PPT - CSE Labs User Home Pages

idleheadedceleryΚινητά – Ασύρματες Τεχνολογίες

10 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

56 εμφανίσεις

SENG 5199

Data and Network


System Evaluation and

Yongdae Kim

News Today

iPhone location tracking

wiping HDD


cache attack and Amnesty

Software update system and key

Web bugs and Tor

Cloud Police!

Assurance and Evaluation

Assurance: Whether the system will work

Evaluation: How you convince other people
of this?


Our estimate of the likelihood that a system will fail
in a particular way

Estimation is based on

System development process

Identity of development team

Particular technical assessment

Formal method, experiment with test cases, experience

Assurance traditionally focused on implementation

Given the agreed functionality and strength of mechanisms,
the product has been implemented correctly.

This is because most of the security failures are
implementation bugs

Project Assurance

White box security testing

Architectural flaw

Implementation flaws

Less common flaws such as crypto, rng, …

Formal method

Penetration Testing

Evaluating the security of a computer
system or network by simulating an attack
from a malicious source

Black box testing: no prior knowledge of the
infrastructure to be tested

white box testing: complete knowledge of the
infrastructure to be tested, often including
network diagrams, source code, and IP
addressing information.

grey box tests: Something in between

Tools for Penetration Testing


Used to discover hosts and services on a
computer network

Host Discovery, Port Scanning, Version Detection,
OS Detection, Firewall/IDS evasion, spoofing


Scanning for exploitable vulnerabilities

Nessus scans based on an exhaustive list of
vulnerabilities for all platforms of computing

Vulnerabilities, Misconfiguration (e.g. open mail
relay, missing patches,
), Weak passwords,

Tools for Penetration Testing


Configuring an exploit

Checking if the target is susceptible to the chosen exploit

Configuring a payload

Choosing the encoding technique for IPS/IDS evasion

Executing the exploit.

Web application Penetration Testing

Known vulnerabilities in COTS applications

Technical vulnerabilities: URL manipulation, SQL injection,
site scripting, back
end authentication, password in
memory, session hijacking, buffer overflow, web server
configuration, credential management, Clickjacking, etc,

Business logic errors: Day
Day threat analysis,
unauthorized logins, personal information modification,
pricelist modification, unauthorized funds transfer

Tools for Penetration Testing

OWASP, the Open Web Application Security
Project, an open source web application
security documentation project


OWASP Top 10 awareness document.

What are the limitations of security testing?


Process of assembling evidence that a
system meets, or fails to meet, a prescribed
assurance target

Rainbow Series

DoD Trusted Computer Sys Evaluation Criteria (Orange Book)

Audit in Trusted Systems (Tan Book)

Configuration Management in Trusted Systems (Amber Book)

Trusted Distribution in Trusted Systems (Dark Lavender Book)

Security Modeling in Trusted Systems (Aqua Book)

Formal Verification Systems (Purple Book)

Covert Channel Analysis of Trusted Systems (Light Pink Book)

… many more


Orange Book Criteria (TCSEC)

Level D

No security requirements

Level C: For environments with cooperating users


protected mode OS, authenticated login, DAC, security
testing and documentation



DAC to level of individual user, object initialization,

(Windows NT 4.0)

Level B, A

All users and objects must be assigned a security label
(classified, unclassified, etc.)

System must enforce Bell
LaPadula model

Orange Book Criteria (TCSEC)

Level B


classification and Bell


system designed in top
down modular way, must be
possible to verify, covert channels must be analyzed


ACLs with users and groups, formal TCB must be
presented, adequate security auditing, secure crash

Level A1

Formal proof of protection system, formal proof that model
is correct, demonstration that impl conforms to model,
formal covert channel analysis

Common Criteria

Common Criteria for Information Technology
Security Evaluation

an international standard (ISO/IEC 15408) for
computer security certification

Key Concepts

Target Of Evaluation (TOE)

the product or system

Protection Profile (PP)

a document which identifies security
requirements for a class of security devices

Security Target (ST)

the document that identifies the
security properties of the target of evaluation. It may refer
to one or more PPs.

Security Functional Requirements (SFRs)

specify individual
security functions which may be provided by a product. CC
presents a standard catalogue of such functions.

Common Criteria

Quality Assurance Processes

Security Assurance Requirements (SARs)

descriptions of the measures taken during
development and evaluation of the product to
assure compliance with the claimed security

Evaluation Assurance Level (EAL)

the numerical
rating describing the depth and rigor of an

Common Criteria

Evaluation Assurance Level

EAL1: Functionally Tested

Review of functional and interface specifications

Some independent testing

EAL2: Structurally Tested

Analysis of security functions, incl high
level design

Independent testing, review of developer testing

EAL3: Methodically Tested and Checked

Development environment controls; config mgmt

EAL4: Methodically Designed, Tested, Reviewed

Informal spec of security policy, Independent testing

Windows 2000, XP, Solaris, Linux, …

Common Criteria

Evaluation Assurance Level

EAL 5: Semiformally Designed and Tested

Formal model, modular design

Vulnerability search, covert channel analysis

level security devices

EAL 6: Semiformally Verified Design and Tested

Structured development process

EAL 7: Formally Verified Design and Tested

Formal presentation of functional specification

Product or system design must be simple

Independent confirmation of developer tests

The Tenix Interactive Link Data Diode Device and the
Fox Data Diode