Protocol Vulnerabilities in Practice: Causes, Modeling and Automatic Detection
نویسندگان
چکیده
Starting from practical scenarios we underline that the most relevant security vulnerabilities in practice come from weak protocol design or implementation flaws rather than from weak or flawed cryptography. In particular, we outline security vulnerabilities in several kinds of scenarios starting from well explored fields such as computer networks to less explored ones from the automotive industry and control systems. Some of the security flaws that we discuss are already known while others are new and have been subject of our previous research. Finally, we emphasize that to assure good security, focus should be on assuring correct implementations and proper tools for automatic verification of services.
منابع مشابه
Algebraic Matching of Vulnerabilities in a Low-Level Code
This paper explores the algebraic matching approach for detection of vulnerabilities in binary codes. The algebraic programming system is used for implementing this method. It is anticipated that models of vulnerabilities and programs to be verified are presented as behavior algebra and action language specifications. The methods of algebraic matching are based on rewriting rules and techniques...
متن کاملAutomatic Detection of Vulnerabilities in Web Applications using Fuzzing
Automatic detection of vulnerabilities is a problem studied in literature and a very important concern in application development with security requirements. Fuzzing is a software testing technique, automated or semi-automated, that involves injecting a massive quantity of semi-random inputs in software in order to find security vulnerabilities. Many vulnerability detection techniques need manu...
متن کاملTumor Detection and Morphology Assessment in the Liver Tissue Using an Automatic Tactile Robot
In this paper an automatic examination robot was developed to improve the process of cancer detection, tumor localization and geometrical shape diagnosis. A uniformly distributed compressive load was applied to the top tissue surface and the resultant mechanical stress was measured that was employed for the tumor diagnosis task. The experimental examinations were performed on the soft tissue of...
متن کاملAn advanced approach for modeling and detecting software vulnerabilities
Context. Passive testing is a technique in which traces collected from the execution of a system under test are examined for evidence of flaws in the system. Objective. In this paper we present a method for detecting the presence of security vulnerabilities by detecting evidence of their causes in execution traces. This is a new approach to security vulnerability detection. Method. Our method u...
متن کاملAutomatic detection of DoS vulnerabilities of cryptographic protocols
In this article the subject of DoS vulnerabilities of cryptographic key establishment and authentication protocols is discussed. The system for computer-aided DoS protocol resistance analysis, which employs the Petri nets formalism and Spin model-checker, is presented.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012