Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis...
Transcript of Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis...
![Page 1: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/1.jpg)
Vulnerability Analysis TaxonomyVulnerability Analysis Taxonomy
Achieving completeness in a systematic Achieving completeness in a systematic
wayway
Javier Javier TallTallóónn GuerriGuerri
10ICCC 10ICCC -- NorwayNorway
![Page 2: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/2.jpg)
2
1.Vulnerability Analysis according to CEM
2.Pieces for a correct vulnerability analysis
1.Attack Patterns
2.Systematic and repeatable
methodology
3.Example
4.Lessons learned
![Page 3: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/3.jpg)
3
1.Vulnerability Analysis according to CEM
2.Pieces for a correct vulnerability analysis
1.Attack Patterns
2.Systematic and repeatable
methodology
3.Example
4.Lessons learned
![Page 4: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/4.jpg)
4
1. Vulnerability Analysis according to CEM
The evaluator vulnerability analysis is to determine that the TOE is resistant to penetration attacks performed by an attacker possessing a Basic (for AVA_VAN.1 and AVA_VAN.2), Enhanced‐Basic (for AVA_VAN.3), Moderate (for AVA_VAN.4) or High (for AVA_VAN.5) attack potential.
Independent vulnerability analysis should consider generic potential vulnerabilities under each of the following headings
• Bypassing• Tampering• Direct attacks• Monitoring• Misuse
![Page 5: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/5.jpg)
5
1. Vulnerability Analisys according to CEM
Due to the generic nature of the Common Criteria, this classification is too abstract and does not help to achieve the required completeness to the evaluator’s work.
CEM classification is useless by itself
![Page 6: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/6.jpg)
From AVA_VAN.4, vulnerability analysis should be METHODICAL: “This method requires the evaluator to specify the structure and form the analysis will take”
CEM ask for a methodical analysis but does not provide any method. Every method would be acceptable
6
1. Vulnerability Analisys according to CEM
![Page 7: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/7.jpg)
7
1. Vulnerability Analisys according to CEM
Very genericvulnerability classification + Undefined
methodology = Poor Vulnerability
Analisys
![Page 8: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/8.jpg)
8
1.Vulnerability Analysis according to CEM
2.Pieces for a correct vulnerability analysis
1.Attack Patterns
2.Systematic and repeatable
methodology
3.Example
4.Lessons learned
![Page 9: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/9.jpg)
9
2. Pieces for a correct Vulnerability Analysis
Here is the question…
How to achieve completeness in a systematic way?
We will focus in software assessment
![Page 10: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/10.jpg)
10
1.Vulnerability Analysis according to CEM
2.Pieces for a correct vulnerability analysis
1.Attack Patterns
2.Systematic and repeatable
methodology
3.Example
4.Lessons learned
![Page 11: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/11.jpg)
11
2.1 Attack Patterns
Thinking like bad guys
Very genericvulnerability classification Vs Attack Patterns
![Page 12: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/12.jpg)
12
Attack Pattern: an attack pattern describes the approach used by attackers to generate an exploit against software.
For example: MITRE provides CAPEC (Common Attack Pattern Enumeration and Classification)
2.1 Attack Patterns
![Page 13: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/13.jpg)
13
2.1 Attack Patterns
![Page 14: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/14.jpg)
14
CAPEC provides a free collection of attack patterns
CAPEC is not the panacea
Each lab should manage its own attack pattern collection
2.1 Attack Patterns
![Page 15: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/15.jpg)
15
AttackPatterns
Lab Know How
Streetwork
2.1 Attack Patterns
![Page 16: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/16.jpg)
16
1.Vulnerability Analysis according to CEM
2.Pieces for a correct vulnerability analysis
1.Attack Patterns
2.Systematic and repeatable
methodology
3.Example
4.Lessons learned
![Page 17: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/17.jpg)
17
2.2 Systematic and Repeatable Methodology
UndefinedMethodology Vs Systematic and
RepeatableMethodology
![Page 18: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/18.jpg)
Systematic andRepeatable
Methodology
Attack Patterns x Vulnerability
Analysismethod
Penetration testing agenda
+
LabT & T
=
xLab
Know HowBespokeLab Tools+
AGD ALC ATEADV_ARCADV_TDS
Misuse Deliv. Vuln. Malfunction
ASE_SPD
Attack Path
DisassemblersDebuggers
Forensic analysisVulnerability scanners
![Page 19: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/19.jpg)
19
Attack Patterns x Vulnerability
