Page 1. Informatica 26 (2002) 191-203 191 Trojan Horse Attacks on Software for Electronic Signatu... more Page 1. Informatica 26 (2002) 191-203 191 Trojan Horse Attacks on Software for Electronic Signatures Adrian Spalka, Armin B. Cremers and Hanno Langweg Department of Computer Science III, University of Bonn Roemerstrasse ...
We compared vulnerable and fixed versions of the source code of 50 different PHP open source proj... more We compared vulnerable and fixed versions of the source code of 50 different PHP open source projects based on CVE reports for SQL injection vulnerabilities. We scanned the source code with commercial and open source tools for static code analysis. Our results show that five current state-of-the-art tools have issues correctly marking vulnerable and safe code. We identify 25 code patterns that are not detected as a vulnerability by at least one of the tools and 6 code patterns that are mistakenly reported as a vulnerability that cannot be confirmed by manual code inspection. Knowledge of the patterns could help vendors of static code analysis tools, and software developers could be instructed to avoid patterns that confuse automated tools
We present source code patterns that are difficult for modern static code analysis tools. Our stu... more We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers.
To get a better understanding of Cross Site Scripting vulnerabilities, we investigated 50 randoml... more To get a better understanding of Cross Site Scripting vulnerabilities, we investigated 50 randomly selected CVE reports which are related to open source projects. The vulnerable and patched source code was manually reviewed to find out what kind of source code patterns were used. Source code pattern categories were found for sources, concatenations, sinks, html context and fixes. Our resulting categories are compared to categories from CWE. A source code sample which might have led developers to believe that the data was already sanitized is described in detail. For the different html context categories, the necessary Cross Site Scripting prevention mechanisms are described
We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code ... more We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer’s point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.
There exist liberal goals of a network system’s use for which strong technologies are advocated. ... more There exist liberal goals of a network system’s use for which strong technologies are advocated. However, these technologies may favour only those who employ them and hence shift power compared to how people act and do business today. This encourages the deprived to also look for stronger technology to promote their position. In this technological ‘arms race’ both sides omit the equivalent of safety valves, raising stakes and reducing ways for compromise. We discuss this in the context of privacy, use of copyrighted material, and hacking of computer systems.
2017 IEEE Conference on Communications and Network Security (CNS), 2017
We present an analysis of how to determine security requirements for software that controls routi... more We present an analysis of how to determine security requirements for software that controls routing decisions in the distribution of discrete physical goods. Requirements are derived from stakeholder interests and threat scenarios. Three deployment scenarios are discussed: cloud and hybrid deployment as well as on-premise installation for legacy sites.
We compared vulnerable and fixed versions of the source code of 50 different PHP open source proj... more We compared vulnerable and fixed versions of the source code of 50 different PHP open source projects based on CVE reports for SQL injection vulnerabilities. We scanned the source code with commercial and open source tools for static code analysis. Our results show that five current state-of-the-art tools have issues correctly marking vulnerable and safe code. We identify 25 code patterns that are not detected as a vulnerability by at least one of the tools and 6 code patterns that are mistakenly reported as a vulnerability that cannot be confirmed by manual code inspection. Knowledge of the patterns could help vendors of static code analysis tools, and software developers could be instructed to avoid patterns that confuse automated tools.
Client computers are often a weak link in a technical network infrastructure. Increasing the secu... more Client computers are often a weak link in a technical network infrastructure. Increasing the security of client systems and applications against malicious software attacks increases the security of the network as a whole. Our work solves integrity and authenticity of input, confidentiality, integrity and authenticity of output. We present components to integrate a trusted path into an application to directly communicate with a user at a personal computer. This allows security sensitive parts of applications to continue operating while being attacked with malicious software in an event-driven system. Our approach uses widely employed COTS software – DirectX – and can be varied in design and implementation, hence making it more difficult to defeat with generic attack tools.
Software for the creation of digital signatures performs a delicate task. The signatory has to tr... more Software for the creation of digital signatures performs a delicate task. The signatory has to trust the manufacturer of the software that it will work in the intended way. Signing a document electronically will have legal consequences in a growing number of countries, therefore the security of the signing software is an important issue. In the past, Trojan horse programs have shown to be of growing concern for end-user computers. Software for digital signatures must provide protection against Trojan horses attacking the legally relevant signing process. In a survey of commercially-of-the-shelf signature software programs we found severe vulnerabilities that can easily be exploited by an attacker.
