Abstract
Detecting security bugs during the development cycle of a software is extremely difficult as effective testing approaches for such bugs do not exist. Applications are often deployed without being tested for security vulnerabilities even though the application domain demands highly secure software. Hence there is a need to develop systems which can monitor such applications for security violations and take immediate actions if any violation occurs. In this paper we describe an approach for monitoring the security health of a software system. Our methodology involves an agent based approach which communicates with the health monitoring system running as an independent process. We make this agent a part of the application(binary) and modify the binary at appropriate locations to transfer the control to the agent attached. The agent sends critical information regarding the execution to the monitoring system. The monitoring system analyzes the data and takes suitable actions. Currently our system monitors the following security bugs - buffer overflow, race conditions( Time of Check to Time to Use vulnerability), random number vulnerability and can be extended for other vulnerabilities also.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.