Scott Knight

A lightweight approach to state based security testing

State based protocols are protocols in which the handling of one message depends on the contents of previous messages. Testing such protocols, for security or for other purposes usually means specifying the state space of the protocol in some manner. This paper introduces a novel method of using an existing client to explore the state space. The messages exchanged between the client and test system are captured and mutated. To send the mutated test messages, the previous messages must be resent. Constraints expressed in an extended version of the Security Constraints Language are used to automatically derive the data dependencies between the messages.

Compromise through USB-based Hardware Trojan Horse device

This paper continues the discussion of the risks posed by Hardware Trojan Horse devices by detailing research efforts to build such a Hardware Trojan Horse based on unintended USB channels. Because of the ubiquitousness of the USB protocol in contemporary computer systems, the research focused on identifying, characterizing and modeling unintended USB channels. The research demonstrated that such unintended USB channels can allow the creation of two way communications with a targeted network endpoint, thus violating the integrity and confidentiality of the data residing on the network endpoint. The work was validated through the design and implementation of a Proof of Concept Hardware Trojan that uses two such unintended USB channels to successfully interact with a target network endpoint to compromise and exfiltrate data from it.

Hardware Trojan Horse Device Based on Unintended USB Channels

This paper discusses research activities that investigated the risk associated with USB devices. The research focused on identifying, characterizing and modelling unintended USB channels in contemporary computer systems. Such unintended channels can be used by a USB Hardware Trojan Horse device to create two way communications with a targeted network endpoint, thus violating the integrity and confidentiality of the data residing on the endpoint. The work was validated through the design and implementation of a proof of concept Hardware Trojan Horse device that uses two such unintended USB channels to successfully interact with a target network endpoint to compromise and exfiltrate data from it.

Predictable Three-Parameter Design of Network Covert Communication Systems

This paper presents a predictable and quantifiable approach to designing a covert communication system capable of effectively exploiting covert channels found in the various layers of network protocols. Three metrics are developed that characterize the overall system. A measure of probability of detection is derived using statistical inference techniques. A system efficiency measure is developed based upon the noiseless capacity of the covert channel. A measure of reliability is developed as the bit-error rate of the combined noisy channel and an appropriate error-correcting code. To support reliable communication, a family of error-correcting codes are developed that handle the high symbol insertion rates found in these covert channels. The system metrics are each shown to be a function of the covert channel signal-to-noise ratio, and as such can be used to perform system level design trade-offs. Validation of the system design methodology is provided by means of an experiment using real network traffic data.

A Modbus command and control channel

Since the discovery of Stuxnet, it is no secret that skilled adversaries target industrial control systems. To defend against this threat, defenders increasingly rely on intrusion detection and segmentation. As the security posture improves, it is likely that the attackers will move to stealthier approaches, such as covert channels. This paper presents a command and control (C&C) covert channel over the Modbus/TCP protocol that represents the next logical step for the attackers and evaluates its suitability. The channel stores information in the least significant bits of holding registers to carry information using Modbus read and write methods. This offers an explicit tradeoff between the bandwidth and stealth of the channel that can be set by the attacker.

Risks associated with USB Hardware Trojan devices used by insiders

This paper extends the discussion of potential damage that can be done by Hardware Trojan Horse devices by discussing the specific risks associated with an Insiders use of such a device to circumvent established security policies, even when these are implemented with state of the art Endpoint Security Solutions. The paper argues that a specific category of Hardware Trojan Horse devices, those implemented as functional peripheral devices, are particularly dangerous when used by a malicious Insider. The research discusses the implementation of a proof of concept Hardware Trojan Horse device, implemented as a USB Human Interface Devices, that exploits unintended USB channels to exfiltrate data from a computer. The work discusses unintended USB channels, paying particular attention to the observability of the channel in operation. Various scenarios are presented to show that Hardware Trojan Horse devices implemented as peripheral devices can be used to prosecute a wide variety of attacks that are not mitigated by modern defensive techniques. The work demonstrates that a Hardware Trojan Horse device and physical access by a malicious Insider are sufficient to compromise a modern computer system. The paper argues that the study of Hardware Trojan devices must become an integral part of research on Insider Threats.

Lightweight State Based Mutation Testing for Security

State based protocols are protocols in which the handling of one message depends on the contents of previous messages. Testing such protocols, for security or for other purposes usually means specifying the state space of the protocol in some manner. This paper introduces a novel method of using an existing client to explore the state space. The messages exchanged between the client and test system are captured and mutated. To send the mutated test messages, the previous messages must be resent. Constraints expressed in an extended version of the Semantic Constraint Language are used to automatically derive the data dependencies between the messages.

The International Journal of Information Security Special Issue on privacy, security and trust technologies and E-business services: Guest Editors’ Introduction

With recent advances in Web and e-service technologies and associated infrastructures, there are increasing demands for ubiquitous access to e-business services for supporting business processes. With the advent of e-business and supply chain management concepts, increasing demands for interoperable applications exist, which allow for the real-time exchange of data across enterprise borders, across different applications and across different IT-platforms. However, these demands cannot be realized without suitable privacy, security, and trust technologies to ensure that business data is appropriately protected and business partners can inter-work with confidence. In principle, an e-business service refers to an autonomous unit of functionality that provides either some e-business application or information to accomplish enterprise purposes at anytime and anywhere through wired and wireless network infrastructure and Web technologies. The goal of this special issue is to crystallize the emerging privacy security and trust technologies and trends into positive efforts to focus on the most promising solutions in e-business services computing. The papers provide clear proof that privacy security and trust technologies are playing

Towards Managed Role Explosion

Role-based access control (RBAC) is a popular framework for securing information systems in medium to large organizations with hundreds or thousands of employees. However, very few descriptions of existing RBAC systems can be found in the literature. In this paper, we challenge the belief, notion or sense that the number of subjects far exceeds the roles found in enterprise systems. First, we analyze the RBAC system found at ACME University, comparing it to a recently introduced fragment of RBAC called bi-sorted role-based access control (RBÄC). Then we investigate how ACME performs access management, using our new hierarchical graphing model to better visualize the subject-permission mappings. Next, we present our results and introduce a new role-centric methodology for dynamically constraining access to information. Finally, we describe how organizational scalability is enhanced at ACME University by decoupling subject and permission management at the expense of managed role explosion.

Permutation-based steganographic channels

Covert channels are a mechanism that allows an attacker to parasitically place messages within a legitimate channel. Detection of these covert channels can have consequences for an attacker. Not only is the ability to communicate lost or compromised, but analysis of the channel can lead to the identity of the attacker themselves. If the attacker is a wanted criminal or foreign intelligence service, these consequences can be quite severe. This paper proposes a covert channel with the property of unattributability. That is, in the event the channel is detected, nothing about the channel gives any clues as to the identity of the attacker. The unattributable nature of the covert channel has a cost, however, in that the channel is one-way, with the attacker being unable to send messages, only receive them. As such, the proof-of-concept design uses this covert channel to transmit sensitive information from an infected machine.