A Formal Approach to Robustness Testing of Network Protocol
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
A model-based attack injection approach for security validation
Proceedings of the 4th international conference on Security of information and networks
CRUTIAL: the blueprint of a reference critical information infrastructure architecture
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Hi-index | 0.01 |
Due to our increasing reliance on computer systems, security incidents and their causes are important problems that need to be addressed. To contribute to this objective, the paper describes a new tool for the discovery of security vulnerabilities on network connected servers. The AJECT tool uses a speci-cation of the server's communication protocol to automatically generate a large number of attacks accordingly to some prede-ned test classes. Then, while it performs these attacks through the network, it monitors the behavior of the server both from a client perspective and inside the target machine. The observation of an incorrect behavior indicates a successful attack and the potential existence of a vulnerability. To demonstrate the usefulness of this approach, a considerable number of experiments were carried out with several IMAP servers. The results show that AJECT can discover several kinds of vulnerabilities, including a previously unknown vulnerability.