Page 1. Informatica 26 (2002) 191-203 191 Trojan Horse Attacks on Software for Electronic Signatu... more Page 1. Informatica 26 (2002) 191-203 191 Trojan Horse Attacks on Software for Electronic Signatures Adrian Spalka, Armin B. Cremers and Hanno Langweg Department of Computer Science III, University of Bonn Roemerstrasse ...
We compared vulnerable and fixed versions of the source code of 50 different PHP open source proj... more We compared vulnerable and fixed versions of the source code of 50 different PHP open source projects based on CVE reports for SQL injection vulnerabilities. We scanned the source code with commercial and open source tools for static code analysis. Our results show that five current state-of-the-art tools have issues correctly marking vulnerable and safe code. We identify 25 code patterns that are not detected as a vulnerability by at least one of the tools and 6 code patterns that are mistakenly reported as a vulnerability that cannot be confirmed by manual code inspection. Knowledge of the patterns could help vendors of static code analysis tools, and software developers could be instructed to avoid patterns that confuse automated tools
We present source code patterns that are difficult for modern static code analysis tools. Our stu... more We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers.
To get a better understanding of Cross Site Scripting vulnerabilities, we investigated 50 randoml... more To get a better understanding of Cross Site Scripting vulnerabilities, we investigated 50 randomly selected CVE reports which are related to open source projects. The vulnerable and patched source code was manually reviewed to find out what kind of source code patterns were used. Source code pattern categories were found for sources, concatenations, sinks, html context and fixes. Our resulting categories are compared to categories from CWE. A source code sample which might have led developers to believe that the data was already sanitized is described in detail. For the different html context categories, the necessary Cross Site Scripting prevention mechanisms are described
We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code ... more We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer’s point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.
There exist liberal goals of a network system’s use for which strong technologies are advocated. ... more There exist liberal goals of a network system’s use for which strong technologies are advocated. However, these technologies may favour only those who employ them and hence shift power compared to how people act and do business today. This encourages the deprived to also look for stronger technology to promote their position. In this technological ‘arms race’ both sides omit the equivalent of safety valves, raising stakes and reducing ways for compromise. We discuss this in the context of privacy, use of copyrighted material, and hacking of computer systems.
2017 IEEE Conference on Communications and Network Security (CNS), 2017
We present an analysis of how to determine security requirements for software that controls routi... more We present an analysis of how to determine security requirements for software that controls routing decisions in the distribution of discrete physical goods. Requirements are derived from stakeholder interests and threat scenarios. Three deployment scenarios are discussed: cloud and hybrid deployment as well as on-premise installation for legacy sites.
We compared vulnerable and fixed versions of the source code of 50 different PHP open source proj... more We compared vulnerable and fixed versions of the source code of 50 different PHP open source projects based on CVE reports for SQL injection vulnerabilities. We scanned the source code with commercial and open source tools for static code analysis. Our results show that five current state-of-the-art tools have issues correctly marking vulnerable and safe code. We identify 25 code patterns that are not detected as a vulnerability by at least one of the tools and 6 code patterns that are mistakenly reported as a vulnerability that cannot be confirmed by manual code inspection. Knowledge of the patterns could help vendors of static code analysis tools, and software developers could be instructed to avoid patterns that confuse automated tools.
Client computers are often a weak link in a technical network infrastructure. Increasing the secu... more Client computers are often a weak link in a technical network infrastructure. Increasing the security of client systems and applications against malicious software attacks increases the security of the network as a whole. Our work solves integrity and authenticity of input, confidentiality, integrity and authenticity of output. We present components to integrate a trusted path into an application to directly communicate with a user at a personal computer. This allows security sensitive parts of applications to continue operating while being attacked with malicious software in an event-driven system. Our approach uses widely employed COTS software – DirectX – and can be varied in design and implementation, hence making it more difficult to defeat with generic attack tools.
Software for the creation of digital signatures performs a delicate task. The signatory has to tr... more Software for the creation of digital signatures performs a delicate task. The signatory has to trust the manufacturer of the software that it will work in the intended way. Signing a document electronically will have legal consequences in a growing number of countries, therefore the security of the signing software is an important issue. In the past, Trojan horse programs have shown to be of growing concern for end-user computers. Software for digital signatures must provide protection against Trojan horses attacking the legally relevant signing process. In a survey of commercially-of-the-shelf signature software programs we found severe vulnerabilities that can easily be exploited by an attacker.
Uploads
Papers by Hanno Langweg