Ivano Alessandro Elia

Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study

System administrators frequently rely on intrusion detection tools to protect their systems against SQL Injection, one of the most dangerous security threats in database-centric web applications. However, the real effectiveness of those tools is usually unknown, which may lead administrators to put an unjustifiable level of trust in the tools they use. In this paper we present an experimental evaluation of the effectiveness of five SQL Injection detection tools that operate at different system levels: Application, Database and Network. To test the tools in a realistic scenario, Vulnerability and Attack Injection is applied in a setup based on three web applications of different sizes and complexities. Results show that the assessed tools have a very low effectiveness and only perform well under specific circumstances, which highlight the limitations of current intrusion detection tools in detecting SQL Injection attacks. Based on experimental observations we underline the strengths and weaknesses of the tools assessed.

Security issues of a phasor data concentrator for smart grid infrastructure

The use of PMUs (Phasor Measurement Units) for measurement and control of the power grids over wide areas is becoming fundamental to improve power system reliability. Synchrophasors, that enable a synchronized evaluation of the phasor through GPS radio clock, are being extensively deployed together with network-based PDC (Phasor Data Concentrator) applications for providing a precise and comprehensive view of the status of the entire grid. The objective of this paper is to raise the awareness about the security issues related to the adoption of such technologies in power grids. In particular, we address two main vulnerabilities of the synchrophasor networks: (i) the protocols used to exchange data between the PMU and the PDC are usually not encrypted, and (ii) PDCs do not automatically sanitize the data received from the PMU. These vulnerabilities tremendously increase the exposure of a power distribution infrastructure to threats of cyber-attacks. In the paper we present an application scenario where such vulnerabilities are exploited by performing a SQL-injection attack that compromises the database used to store PMUs data.

Security analysis of smart grid data collection technologies

In the last few years we are witnessing a dramatic increase in cyber-attacks targeted against Critical Infrastructures. Attacks against Critical Infrastructures are especially dangerous because they are tailored to disrupt assets which are essential to the functioning of the society as a whole. Examples of Critical Infrastructure sectors include transportation, communication, and utilities. Among these, power grids are possibly the most critical, due to the strong dependency of virtually all Critical Infrastructures on the power infrastructure. We have conducted a security analysis of two key technologies which enable data collection in Power Grids, namely synchrophasor devices and Phasor Data Concentrators. We emphasize that the study has been conducted on a commercial synchrophasor produced by a major vendor, and on a widely used open source product for the Phasor Data Concentrator application.We describe the experimental setup, present the main results, and comment the findings of our research.

From Intrusion Detection to Intrusion Detection and Diagnosis: An Ontology-Based Approach

Currently available products only provide some support in terms of Intrusion Prevention and Intrusion Detection, but they very much lack Intrusion Diagnosis features. We discuss the limitations of current Intrusion Detection System (IDS) technology, and propose a novel approach - which we call Intrusion Detection & Diagnosis System (ID2S) technology - to overcome such limitations. The basic idea is to collect information at several architectural levels, using multiple security probes, which are deployed as a distributed architecture, to perform sophisticated correlation analysis of intrusion symptoms. This makes it possible to escalate from intrusion symptoms to the adjudged cause of the intrusion, and to assess the damage in individual system components. The process is driven by ontologies. We also present preliminary experimental results, providing evidence that our approach is effective against stealthy and non-vulnerability attacks.

Understanding Interoperability Issues of Web Service Frameworks

Web Services are a set of technologies designed to support the invocation of remote services by client applications, with the key goal of providing interoperable application-to-application interaction while supporting vendor and platform independence. The goal of this work is to study the real level of interoperability provided by these technologies through a massive experimental campaign involving a wide set of very popular frameworks for web services, implemented using seven different programming languages. We have tested the inter-operation of eleven client-side framework subsystems with three of the most widely used server-side implementations, each one hosting thousands of different services. The results highlight numerous situations where the goal of interoperability between different frameworks is not met due to problems both on the client and the server side. Moreover, we have identified issues also affecting interactions between the client and server subsystems of the same framework.

