Download An Extensible Architecture for Enterprise

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
Document related concepts

Database model wikipedia , lookup

Microsoft Access wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Clusterpoint wikipedia , lookup

Relational model wikipedia , lookup

Object-relational impedance mismatch wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

SQL wikipedia , lookup

PL/SQL wikipedia , lookup

Transcript 
Security Vulnerabilities and
Their Impact upon Poirot
< SE690 Initial Presentation >
Jun Lin
[email protected]
http://students.depaul.edu/~jlin8/SE690
Supervised by Dr. Jane Huang
Agenda









Project Description
Poirot Introduction
Security Issues
Rose-based Access Control
SQL Injection
Other Security Problems
Reference
Project Plan
Question & Answer
Security Vulnerabilities and Their Impact upon Poirot
Project Description
 Background
 This master project is a extended project
of a larger project named Poirot.
 Poirot is an automated traceability tool
that has been developed in the RE
research center.
 Poirot will be open-sourced in the
Summer, and has already been
requested by organizations such as
Motorola and Siemens. Security issues
are therefore important to address.
Security Vulnerabilities and Their Impact upon Poirot
Project Description
 Objectives
 To analyze security issues related to
Poirot. Those issues specifically include
Role-based access control, SQL injection,
and other typical types of security
problems. The work will involve a full
evaluation of Poirot in respect to
common security failures.
Security Vulnerabilities and Their Impact upon Poirot
Poirot Instroduction
 Poirot
 Is an enterprise level automated
traceability tool
 Web based application
 Distributed system
 Use database to store traceable data
Security Vulnerabilities and Their Impact upon Poirot
Poirot Instroduction
 Architecture
Web Brower
Broker
Poirot Server
Traceable Data
Artifacts
(XML)
MR Service
MR Adapter
Artifacts
In case tool
Security Vulnerabilities and Their Impact upon Poirot
Security Issues

SQL Injection
Unauthenticated access
Web Brower
Disclosure,
Integrity
Threat
Broker
Poirot Server
MR Service
MR Adapter
Sensitive data
Traceable Data
Artifacts
(XML)
Artifacts
In case tool
Data integrity
Security Vulnerabilities and Their Impact upon Poirot
Security Issues
S1: Security
+
+
+
+
S5: Role based
access control
+
S2: Only
authorized
access to
project artifacts.
S6: Screens
timeout after
15 minutes
of inactivity
S3: Secure
communication
S4: Minimize
system
vulnerabilities
+
+
S7: Encrypt
all communication
+
S8: Prevent
dangerous
characters from
being passed to
SQL queries
from free text.
S9: Limit
system
access to
approved IP
addresses
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
 Access Control Models





Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Task-Based Access Control (TBAC)
Object-Based Access Control (OBAC)
Role-Based Access Control (RBAC)
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
 Advantages
 Natively fits to Poirot
 Simplifies authorization administration
by assigning permissions to users
through roles
 Can easily handle large numbers of users
 Confirms with job positions within
organization, hence promotes usability.
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
 Model
Permission
Permission assignment
User assignment
User
Role
1
Role
hierarchy
n
n
m
Session
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
 Permission
System
System configuration
Projects
Project Configuration
Artifacts
Read
Write
More…
Security Vulnerabilities and Their Impact upon Poirot
Rose-Based Access Control
 Role
System Administrator
V
Project Manager
V
Common User
Architect
Programmer
QA
…
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 "SQL Injection" is subset of the an
unverified/insanities user input
vulnerability ("buffer overflows" are a
different subset), and the idea is to
convince the application to run SQL
code that was not intended.
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Attack Intent









Identifying injectable parameters
Performing database finger-printing
Determining database schema
Extracting data
Adding or modifying data
Performing denial of service
Evading detection
Bypassing authentication
Executing remote commands
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Example
 Html
 <FORM action=Login method=post>
<input type=hidden name=userid value=[user input]>
 </FORM>
 URL
 http://webserver/login.jsp?userid=[user input]
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Example
 SQL & Code
 SELECT count(*) as count FROM table
WHERE field = ‘[user input]'
 Granted = count > 1 ? True : False
 How about: user input = whatever’ or ‘1’ =
‘1 ?
 The SQL becomes: SELECT count(*) as
count FROM table WHERE field = ‘whatever’
or ‘1’ = ‘1’
 Result: once the table has records, the
Granted will always be true.
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Example
 User input = whatever’; drop table – User input = whatever’; xp_cmdshell(…)
--
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 SQL Injection Types







