Information Technology Reference
In-Depth Information
Security Oracle Based on Tree Kernel Methods
Andrea Avancini and Mariano Ceccato
Fondazione Bruno Kessler
Trento, Italy
Abstract.
The objective of software testing is to stress a program to
reveal programming defects. Security testing is, more specifically, that
branch of testing which aims to reveal defects that could lead to secu-
rity problems. Most of security testing declensions, however, have been
mostly interested in the automatic generation of test cases that “try” to
reveal a vulnerability, rather than assessing if test cases have actually
“managed” to expose security issues.
In this paper, we cope with the latter problem. We investigate on
the feasibility of using tree kernel methods to implement a classifier able
to evaluate if a test case revealed a vulnerability, i.e. a security oracle
for injection attacks. We compare six different variants of tree kernel
methods in terms of their effectiveness in detecting attacks.
1
Introduction
Among the programming defects that threat the reliability of web applications,
those that concern security aspects are probably the most critical. In fact, vul-
nerabilities could be exploited by attackers to block the correct execution of a
business service (denial of service) or to steal sensitive data, such as credit card
numbers or medical records.
According to statistics on open source projects [4], one of the most severe class
of vulnerabilities is Cross-site scripting (XSS for short). An XSS vulnerability is
exploited when input values that contain malicious HTML or JavaScript code
are printed in a web page. As result of the attack, the vulnerable page will
contain the injected code and its content and/or behavior will be controlled by
the attacker.
Security testing is a process intended to spot and verify security vulnerabili-
ties, by showing an instance of input data that exposes the problem. A developer
requested to fix a security defect may take advantage of a security test case to
better understand the issue (vulnerabilities often involve complex mechanics)
and to elaborate a patch. Eventually, a security test may be resorted to assess
if a maintenance task has shown to be resolutive.
There is a number of approaches for security testing of web applications
[18,12,13,9,8,11], which are mainly focused on the test case generation phase,
while the problem of verifying if a test case actually exploits a vulnerability has
given a marginal importance. In fact, checking if a test case has been able to ex-
ploit a vulnerability is either addressed by manual filtering [18] or in a way that
Search WWH ::
Custom Search