Mutation-based testing of buffer overflows, SQL injections, and format string bugs

Shahriar, Hossain

20 August 2008

Testing is an indispensable mechanism for assuring software quality. One of the key issues in testing is to obtain a test data set that is able to effectively test an implementation. An adequate test data set consists of test cases that can expose faults in a software implementation. Mutation-based testing can be employed to obtain adequate test data sets, and numerous mutation operators have been proposed to date to measure the adequacy of test data sets that reveal functional faults. However, implementations that pass functionality tests are still vulnerable to malicious attacks. Despite the rigorous use of various existing testing techniques, many vulnerabilities are discovered after the deployment of software implementations, such as buffer overflows (BOF), SQL injections, and format string bugs (FSB). Successful exploitations of these vulnerabilities may result in severe consequences such as denial of services, application state corruptions, and information leakage. Many approaches have been proposed to detect these vulnerabilities. Unfortunately, very few approaches address the issue of testing implementations against vulnerabilities. Moreover, these approaches do not provide an indication whether a test data set is adequate for vulnerability testing or not. We believe that bringing the idea of traditional functional test adequacy to vulnerability testing can help address the issue of test adequacy. In this thesis, we apply the idea of mutation-based adequate testing to perform vulnerability testing of buffer overflows, SQL injections, and format string bugs. We propose mutation operators to force the generation of adequate test data sets for these vulnerabilities. The operators mutate source code to inject the vulnerabilities in the library function calls and unsafe implementation language elements. The mutants generated by the operators are killed by test cases that expose these vulnerabilities. We propose distinguishing or killing criteria for mutants that consider varying symptoms of exploitations. Three prototype tools are developed to automatically generate mutants and perform mutation analysis with input test cases and the effectiveness of the proposed operators is evaluated on several open source programs containing known vulnerabilities. The results indicate that the proposed operators are effective for testing the vulnerabilities, and the mutation-based vulnerability testing process ensures the quality of the applications against these vulnerabilities. / Thesis (Master, Computing) -- Queen's University, 2008-08-18 13:53:04.036

Vulnerability testing

Buffer overflow

SQL injection

Format string bug

Test adequacy

DESERVE: A FRAMEWORK FOR DETECTING PROGRAM SECURITY VULNERABILITY EXPLOITATIONS

MOHOSINA, AMATUL

20 September 2011

It is difficult to develop a program that is completely free from vulnerabilities. Despite the applications of many approaches to secure programs, vulnerability exploitations occur in real world in large numbers. Exploitations of vulnerabilities may corrupt memory spaces and program states, lead to denial of services and authorization bypassing, provide attackers the access to authorization information, and leak sensitive information. Monitoring at the program code level can be a way of vulnerability exploitation detection at runtime. In this work, we propose a monitor embedding framework DESERVE (a framework for DEtecting program SEcuRity Vulnerability Exploitations). DESERVE identifies exploitable statements from source code based on static backward slicing and embeds necessary code to detect attacks. During the deployment stage, the enhanced programs execute exploitable statements in a separate test environment. Unlike traditional monitors that extract and store program state information to compare with vulnerable free program states to detect exploitation, our approach does not need to save state information. Moreover, the slicing technique allows us to avoid the tracking of fine grained level of information about runtime program environments such as input flow and memory state. We implement DESERVE for detecting buffer overflow, SQL injection, and cross-site scripting attacks. We evaluate our approach for real world programs implemented in C and PHP languages. The results show that the approach can detect some of the well-known attacks. Moreover, the approach imposes negligible runtime overhead. / Thesis (Master, Electrical & Computer Engineering) -- Queen's University, 2011-09-19 19:04:28.423

cross-site scripting

buffer overflow

software engineering

vulnerability monitor

software security

runtime testing

sql injection

Subtropical to Subpolar Lagrangian Pathways in the North Atlantic and Their Impact on High Latitude Property Fields

