Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Database model wikipedia , lookup
Microsoft Access wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Clusterpoint wikipedia , lookup
Relational model wikipedia , lookup
Object-relational impedance mismatch wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Security Vulnerabilities and Their Impact upon Poirot < SE690 Initial Presentation > Jun Lin [email protected] http://students.depaul.edu/~jlin8/SE690 Supervised by Dr. Jane Huang Agenda Project Description Poirot Introduction Security Issues Rose-based Access Control SQL Injection Other Security Problems Reference Project Plan Question & Answer Security Vulnerabilities and Their Impact upon Poirot Project Description Background This master project is a extended project of a larger project named Poirot. Poirot is an automated traceability tool that has been developed in the RE research center. Poirot will be open-sourced in the Summer, and has already been requested by organizations such as Motorola and Siemens. Security issues are therefore important to address. Security Vulnerabilities and Their Impact upon Poirot Project Description Objectives To analyze security issues related to Poirot. Those issues specifically include Role-based access control, SQL injection, and other typical types of security problems. The work will involve a full evaluation of Poirot in respect to common security failures. Security Vulnerabilities and Their Impact upon Poirot Poirot Instroduction Poirot Is an enterprise level automated traceability tool Web based application Distributed system Use database to store traceable data Security Vulnerabilities and Their Impact upon Poirot Poirot Instroduction Architecture Web Brower Broker Poirot Server Traceable Data Artifacts (XML) MR Service MR Adapter Artifacts In case tool Security Vulnerabilities and Their Impact upon Poirot Security Issues SQL Injection Unauthenticated access Web Brower Disclosure, Integrity Threat Broker Poirot Server MR Service MR Adapter Sensitive data Traceable Data Artifacts (XML) Artifacts In case tool Data integrity Security Vulnerabilities and Their Impact upon Poirot Security Issues S1: Security + + + + S5: Role based access control + S2: Only authorized access to project artifacts. S6: Screens timeout after 15 minutes of inactivity S3: Secure communication S4: Minimize system vulnerabilities + + S7: Encrypt all communication + S8: Prevent dangerous characters from being passed to SQL queries from free text. S9: Limit system access to approved IP addresses Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control Access Control Models Discretionary Access Control (DAC) Mandatory Access Control (MAC) Task-Based Access Control (TBAC) Object-Based Access Control (OBAC) Role-Based Access Control (RBAC) Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control Advantages Natively fits to Poirot Simplifies authorization administration by assigning permissions to users through roles Can easily handle large numbers of users Confirms with job positions within organization, hence promotes usability. Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control Model Permission Permission assignment User assignment User Role 1 Role hierarchy n n m Session Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control Permission System System configuration Projects Project Configuration Artifacts Read Write More… Security Vulnerabilities and Their Impact upon Poirot Rose-Based Access Control Role System Administrator V Project Manager V Common User Architect Programmer QA … Security Vulnerabilities and Their Impact upon Poirot SQL Injection "SQL Injection" is subset of the an unverified/insanities user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. Security Vulnerabilities and Their Impact upon Poirot SQL Injection Attack Intent Identifying injectable parameters Performing database finger-printing Determining database schema Extracting data Adding or modifying data Performing denial of service Evading detection Bypassing authentication Executing remote commands Security Vulnerabilities and Their Impact upon Poirot SQL Injection Example Html <FORM action=Login method=post> <input type=hidden name=userid value=[user input]> </FORM> URL http://webserver/login.jsp?userid=[user input] Security Vulnerabilities and Their Impact upon Poirot SQL Injection Example SQL & Code SELECT count(*) as count FROM table WHERE field = ‘[user input]' Granted = count > 1 ? True : False How about: user input = whatever’ or ‘1’ = ‘1 ? The SQL becomes: SELECT count(*) as count FROM table WHERE field = ‘whatever’ or ‘1’ = ‘1’ Result: once the table has records, the Granted will always be true. Security Vulnerabilities and Their Impact upon Poirot SQL Injection Example User input = whatever’; drop table – User input = whatever’; xp_cmdshell(…) -- Security Vulnerabilities and Their Impact upon Poirot SQL Injection SQL Injection Types Tautologies Illegal/Logically Incorrect Queries Union Query Piggy Backed Queries Stored Procedures Inference Alternate Encodings Security Vulnerabilities and Their Impact upon Poirot SQL Injection Tautologies Intent Bypassing authentication, extracting data. Example SELECT accounts FROM users WHERE login=’’ or 1=1 -- AND pass=’’ Security Vulnerabilities and Their Impact upon Poirot SQL Injection Illegal/Logically Incorrect Queries Intent Identifying injectable parameters, performing database finger-printing. Example SELECT accounts FROM users WHERE login=’’ AND 1 = convert (int,(select top 1 name from sysobjects where xtype=’u’)) -- AND pass=’’ Shown Error: ”Microsoft OLE DB Provider for SQL Server (0x80040E07) Error converting nvarchar value ’CreditCards’ to a column of data type int.” Security Vulnerabilities and Their Impact upon Poirot SQL Injection Stored Procedures Intent performing denial of service, executing remote commands... Example SELECT accounts FROM users WHERE login=’admin’; SHUTDOWN; -- AND pass=’’ Security Vulnerabilities and Their Impact upon Poirot SQL Injection Alternate Encodings Intent Evading detection Example SELECT accounts FROM users WHERE login=’legalUser’; exec(char(0x73687574646f776e)) -- AND pass=’’ legalUser == char(0x73687574646f776e) Security Vulnerabilities and Their Impact upon Poirot SQL Injection Prevention Sanitize the input Escape the input Limit database permissions and segregate users Use stored procedures for database access Configure error reporting Using tools Security Vulnerabilities and Their Impact upon Poirot SQL Injection Second-Order SQL Injection Assume that single quote has been handled Replace(“ ’ ”, “ ’’ ”) Attacker add a new account: Username:admin‘ – Password:password Insert SQL: insert into users values(123,’admin’’ – ’,’password’) Security Vulnerabilities and Their Impact upon Poirot SQL Injection Second-Order SQL Injection Attacker update password Sql = “update users set password = '" + newpassword + "' where username = '" + rs.getString("username") + "'" update users set password = 'password' where username='admin‘ -- ‘ What happen? Security Vulnerabilities and Their Impact upon Poirot Other Security Problems Unauthenticated access Web Brower Broker Poirot Server MR Service MR Adapter Sensitive data Traceable Data Artifacts (XML) Artifacts In case tool Data integrity Security Vulnerabilities and Their Impact upon Poirot Reference Poirot: TraceMaker: A Tool for Dynamically Retrieving Traceability Links, Xuchang Zou, Chuan Duan, Raffaella Settimi, Jane Cleland-Huang. An Extensible Architecture for Enterprise-wide Automated Requirements Traceability, Jun Lin, Chan Chou Lin, Joseph Amaya, Massimo Illario, Jane Cleland-Huang,CTIRS, 2006. Building Secure Software: How to Avoid Security Problems the Right Way, John Viega, Gary McGraw, Addison-Wesley The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus, Version 6.01 November 28, 2005 Copyright (C) 2005, SANS Institute, http://www.sans.org/top20/ A Classification of SQL Injection Attacks and Countermeasures, William G.J. Halfond, Jeremy Viegas, and Alessandro Orso SQL Injection Attacks by Example, Steve Friedl, http://www.unixwiz.net/techtips/sql-injection.html Security Vulnerabilities and Their Impact upon Poirot Project Plan Phase 1: Analysis Initially research into Role-based access control and SQL injection, 05/29/2006 Make initial presentation, 06/02/2006 Further research into Role-based access control, SQL injection, and other typical types of security problems, 06/30/2006 Phase 2: Implementation Design: Class diagrams and sequence diagrams, 07/08/2006 Coding and unit testing, 08/05/2006 Integration testing, 08/10/2006 Write developer Instruction, 08/13/2006 Prepare final presentation, 08/15/2006 Phase 3: Documentation Completion: 08/15/2006 Security Vulnerabilities and Their Impact upon Poirot Question? Security Vulnerabilities and Their Impact upon Poirot Thanks Security Vulnerabilities and Their Impact upon Poirot