Monitoring the Security Health of Software Systems

Detecting security bugs during the development cycle of a software is extremely difficult as effective testing approaches for such bugs do not exist. Applications are often deployed without being tested for security vulnerabilities even though the application domain demands highly secure software. Hence there is a need to develop systems which can monitor such applications for security violations and take immediate actions if any violation occurs. In this paper we describe an approach for monitoring the security health of a software system. Our methodology involves an agent based approach which communicates with the health monitoring system running as an independent process. We make this agent a part of the application (binary) and modify the binary at appropriate locations to transfer the control to the agent attached. The agent sends critical information regarding the execution to the monitoring system. The monitoring system analyzes the data and takes suitable actions. Currently our system monitors the following security bugs uffer overflow, race conditions (time of check to time to use vulnerability), random number vulnerability and can be extended for other vulnerabilities also

[1]  14th International Symposium on Software Reliability Engineering , 2003, 14th International Symposium on Software Reliability Engineering, 2003. ISSRE 2003..

[2]  Arash Baratloo,et al.  Libsafe: Protecting Critical Elements of Stacks , 2003 .

[3]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[4]  Carla E. Brodley,et al.  SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address , 2006, IEEE Transactions on Computers.

[5]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[6]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[7]  Matt Bishop,et al.  Checking for Race Conditions in File Accesses , 1996, Comput. Syst..

[8]  Tzi-cker Chiueh,et al.  A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks , 2003, USENIX Annual Technical Conference, General Track.

[9]  Ruby B. Lee,et al.  Enlisting Hardware Architecture to Thwart Malicious Code Injection , 2004, SPC.

[10]  Tzi-cker Chiueh,et al.  RAD: a compile-time solution to buffer overflow attacks , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[11]  Wouter Joosen,et al.  Code injection in C and C++: a survey of vulnerabilities and countermeasures , 2004 .

[12]  David I. August,et al.  SWIFT: software implemented fault tolerance , 2005, International Symposium on Code Generation and Optimization.

[13]  Jun Xu,et al.  Architecture Support for Defending Against Buffer Overflow Attacks , 2002 .

[14]  John Wilander,et al.  A Comparison of Publicly Available Tools for Static Intrusion Prevention , 2002 .

[15]  George Varghese,et al.  Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).