Tautologies
Illegal/Logically Incorrect Queries
Union Query
Piggy Backed Queries
Stored Procedures
Inference
Alternate Encodings
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Tautologies
 Intent
 Bypassing authentication, extracting data.
 Example
 SELECT accounts FROM users WHERE
login=’’ or 1=1 -- AND pass=’’
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Illegal/Logically Incorrect Queries
 Intent
 Identifying injectable parameters, performing
database finger-printing.
 Example
 SELECT accounts FROM users WHERE login=’’
AND 1 = convert (int,(select top 1 name from
sysobjects where xtype=’u’)) -- AND pass=’’
 Shown Error: ”Microsoft OLE DB Provider for
SQL Server (0x80040E07) Error converting
nvarchar value ’CreditCards’ to a column of data
type int.”
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Stored Procedures
 Intent
 performing denial of service, executing
remote commands...
 Example
 SELECT accounts FROM users WHERE
login=’admin’; SHUTDOWN; -- AND
pass=’’
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Alternate Encodings
 Intent
 Evading detection
 Example
 SELECT accounts FROM users WHERE
login=’legalUser’;
exec(char(0x73687574646f776e)) -- AND
pass=’’
 legalUser == char(0x73687574646f776e)
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Prevention
 Sanitize the input
 Escape the input
 Limit database permissions and
segregate users
 Use stored procedures for database
access
 Configure error reporting
 Using tools
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Second-Order SQL Injection
 Assume that single quote has been
handled
 Replace(“ ’ ”, “ ’’ ”)
 Attacker add a new account:
 Username:admin‘ – Password:password
 Insert SQL:
 insert into users values(123,’admin’’ – ’,’password’)
Security Vulnerabilities and Their Impact upon Poirot
SQL Injection
 Second-Order SQL Injection
 Attacker update password
 Sql = “update users set password = '" +
newpassword + "' where username = '" +
rs.getString("username") + "'"
 update users set password = 'password'
where username='admin‘ -- ‘
 What happen?
Security Vulnerabilities and Their Impact upon Poirot
Other Security Problems

Unauthenticated access
Web Brower
Broker
Poirot Server
MR Service
MR Adapter
Sensitive data
Traceable Data
Artifacts
(XML)
Artifacts
In case tool
Data integrity
Security Vulnerabilities and Their Impact upon Poirot
Reference






Poirot: TraceMaker: A Tool for Dynamically Retrieving
Traceability Links, Xuchang Zou, Chuan Duan, Raffaella
Settimi, Jane Cleland-Huang.
An Extensible Architecture for Enterprise-wide Automated
Requirements Traceability, Jun Lin, Chan Chou Lin, Joseph
Amaya, Massimo Illario, Jane Cleland-Huang,CTIRS, 2006.
Building Secure Software: How to Avoid Security Problems the
Right Way, John Viega, Gary McGraw, Addison-Wesley
The Twenty Most Critical Internet Security Vulnerabilities
(Updated) ~ The Experts Consensus, Version 6.01 November
28, 2005 Copyright (C) 2005, SANS Institute,
http://www.sans.org/top20/
A Classification of SQL Injection Attacks and
Countermeasures, William G.J. Halfond, Jeremy Viegas, and
Alessandro Orso
SQL Injection Attacks by Example, Steve Friedl,
http://www.unixwiz.net/techtips/sql-injection.html
Security Vulnerabilities and Their Impact upon Poirot
Project Plan

Phase 1: Analysis






Initially research into Role-based access control and SQL
injection, 05/29/2006
Make initial presentation, 06/02/2006
Further research into Role-based access control, SQL injection,
and other typical types of security problems, 06/30/2006
Phase 2: Implementation



Design: Class diagrams and sequence diagrams, 07/08/2006
Coding and unit testing, 08/05/2006
Integration testing, 08/10/2006


Write developer Instruction, 08/13/2006
Prepare final presentation, 08/15/2006
Phase 3: Documentation
Completion: 08/15/2006
Security Vulnerabilities and Their Impact upon Poirot
Question?
Security Vulnerabilities and Their Impact upon Poirot
Thanks
Security Vulnerabilities and Their Impact upon Poirot
Related documents
SQL injection attacked
SQL injection attacked
Job Descriptions - Human Resources Department JOB GOAL
Job Descriptions - Human Resources Department JOB GOAL
Business Intelligence and Data Warehousing
Business Intelligence and Data Warehousing
Data Warehouse performance and maintenance
Data Warehouse performance and maintenance
Recruitment Authorisation Form
Recruitment Authorisation Form
mysql> show tables
mysql> show tables
Elements of SQL Data Definition Language
Elements of SQL Data Definition Language
BIS 3204 Database DB Programming
BIS 3204 Database DB Programming
Link to Slides
Link to Slides
Using Power BI with my DBA Database
Using Power BI with my DBA Database
MidRange Concepts - Fox Valley Technical College
MidRange Concepts - Fox Valley Technical College
Database Security - Department of Computer Science
Database Security - Department of Computer Science
Vievu/DVMS
Vievu/DVMS
Introduction to ASP.NET
Introduction to ASP.NET
Analysis of SQL injection prevention using a proxy server
Analysis of SQL injection prevention using a proxy server