Vulnerability Identification on GNU/Linux Operating Systems through Case-Based Reasoning

Douglas Santos, Jéferson Campos Nobre

Abstract


Operating system security has been steadily evolving over the years. Several mechanisms, softwares and guides of best practices of configuration have been developed to contribute with the security of such systems. The process that makes an operating system safer by considering the default level obtained at the installation is known as hardening. Experience and technical knowledge are important attributes for the professional performing this process. In this context, automated rule-based tools are often used to assist professionals with little experience in vulnerability identification activities. However, the use of rules establishes a dependency on developers for the development of new rules as well as to keep them updated. Failure to update rules can significantly compromise the integrity of vulnerability identification results. In this paper, the Case-Based Reasoning (CBR) technique is used to improve tools that assist inexperienced professionals in conducting vulnerability identification activities. The purpose of using CBR is to make inexperienced professionals obtain similar results as experienced professionals. In addition, the dependence on rule developers is diminished. A prototype was developed considering the GNU/Linux system in order to carry out an experimental evaluation. This evaluation demonstrated that the application of CBR improves the performance of inexperienced professionals in terms of the number of identified vulnerabilities.

Keywords


Identificação de vulnerabilidades; Raciocínio Baseado em Casos; Hardening

Full Text:

PDF

References


GNU/LINUX Operational System. 2014.

FOUNDATION, T. L. Linux adoption trends 2012: A survey of enterprise end users: A report by the linux founda- tion in partnership with yeoman technology group. 2012.

OSBORN, S. Mandatory access control and role-based access control revisited. In: KIDWELLY, P. (Ed.). IN PROCE- EDINGS OF THE 2ND ACM WORKSHOP ON ROLE-BASED ACCESS CONTROL. [S.l.]: ACM Press, 1997. p. 31–40.

Mu ̈LLER, T. ASLR Smack & Laugh Reference. RWTH-Aachen University, 2008. (Technical report).

XU, H.; CHAPIN, S. J. Improving address space randomization with a dynamic offset randomization technique. In: Proceedings of the 2006 ACM Symposium on Applied Compu- ting. New York, NY, USA: ACM, 2006. (SAC ’06), p. 384– 391.

VEEN, V. Van der et al. Memory errors: The past, the present, and the future. In: Proceedings of the 15th In- ternational Conference on Research in Attacks, Intrusions, and Defenses. Berlin, Heidelberg: Springer-Verlag, 2012. (RAID’12), p. 86–106.

MITRE. 2014.

NIST. NIST - National Institute of Standards and Technology website. [S.l.], 2014.

FIRST. FIRST Website. [S.l.], 2014.

WRIGHT, C. et al. Linux security modules: Gene- ral security support for the linux kernel. In: Proceedings of the 11th USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2002. p. 17–31.

SCARFONE, K. A.; JANSEN, W.; TRACY, M. SP 800- 123. Guide to General Server Security. Gaithersburg, MD, United States: National Institute of Standards & Technology, 2008.

SHARMA, A. et al. Ferret: A host vulnerability checking tool. In: Proceedings of the 10th IEEE Pacific Rim Interna- tional Symposium on Dependable Computing (PRDC’04). Washington, DC, USA: IEEE Computer Society, 2004. (PRDC ’04), p. 389–394.

BOELEN, M. Lynis: Security and system auditing tool to harden Linux systems (and more). 2007.

CIS, N. G. TIGER: The Unix security audit and intrusion detection tool. 2002.

OPENVAS. Open Vulnerability Assessment System. [S.l.], 2014.

WEBER, S.; KARGER, P. A.; PARADKAR, A. A soft- ware flaw taxonomy: Aiming tools at security. In: Proceedings of the 2005 Workshop on Software Engineering for Secure Systems&Mdash;Building Trustworthy Applications. New York, NY, USA: ACM, 2005. (SESS ’05), p. 1–7.

KRSUL, I. V. Software Vulnerability Analysis. Tese (Dou- torado), West Lafayette, IN, USA, 1998. AAI9900214.

MITRE. MITRE CVE, Common Vulnerabilities and Ex- posures. [S.l.], 2014.

MAURO, D. R.; SCHMIDT, K. J. Essential SNMP, Se- cond Edition. [S.l.]: O’Reilly Media, Inc., 2005.

VEEN, V. Van der et al. Memory errors: The past, the present, and the future. In: Proceedings of the 15th In- ternational Conference on Research in Attacks, Intrusions, and Defenses. Berlin, Heidelberg: Springer-Verlag, 2012. (RAID’12), p. 86–106.

LANDWEHR, C. E. et al. A taxonomy of computer program security flaws. ACM Comput. Surv., ACM, New York, NY, USA, v. 26, n. 3, p. 211–254, set. 1994.

CVE-2014-0160. 2014. HeartBleed Vulnerability.

