Integrity Verification of Applications on RADIUM Architecture Page: 13
vii, 44 pages : color illustrationsView a full description of this thesis.
Extracted Text
The following text was automatically extracted from the image on this page using optical character recognition software:
invariants for the applications to do bug detection and integrity analysis, while the applica-
tions are exploited with shell code to gain root privileges. These applications have known
vulnerabilities [2] [3] [1], which I exploited by using publicly available exploit programs from
[8], [7] and [32]. Invariants were collected when the application was running under normal
execution and when they were being exploited. I compared the results to confirm attacks on
the applications. Various use cases and possible executions corresponding to these use cases
TABLE 2.2. Instances and Invariant Count for Prozilla and Ghttpd
Instance
Application Use case Vulnerability No. of Invariants
Count
HTTP file download 6 Stack overflow 18
Prozilla 1.3.7
FTP file download 4 Format String 8
Ghttpd 1.4 Web Page access 4 Buffer overflow 12
are tabulated in Table 2.2. The use case details are determined from their documentation.
I collected invariants for these use cases with some possible configurations and situations.
These cases are: limited bandwidth, single thread, different port and interrupted download.
Number of invariants obtained for the tested vulnerabilities are also presented in Table 2.2.
Daikon can be customized to produce invariants for specific function calls, variables, and
types of invariants. A complete list of options can be found in the Daikon user manual [14].
Constant invariant and equality invariant are of interest to me, which were used for detection
of the simulated attacks. I also selected vulnerable functions (ex: message() in Prozilla) and
produced limited number of invariants, so their analysis and runtime verification would be
less tedious and efficient.
Structural constraints are programming rule-based in nature, so data invariants ob-
tained by Daikon are not helpful in detecting attacks that violate structural constraints.
The canary values were introduced in functions as local variables and assigned to them with
global canary value. The global canary has to satisfy "constant" invariant and local ca-
naries have to satisfy "equality" invariant. I have analyzed the source code by debugging it13
Upcoming Pages
Here’s what’s next.
Search Inside
This thesis can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Thesis.
Tarigopula, Mohan Krishna. Integrity Verification of Applications on RADIUM Architecture, thesis, August 2015; Denton, Texas. (https://digital.library.unt.edu/ark:/67531/metadc804915/m1/21/: accessed July 17, 2024), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu; .