Analysismethod
Penetration testing agenda
LabT & Tx
2.2 Systematic and Repeatable Methodology
![Page 20: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/20.jpg)
20
Attack Patterns x Vulnerability
Analysismethod
Penetration testing agenda
LabT & Tx
2.2 Systematic and Repeatable Methodology
![Page 21: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/21.jpg)
21
ASE
ADV
AGD
ATE
ALC
AVA
2.2 Systematic and Repeatable Methodology
![Page 22: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/22.jpg)
22
VulnerabilityAnalysismethod
AGD ALC ATE ADV_ARCADV_TDS
Misuse Deliv. Vuln. Malfunction
ASE_SPD
Attack Flow
2.2 Systematic and Repeatable Methodology
![Page 23: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/23.jpg)
23
Attack Patterns x Vulnerability
Analysismethod
Penetration testing agenda
LabT & Tx
2.2 Systematic and Repeatable Methodology
![Page 24: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/24.jpg)
24
Lab T&T DisassemblersDebuggers
“Forensic analysis” techniques
Vulnerability scanners
2.2 Systematic and Repeatable Methodology
![Page 25: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/25.jpg)
25
Attack Patterns x Vulnerability
Analysismethod
Penetration testing agenda
LabT & Tx
2.2 Systematic and Repeatable Methodology
![Page 26: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/26.jpg)
26
Attack Patterns x Vulnerability
Analysismethod
Penetration testing agenda
+
LabT & TxLab
Know How
BespokeLab
Tools+
2.2 Systematic and Repeatable Methodology
![Page 27: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/27.jpg)
27
Attack Patterns x Vulnerability
Analysismethod
Penetration testing agenda
+
LabT & TxLab
Know How
BespokeLab
Tools+
2.2 Systematic and Repeatable Methodology
![Page 28: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/28.jpg)
Systematic andRepeatable
Methodology
Attack Patterns x Vulnerability
Analysismethod
Penetration testing agenda
+
LabT & T
=
xLab
Know HowBespokeLab Tools+
AGD ALC ATEADV_ARCADV_TDS
Misuse Deliv. Vuln. Malfunction
ASE_SPD
Attack Path
DisassemblersDebuggers
Forensic analysisVulnerability scanners
![Page 29: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/29.jpg)
29
1.Vulnerability Analysis according to CEM
2.Pieces for a correct vulnerability analysis
1.Attack Patterns
2.Systematic and repeatable
methodology
3.Example
4.Lessons learned
![Page 30: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/30.jpg)
30
3. Example
WebService
AccessControlModule
XMLParser
ResourceDatabase
AuthDatabase
SQL
SQL
TOE
XML Network
![Page 31: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/31.jpg)
31
WebService
AccessControlModule
XMLParser
ResourceDatabase
AuthDatabase
SQL
SQL
TOE
XML
Sniffing AttacksMan in the Middle
Denial of Service through Resource Depletion
Network
3. Example
![Page 32: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/32.jpg)
32
WebService
AccessControlModule
XMLParser
ResourceDatabase
AuthDatabase
SQL
SQL
TOE
XML
Detect Unpublicized Web ServicesWeb Services Protocol Manipulation
Network
3. Example
![Page 33: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/33.jpg)
33
WebService
AccessControlModule
XMLParser
ResourceDatabase
AuthDatabase
SQL
SQL
TOE
XML
Oversized Payloads Sent to XML ParsersXML Ping of DeathXML Injection
XML Routing Detour AttacksXEE (XML Entity Expansion)XML Attribute Blowup Recursive Payloads Sent to XML Parsers
XML Schema Poisoning
Network
3. Example
![Page 34: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/34.jpg)
34
WebService
AccessControlModule
XMLParser
ResourceDatabase
AuthDatabase
SQL
SQL
TOE
XML
Password Brute ForcingTry Common (default) Usernames and PasswordsDictionary-based Password Attack
Authentication BypassAuthentication AbuseReflection Attack in Authentication ProtocolExploitation of Session Variables, Resource IDs and other Trusted Credentials
Network
3. Example
![Page 35: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/35.jpg)
35
WebService
AccessControlModule
XMLParser
ResourceDatabase
AuthDatabase
SQL
SQL
TOE
XML
SQL InjectionBlind SQL Injection
Network
3. Example
![Page 36: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/36.jpg)
36
1.Vulnerability Analysis according to CEM
2.Pieces for a correct vulnerability analysis
1.Attack Patterns
2.Systematic and repeatable
methodology
3.Example
4.Lessons learned
![Page 37: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/37.jpg)
37
4. Lessons learned
Attack Patterns + Systematic andRepeatable
Methodology = Wonderful Vulnerability
Analysis
CreativityMotivation
![Page 38: Vulnerability Analysis Taxonomy - Your Creative Solutions€¦ · 1. Vulnerability Analysis according to CEM The evaluator vulnerability analysis is to determine that the TOE is resistant](https://reader034.fdocuments.us/reader034/viewer/2022051901/5fefb798c00f0829f51bfd43/html5/thumbnails/38.jpg)
38
Thanks for your attention!
Javier Tallón
Epoche & Espri, S.L.
Avda. de la Vega, 1
28108, Alcobendas,
Madrid, Spain.