Burkholder, Kristin Cashman

January 2011

<p>In response to the differential heating of the earth, atmospheric and oceanic flows constantly act to carry surplus energy from low to high latitudes. In the ocean, this poleward energy flux occurs as part of the large scale meridional overturning circulation: warm, shallow waters are transported to high latitudes where they cool and sink, then follow subsurface pathways equatorward until they are once again upwelled to the surface and reheated. In the North Atlantic, the upper limb of this circulation has always been explained in simplistic terms: the Gulf Stream/North Atlantic Current system carries surface waters directly to high latitudes, resulting in elevated sea surface temperatures in the eastern subpolar gyre, and, because the prevailing winds sweeping across the Atlantic are warmed by these waters, anomalously warm temperatures in Western Europe. This view has long been supported by Eulerian measurements of North Atlantic sea surface temperature and surface velocities, which imply a direct and continuous transport of surface waters between the two gyres. However, though the importance of this redistribution of heat from low to high latitudes has been broadly recognized, few studies have focused on this transport within the Lagrangian frame. </p><p>The three studies included in this dissertation use data from the observational record and from a high resolution model of ocean circulation to re-examine our understanding of upper limb transport between the subtropical and subpolar gyres. Specifically, each chapter explores intergyre Lagrangian pathways and investigates the impact of those pathways on subpolar property fields. The findings from the studies suggest that intergyre transport pathways are primarily located beneath the surface and that subtropical surface waters are largely absent from the intergyre exchange process, a very different image of intergyre transport than that compiled from Eulerian data alone. As such, these studies also highlight the importance of including 3d Lagrangian information in examinations of transport pathways.</p> / Dissertation

Physical Oceanography

Gulf Stream

Lagrangian pathways

Large scale circulation

Mediterranean Overflow Waters

Pathway variability

Detecting and characterising malicious executable payloads

Andersson, Stig

January 2009

Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.

Knowledge Curation in a Developer Community: A Study of Stack Overflow and Mailing Lists

Gomez Teshima, Carlos Arturo

05 January 2016

Media channels play an important role in the flow, construction, and curation of knowledge in software development. Understanding how developers use media channels is key to improving developer practices and supporting channel evolution. In this thesis, I investigate the way developers use media channels to curate knowledge within the R software development community. By applying a case study methodology consisting of mining archival data and survey methods, I investigate the R community on Stack Overflow and the R-help mailing list, using a qualitative approach. The findings reveal that Stack Overflow and mailing lists foster knowledge co-construction differently---crowd-sourced and participatory respectively. Furthermore, developers use actively both channels to optimize knowledge exchange and curation. My thesis contributes to the understanding of knowledge curation by developer communities, and describes a model for a systematic comparison of two or more media channels, within a community of practice. This model allows knowledge categorization and can be used in future studies to explore knowledge flow within multiple media channels. Moreover, based on my observations in conjunction with the survey data analysis, I extracted a set of recommendations to assist practitioners in the use of multiple Question and Answer (Q&A) channels. / Graduate

Media channel

Stack Overflow

Mailing list

Curation

Data Mining

Case Study

Redução de congestionamento em roteamento global de circuitos VLSI / Techniques to reduce overflow in VLSI global routing phase

Nunes, Leandro de Morais

January 2013

O Roteamento Global é responsável pelo planejamento da distribuição dos meios de interconexão dentro da área do circuito. Dentro da fase do projeto de circuitos conhecida como Síntese Física, essa fase situa-se após a etapa de posicionamento, que define uma posição exata para cada célula do circuito, e antes da etapa de roteamento detalhado que irá definir uma posição para cada meio de interconexão. Os roteadores globais utilizam uma versão abstrata e simplificada do circuito, que agrega uma região e toda a capacidade de fios que esta região comporta, trabalhando com o planejamento dessas capacidades em relação a demanda de interconexão entre as células do circuito. Este trabalho, apresenta um conjunto de técnicas para delimitação e tratamento de áreas que possuem alta demanda por meios de interconexão em circuitos VLSI. As técnicas são aplicadas em duas fases do fluxo de rotamento global: a primeira é executada na fase de pré-roteamento, onde são identificadas as regiões que possuem alta demanda por interconexão, isto é, são destino ou origem de um número elevado fios em relação a sua capacidade de alocar meios de interconexão; a segunda etapa ocorre dentro da fase de roteamento iterativo, identificando e protegendo aquelas que regiões que possuem os níveis mais elevados de congestionamento. Para avaliar os impactos da aplicação das técnicas propostas, foi feita a implementação em um fluxo de roteamento global existente. A avaliação foi partir da extração de quatro métricas de roteamento global comumente utilizadas na literatura de síntese física, para análise de roteamento global: comprimento dos fios, valor total de congestionamento, máximo congestionamento de aresta e tempo de execução. A partir da execução de experimentos utilizando as técnicas, foi possível verificar ganhos de até 11% em redução do congestionamento total no circuito, em benchmarks para os quais ainda não se tem soluções válidas na literatura. Os tempos de execução obtiveram um redução de até 35%, quando comparados com a implementação usada como referência para aplicação das técnicas, o roteador GR-WL. Um dos efeitos colaterais da aplicação de técnicas de calibração de custos é o aumento do comprimento médio dos fios. Os resultados dos experimentos mostram que as técnicas propostas conseguem reduzir este efeito colateral para, no máximo, 1.39% de acordo com os benchmarks executados. / Global routing phase is responsible for the interconnect planning and distribution across the circuit area. During the integrated circuit project flow, the global routing is contained in the Physical Synthesis, after the placement, that is when the position of all circuit cells are defined, and before the detailed routing, when the position of all interonnection wires is realized. A simplified and abstrate version of the circuit routing area is used by the global router, that will agregate in a single vertex, an specific region of the circuit, that represents a bunch of interconnection with their total capacity. This work presents a set of techniques to delimit and threat areas that have high interconnection demand in VLSI circuits. These techniques are applied in two steps of the global routing flow: the first is executed during the initial routing, where the high interconnection demanding regions are identified. the second step is executed during the iterative routing, where the top offender regions are identified and heva their costs pre-allocated. In order to evaluate the impact of the proposed techniques, they are implemented in an existing global routing flow, and four metrics are collected: total wirelenght, execution time, total overflow and maximum overflow. Tha last two metrics will be different from zero just for the circuits that not have a valid solution. After the execution of the experiments it was possible to verify a reduction up to 11% in wirelenght, in some benchmarks that the literature do no have a valid solution. Furthermore, it was possible to verify a reduction up to 35% in the execution time, when compared to the reference implementation. Once we are including constraints in form of cost pre-allocation, it is possible to verify an wirelength increase in some cases. In this work, it was possible to observe a small presence of these side-effects, up to 1.39%, according to the executed benchmarks.

