaustive survey of computer attack and vulnerability taxonomies in [15] • Classifies all attacks under four categories: • Incorrect validation • Incorrect exposure • Incorrect randomness • Incorrect deallocation • This classification is made on the cause of attack dimension • Lough’s taxonomy is not application-specific

  26. Taxonomies for Security Assessment • In [25] Hansman and Hunt aim to develop a “pragmatic taxonomy that is useful to those dealing with attacks on a regular basis.” • They conclude that it is difficult to develop an effective tree-structure taxonomy of attacks • Four dimension: • Attack vector • Attack target • Vulnerabilities and exploits • Attacks with payloads • If the taxonomy were application-specific instead of trying to incorporate all possible kinds of attacks, it might not be very difficult to develop a single tree-structure taxonomy of attacks

  27. VULNERABILITY TAXONOMIES

  28. Vulnerability Taxonomy • One of the earliest works on this topic was done by McPhee. • McPhee’s paper was published in 1974, and since then there has been much research done on computer security. • McPhee lists seven class of integrity flaws in operating systems:

  29. Vulnerability Taxonomy • Attanasio described the methodology and results of penetration testing experiments. • The penetration analysts had three goals: • The paper does not provide a taxonomy, as that was not their goal, but it makes the important contribution of listing operations system characteristics that are likely to have flaws.

  30. Vulnerability Taxonomy • After the penetration testing experiment, Attanasio et al. Listed 16 OS features that are likely to have flaws:

  31. Vulnerability Taxonomy

  32. TAXONOMY OF SOFTWARE PROGRAM FLAWS

  33. Taxonomy of Software Program Flaws • The Research in Secured Operating Systems (RISOS) project and the Protection Analysis (PA) project were two of the earliest efforts at producing taxonomies of vulnerabilities in computer software. • Both of the projects examined the vulnerabilities in different operating systems.

  34. Taxonomy of Software Program Flaws • The seven classes of vulnerabilities in the RISOS project were:

  35. Taxonomy of Software Program Flaws • The ten classes from the PA project were:

  36. Taxonomy of Software Program Flaws • The categories of both the RISOS and PA classifications indicate that the dimension of classification was by operations. • This means that the categories represent operations of the OS which can be misused to cause attacks. • The RISOS and PA categories would be greatly beneficial in a larger taxonomy.

  37. Taxonomy of Software Program Flaws • Bishop analyzed the RISOS and PA taxonomies, and showed that these classes could be mapped onto each other. • Bishop classified each vulnerability along six axes:

  38. Taxonomy of Software Program Flaws • After the PA project, the most influential work on taxonomies of flaws was done by Landwehr et al. • They did not limit their taxonomy to operating systems but provided a more general taxonomy of flaws in computer programs. • They classified their flaws in three different dimensions: • Genesis • Time of introduction • location

  39. Taxonomy of Software Program Flaws • Jiwnani et al. used Landwehr’s taxonomy to aid security testing. • They adapted Landwehr’s three dimensions to build a matrix that related the cause of the vulnerability. • To be effective, the taxonomy must be used in conjunction with all the dimensions of the classification. • The assessment process can be more systematic if these dimensions are arranged hierarchically.

  40. Taxonomy of Software Program Flaws • All the work we have seen so far classified attacks or vulnerabilities based on some inherent characteristic of the attack or vulnerability itself. • Krsul departed from this norm. • He developed a taxonomy based on the observation that most of the vulnerabilities were introduced into programs because of mistaken assumptions by the programmer. • He classified flaws according to the assumption that led to their introduction into the software.

  41. Taxonomy of Software Program Flaws • Aslam focused only on the UNIX operating system. • Aslam’s taxonomy is hierarchical, and the first level had three main categories: • Configuration flaws • Environment flaws • Coding flaws • The dimension of classification for these three classes is the cause of the flaw.

  42. Taxonomy of Software Program Flaws • Du and Mathur described each flaw with multiple attributes. They classify flaws along three axes: • Cause • Impact • Fix • Landwehr’s original genesis class had two main subclasses: intentional and inadvertent flaws. • Du and Mathur ignore the intentional flaws. Instead, they focused on the inadvertent flaws in the software. • Since the taxonomy provides details about the flaws, it could be effective in a security assessment process.

  43. Taxonomy of Software Program Flaws • Kamara et al. successfully use Du and Mathur’s taxonomy for analyzing vulnerabilities in Internet firewalls. • They break down a firewall into its constituent components, and its operations and data flow. • They analyze some of the well-known firewall vulnerabilities, and map them to both Du and Mathur’s taxonomy and the specific operations and parts of the firewalls. • The result is a matrix that identifies which operations and parts of a firewall are likely to produce flaws. • This is very useful in future security assessments of other firewalls as well as in preventing the same kinds of flaws in new products.

  44. Taxonomy of Software Program Flaws • Gray’s aim was to develop a taxonomy of vulnerabilities that would be useful to people in various positions in a software development organization. • Gray combined the work of Landwehr, Bishop, and Wang into an extended and multi-perspective taxonomy.

  45. Taxonomy of Software Program Flaws • The taxonomy had ten classes of program flaws:

  46. Taxonomy of Software Program Flaws • Gray’s approach of combining all the perspectives within one taxonomy is not very efficient. • Gray does not offer any subclasses for any of these classes. • Such a single-level taxonomy does not provide adequate information about the flaws. • This ineffectiveness shows that taxonomies are most useful when they are developed for a particular application from a specific perspective.

More Related