Test-Based Interoperability Certification for Web Services

Web Services are designed with the key goal of providing interoperable application-to-application interaction, regardless of the platforms involved. Although experience shows that interoperability is difficult to achieve, developers still have limited tools to assess the interoperability of their services and, to the best of our knowledge, none able to support end-to-end interoperability certification. In this paper, we lay the foundations of an interoperability certification process for Web services, which allows testing the interoperability level of a given Web service and also identifying possible interoperability issues. In practice, the process can be used by developers or providers to certify a given web service for interoperability, ensuring successful interaction with client-side platforms. We show the effectiveness of the process by conducting a large experimental evaluation to certify five different implementations of the services specified by the TPC-App benchmark, and about 2500 synthetic generated services.client-side platforms.

ITWS: An Extensible Tool for Interoperability Testing of Web Services

Web services are supported by a set of protocols that have been designed with the main goal of providing interoperable communication to applications. In typical business-critical services environments the occurrence of interoperability issues can have disastrous consequences, including direct financial costs, reputation, and client fidelity losses. Despite this, experience suggests that interoperability is still quite difficult to achieve, since the heterogeneity of frameworks for providing web services is quite large. In addition, current tools have limited testing capabilities and, in many cases do not specialize in this problem. In this paper we present ITWS, an extensible Interoperability Testing tool for Web Services that is able to assess the interoperability of a web service, supported by any given framework. We have used ITWS to test the interoperability of a set of home-implemented TPC-App web services and a set of thousands of web services created in .NET C# against 11 client-side web service frameworks, including frameworks for mainstream programming languages. Numerous issues have been disclosed, showing the benefits of using ITWS and the importance of testing services for interoperability.

A Field Perspective on the Interoperability of Web Services

In a typical web services environment, a web service framework supports the client and server interaction by, among other tasks, announcing the services interfaces and translating application-level service calls to SOAP messages. Although designed to support inter-operation, research and practice suggest that existing client-side and server-side frameworks, many times, cannot fully inter-operate. The problem is that, as web services are increasingly being deployed to support business-critical environments, interoperability issues may prevent or impact business transactions, potentially resulting in huge financial and reputation losses. In this paper we present an experimental evaluation of the interoperability of 1024 publicly available web services, against a set of diverse and well-known client-side web service frameworks. We have detected at least one severe interoperability issue in over 53% of the services tested and quite different inter-operation capabilities regarding the client-side frameworks. Results clearly show that, although providers frequently claim interoperability capabilities, urgent improvements are required.

A healthcare real-time monitoring system for multiple sensors data collection and correlation

Telecare and home healthcare services are an increasing healthcare research sector. In this field a novel approach is based on wearable sensor devices which provide a user-friendly acquisition of vital signs and allow the implementation of pervasive and continuous healthcare monitoring systems. The amazing amount of data continuously provided by sensors, poses challenging issues to the systems which are in charge of their collection and processing.

An Analysis of OpenStack Vulnerabilities

Cloud management frameworks provide an effective way to deploy and manage the hardware, storage and network resources for supporting critical cloud infrastructures. OpenStack is used in the context of business critical systems and frequently deals with highly sensitive resources, where a security breach may result in severe damage, including information theft or financial losses. Despite this, there is little information on how much security is a concern during design and implementation of OpenStack components. This work analyses 5 years of security reports on OpenStack and the corresponding patches, with the goal of characterizing the most frequent vulnerabilities, how they can be exploited, and their root causes. The goal is to identify vulnerability trends, characterize frequent threats, and shed some light on the overall security of OpenStack. Special focus is placed on the framework component for virtualization management (Nova), by also analyzing the code of the available patches. Overall results show a preponderance of vulnerabilities that may be exploited to cause DoS and expose sensitive information. Also, 2/3 of the total number of vulnerabilities can be exploited by insider attacks, urging administrators to focus protection efforts on them. Finally, many bugs remain undetected for long periods when most of them are easy to avoid or detect and correct.