Microeletrônica

Vlsi : Circuitos integrados : Eletronica

Microeletrônica

Global routing

Overflow reduction

Physical systesis

Computer aided design tools

Uma ferramenta multiplataforma para prevenção de buffer overflow / A Multiplatform tool to prevent buffer overflows

Mello, Paulo Estima

January 2009

Este trabalho apresenta um método para prevenir as vulnerabilidades causadas por erros de programação insegura que, normalmente, é resultado da solução de um problema proposto ou do desenvolvimento de funcionalidade sem levar em consideração a segurança do sistema como um todo. Os erros de programação (no contexto da segurança de um sistema e não apenas da sua funcionalidade) são normalmente frutos da ignorância do programador sobre as vulnerabilidades apresentadas pelas suas ferramentas para construção de programas. O estado da arte é brevemente apresentado demonstrando as soluções atuais em termos de proteção contra ataques de buffer overflow baseado em pilha. Soluções em tempo de compilação e pós-compilação por parte do sistema operacional são as mais comuns. Neste escopo é demonstrada a solução proposta por um protótipo funcional que valida o modelo para uma série de aplicações em duas plataformas diferentes (Windows e Linux). A solução converge a instrumentação de aplicações com o uso de um repositório de endereços de retorno para prevenir o retorno de funções a endereços não legalmente especificados. Testes do protótipo foram realizados em ambas as plataformas e mostraram a eficácia do protótipo prevenindo falhas em casos reais de buffer overflow baseado em pilha. / This paper presents a method to prevent the vulnerabilities caused by insecure programming which, usually, is an outcome of taking into account only the solution of a proposed problem or the development of new functionalities disregarding security on development of the system as a whole. The programming mistakes (in the context of the system security despite the system's functionality) are usually a result of the unawareness of the programmed about the vulnerabilities contained on the tools they use to develop software. The state of the art is briefly presented showing the current solutions related to preventing buffer overflows based on stack. Both compile time and post-compilation solutions (usually as part of the operating system) are the most widely used. In this work the proposed solution is demonstrated by a functional prototype which validates the model for a set of applications in two different platforms (Windows and Linux). The solution converges process instrumentation with a return address repository to prevent a function from returning to an address not legally specified. Testes of the prototype were performed in both platforms previously mentioned and have proved the correctness of the prototype by actually preventing exploitation on real case scenarios of real world applications.

