Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Sudhakar Govindavajhala
December 3, 2004, 11:27 pm
rate this thread
I am a PhD student at Princeton studying computer security.
I and a colleague are trying to work on automating security analysis.
We want to make sure that we have thought of all the attack patterns.
So we are trying to enumerate the various ways in which an adversary
can compromise a network. Does the comunity have any idea as to what
is a good place to find such information? We are interested in both
the details of some specific attacks and more importantly the high
level ideas as to how attackers proceed from one step to another in a
multi-stage attack. Let us try to give examples so that my question is
- An attacker can compromise root and then replace ssh with a Trojan
Horse that captures the password each user types. Then he uses that
password to login into remote sites and uses a local root
vulnerability in the remote site.
- The attacker takes over the webserver running as user apache. He
learns the kernel version etc. He then introduces a cron job that
polls a website for new attack information. The website tells if there
is a new exploit available for the kernel the server is running. If
yes, the website provides the exploit too. Thus the cron job can wait
till a new exploit is available. If the admin upgrades the webserver,
the adversary can still launch the attack because of the cron job.
The admin will have to clear the cron jobs after every upgrade etc.
Can the community refer us to good places where we can find such
information? We tried to read some books, but they did not have the
information. We are not sure what website is a good place to get the
reviews and high level information. It's easy to find published
details of vulnerabilities in code, but most attacks use a combination
of techniques to acheive their target. We want to make sure that at a
high level we thought of all the issues.
Any ideas are appreciated.
PS: I was re-reading the replies to an old question I asked. Thanks
for useful replies people gave.
On the other hand, I wish fewer people in world had a patronising
attitude. I wonder what makes some people think they are better human
beings than anyone else. Since I cannot control peoples thoughts (for
a good reason), I guess I should resign to the fact that there are
people of all kinds in this world. I should just ignore the existence
of certain lot and interact with the more fun and cheerful lot.
- Ramkumar Chinchani
January 11, 2005, 4:16 pm
Re: Security incidents. Looking for high level reviews etc.
Looks like you are talking about "attack graphs" or some variation
thereof. There has been some recent work by Somesh Jha and Oleg Sheyner
(pls. look up his dissertation), which you may find relevant.
You should also look at tools like Core Impact, Nessus, etc.
Hope this helps.
Sudhakar Govindavajhala wrote:
- » SSRT4878 rev.2 Ignite-UX failed to save /etc/passwd for trusted systems
- — Previous thread in » General Computer Security