Monitoring the Security Health of Software Systems

Abstract

Detecting security bugs during the development cycle of a software is extremely difficult as effective testing approaches for such bugs do not exist. Applications are often deployed without being tested for security vulnerabilities even though the application domain demands highly secure software. Hence there is a need to develop systems which can monitor such applications for security violations and take immediate actions if any violation occurs. In this paper we describe an approach for monitoring the security health of a software system. Our methodology involves an agent based approach which communicates with the health monitoring system running as an independent process. We make this agent a part of the application(binary) and modify the binary at appropriate locations to transfer the control to the agent attached. The agent sends critical information regarding the execution to the monitoring system. The monitoring system analyzes the data and takes suitable actions. Currently our system monitors the following security bugs - buffer overflow, race conditions( Time of Check to Time to Use vulnerability), random number vulnerability and can be extended for other vulnerabilities also.