Seguranca : Computadores

Tolerancia : Falhas : Software

Security

Instrumentation

Buffer overflow

Programming error

Redução de congestionamento em roteamento global de circuitos VLSI / Techniques to reduce overflow in VLSI global routing phase

Nunes, Leandro de Morais

January 2013

O Roteamento Global é responsável pelo planejamento da distribuição dos meios de interconexão dentro da área do circuito. Dentro da fase do projeto de circuitos conhecida como Síntese Física, essa fase situa-se após a etapa de posicionamento, que define uma posição exata para cada célula do circuito, e antes da etapa de roteamento detalhado que irá definir uma posição para cada meio de interconexão. Os roteadores globais utilizam uma versão abstrata e simplificada do circuito, que agrega uma região e toda a capacidade de fios que esta região comporta, trabalhando com o planejamento dessas capacidades em relação a demanda de interconexão entre as células do circuito. Este trabalho, apresenta um conjunto de técnicas para delimitação e tratamento de áreas que possuem alta demanda por meios de interconexão em circuitos VLSI. As técnicas são aplicadas em duas fases do fluxo de rotamento global: a primeira é executada na fase de pré-roteamento, onde são identificadas as regiões que possuem alta demanda por interconexão, isto é, são destino ou origem de um número elevado fios em relação a sua capacidade de alocar meios de interconexão; a segunda etapa ocorre dentro da fase de roteamento iterativo, identificando e protegendo aquelas que regiões que possuem os níveis mais elevados de congestionamento. Para avaliar os impactos da aplicação das técnicas propostas, foi feita a implementação em um fluxo de roteamento global existente. A avaliação foi partir da extração de quatro métricas de roteamento global comumente utilizadas na literatura de síntese física, para análise de roteamento global: comprimento dos fios, valor total de congestionamento, máximo congestionamento de aresta e tempo de execução. A partir da execução de experimentos utilizando as técnicas, foi possível verificar ganhos de até 11% em redução do congestionamento total no circuito, em benchmarks para os quais ainda não se tem soluções válidas na literatura. Os tempos de execução obtiveram um redução de até 35%, quando comparados com a implementação usada como referência para aplicação das técnicas, o roteador GR-WL. Um dos efeitos colaterais da aplicação de técnicas de calibração de custos é o aumento do comprimento médio dos fios. Os resultados dos experimentos mostram que as técnicas propostas conseguem reduzir este efeito colateral para, no máximo, 1.39% de acordo com os benchmarks executados. / Global routing phase is responsible for the interconnect planning and distribution across the circuit area. During the integrated circuit project flow, the global routing is contained in the Physical Synthesis, after the placement, that is when the position of all circuit cells are defined, and before the detailed routing, when the position of all interonnection wires is realized. A simplified and abstrate version of the circuit routing area is used by the global router, that will agregate in a single vertex, an specific region of the circuit, that represents a bunch of interconnection with their total capacity. This work presents a set of techniques to delimit and threat areas that have high interconnection demand in VLSI circuits. These techniques are applied in two steps of the global routing flow: the first is executed during the initial routing, where the high interconnection demanding regions are identified. the second step is executed during the iterative routing, where the top offender regions are identified and heva their costs pre-allocated. In order to evaluate the impact of the proposed techniques, they are implemented in an existing global routing flow, and four metrics are collected: total wirelenght, execution time, total overflow and maximum overflow. Tha last two metrics will be different from zero just for the circuits that not have a valid solution. After the execution of the experiments it was possible to verify a reduction up to 11% in wirelenght, in some benchmarks that the literature do no have a valid solution. Furthermore, it was possible to verify a reduction up to 35% in the execution time, when compared to the reference implementation. Once we are including constraints in form of cost pre-allocation, it is possible to verify an wirelength increase in some cases. In this work, it was possible to observe a small presence of these side-effects, up to 1.39%, according to the executed benchmarks.

Microeletrônica

Vlsi : Circuitos integrados : Eletronica

Microeletrônica

Global routing

Overflow reduction

Physical systesis

Computer aided design tools

Uma ferramenta multiplataforma para prevenção de buffer overflow / A Multiplatform tool to prevent buffer overflows

Mello, Paulo Estima

January 2009

Este trabalho apresenta um método para prevenir as vulnerabilidades causadas por erros de programação insegura que, normalmente, é resultado da solução de um problema proposto ou do desenvolvimento de funcionalidade sem levar em consideração a segurança do sistema como um todo. Os erros de programação (no contexto da segurança de um sistema e não apenas da sua funcionalidade) são normalmente frutos da ignorância do programador sobre as vulnerabilidades apresentadas pelas suas ferramentas para construção de programas. O estado da arte é brevemente apresentado demonstrando as soluções atuais em termos de proteção contra ataques de buffer overflow baseado em pilha. Soluções em tempo de compilação e pós-compilação por parte do sistema operacional são as mais comuns. Neste escopo é demonstrada a solução proposta por um protótipo funcional que valida o modelo para uma série de aplicações em duas plataformas diferentes (Windows e Linux). A solução converge a instrumentação de aplicações com o uso de um repositório de endereços de retorno para prevenir o retorno de funções a endereços não legalmente especificados. Testes do protótipo foram realizados em ambas as plataformas e mostraram a eficácia do protótipo prevenindo falhas em casos reais de buffer overflow baseado em pilha. / This paper presents a method to prevent the vulnerabilities caused by insecure programming which, usually, is an outcome of taking into account only the solution of a proposed problem or the development of new functionalities disregarding security on development of the system as a whole. The programming mistakes (in the context of the system security despite the system's functionality) are usually a result of the unawareness of the programmed about the vulnerabilities contained on the tools they use to develop software. The state of the art is briefly presented showing the current solutions related to preventing buffer overflows based on stack. Both compile time and post-compilation solutions (usually as part of the operating system) are the most widely used. In this work the proposed solution is demonstrated by a functional prototype which validates the model for a set of applications in two different platforms (Windows and Linux). The solution converges process instrumentation with a return address repository to prevent a function from returning to an address not legally specified. Testes of the prototype were performed in both platforms previously mentioned and have proved the correctness of the prototype by actually preventing exploitation on real case scenarios of real world applications.

Seguranca : Computadores

Tolerancia : Falhas : Software

Security

Instrumentation

Buffer overflow

Programming error

O crescimento econômico dos municípios do aglomerado produtivo de confecções do agreste pernambucano : uma análise dos resultados da atividade de confecções no período de 1991-2010

CORDEIRO, Maria Eliane Lemos Alves

20 February 2015

Submitted by (edna.saturno@ufrpe.br) on 2016-07-07T16:22:36Z No. of bitstreams: 1 Maria Eliane Lemos Alves Cordeiro.pdf: 4732896 bytes, checksum: a6ee0449834ff01c52830c115d58c9a1 (MD5) / Made available in DSpace on 2016-07-07T16:22:36Z (GMT). No. of bitstreams: 1 Maria Eliane Lemos Alves Cordeiro.pdf: 4732896 bytes, checksum: a6ee0449834ff01c52830c115d58c9a1 (MD5) Previous issue date: 2015-02-20 / The aim of this study was to describe and analyze the economic growth of the cities that are part of the Clothing Cluster in Agreste of Pernambuco, between in 1991-2010. As a basic theoretical support it was used the concepts of the New Economic Geography (Fujita, Krugman and Venables 2002). The analyzes were based on the variables: Population Growth, GDP growth, Total Employment, Average Income Employment, Making up Employment and Average Income of Making Up. The database used was formed from the microdata of the Demographic Census 1991, 2000 and 2010, the Brazilian Institute of Geography and Statistics - IBGE. Only the information about the GDP growth and population were collected directly in IPEADATA site (2014). The results suggest that in the three main cities that make up the core of the ACAP (Caruaru, Santa Cruz and Toritama), there was population and economic and job creation growth. These conditions overpassed to other cities around radiating economic growth in the region, featuring spillover effect. / O objetivo do presente trabalho foi descrever e analisar o crescimento econômico dos municípios que fazem parte do Aglomerado de Confecções do Agreste Pernambucano, no período de 1991-2010. Utilizaram-se como aporte teórico básico os conceitos da Nova Geografia Econômica (FUJITA, KRUGMAN e VENABLES, 2002). As análises foram feitas com base nas variáveis: Crescimento Populacional, Crescimento do PIB, do Emprego Total, da Renda Média do Emprego, do Emprego da Confecção e da Renda Média da Confecção. A base de dados utilizada foi formada a partir da utilização, principalmente, dos microdados dos Censos Demográficos de 1991, 2000 e 2010, do Instituto Brasileiro de Geografia e Estatística - IBGE. Apenas as informações à cerca do crescimento do PIB e da População foram coletadas diretamente no site do IPEADATA (2014). Os resultados sugerem que nos três principais municípios que compõem o núcleo do ACAP (Caruaru, Santa Cruz e Toritama), houve crescimento populacional, econômico e geração de emprego. Essas condições perpassaram para os demais municípios do entorno irradiando crescimento econômico na região, o que caracteriza o efeito transbordamento.

Crescimento econômico

Aglomeração produtiva

Economic growth

Productive cluster

Effect overflow

OUTROS::ADMINISTRACAO RURAL