PROVOS, N.; FRIEDL, M.; HONEYMAN, P. Preven- ting privilege escalation. In: Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12. Berkeley, CA, USA: USENIX Association, 2003. (SSYM’03), p. 16–16.

ABNT, A. B. d. N. T. NBR ISO/IEC 27005 – Tecnologia da Informacao – Tecnicas de Seguranca – Gestao de Riscos de Seguranca da Informacao. Rio de Janeiro: ABNT, 2008.

FRISCH, A. Essential System Administration. 3rd. ed. Sebastopol, CA, USA: O’Reilly & Associates, Inc., 2002. 387 p.

MOURAD, A.; LAVERDIe`RE, M.-A.; DEBBABI, M. Security hardening of open source software. In: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services. New York, NY, USA: ACM, 2006. (PST ’06), p. 43:1–43:1.

NOONAN, W. Hardening Network Infrastructure. [S.l.]: McGraw-Hill Osborne Media, 2004.

RED HAT INC. Red Hat Enterprise Linux 6 Security Guide. 5. ed. [S.l.], 2011.

WITA, R.; TENG-AMNUAY, Y. Vulnerability profile for linux. In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 1. Washington, DC, USA: IEEE Computer Society, 2005. (AINA ’05), p. 953–958.

MILLS, D. et al. Rfc1157 - network time protocol ver- sion 4: Protocol and algorithms specification. 6 2010.

LUGER, G. F. Artificial Intelligence: Structures and Strategies for Complex Problem Solving. 3rd. ed. Boston, MA, USA: Addison-Wesley Longman Publishing Co., Inc., 1997.

RUSSELL, S. J. et al. Artificial Intelligence: A Modern Approach. Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 1996.

JACKSON, P. Introduction to Expert Systems. 2nd. ed. Boston, MA, USA: Addison-Wesley Longman Publishing Co., Inc., 1990.

RICHTER, M. M.; WEBER, R. O. Case-Based Rea- soning: A Textbook. [S.l.]: Springer Publishing Company, Incorporated, 2013.

PRICE, C. J.; PEGLER, I. S. Deciding parameter va- lues with case-based reasoning. In: Proceedings of the First United Kingdom Workshop on Progress in Case-Based Reaso- ning. London, UK, UK: Springer-Verlag, 1995. p. 121–133.

HOLT, A. et al. Medical applications in case-based rea- soning. Knowl. Eng. Rev., Cambridge University Press, New York, NY, USA, v. 20, n. 3, p. 289–292, set. 2005.

VOSSOS, G. et al. An example of integrating legal case based reasoning with object-oriented rule-based sys- tems: Ikbals ii. In: Proceedings of the 3rd International Conference on Artificial Intelligence and Law. New York, NY, USA: ACM, 1991. (ICAIL ’91), p. 31–41.

MELCHIORSCRISTINA;TAROUCO,L.M.R.Ra- cioc ́ınio baseado em casos aplicado ao gerenciamento de falhas em redes de computadores. UFRGS, 1999.

WATSON, I. Case-based reasoning is a methodology not a technology. In: MILES, R.; MOULTON, M.; BRAMER, M. (Ed.). Research and Development in Expert Systems XV. Springer London, 1999. p. 213–223.

KOLODNER, J. Case-based Reasoning. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 1993.

KOLODNER, J. L.; SIMPSON, R. L.; SYCARA- CYRANSKI, K. A process model of cased-based reaso- ning in problem solving. In: Proceedings of the 9th Inter- national Joint Conference on Artificial Intelligence - Volume 1. San Francisco, CA, USA: Morgan Kaufmann Pu- blishers Inc., 1985. (IJCAI’85), p. 284–290.

MAIN, J.; DILLON, T. S.; SHIU, S. C. K. Soft compu- ting in case based reasoning. In: PAL, S. K.; DILLON, T. S.; YEUNG, D. S. (Ed.). London, UK, UK: Springer-Verlag, 2001. cap. A Tutorial on Case Based Reasoning, p. 1–28.

GUPTA, K. M.; MONTEZEMI, A. R. Empirical eva- luation of retrieval in case-based reasoning systems using modified cosine matching function. Trans. Sys. Man Cyber. Part A, IEEE Press, Piscataway, NJ, USA, v. 27, n. 5, p. 601– 612, set. 1997.

WATSON, I. Case-based reasoning is a methodology not a technology. In: MILES, R.; MOULTON, M.; BRAMER, M. (Ed.). Research and Development in Expert Systems XV. Springer London, 1999. p. 213–223.

CUNNINGHAM, P. A taxonomy of similarity mecha- nisms for case-based reasoning. IEEE Trans. on Knowl. and Data Eng., IEEE Educational Activities Department, Pisca- taway, NJ, USA, v. 21, n. 11, p. 1532–1543, nov. 2009.

OSBORNE, H.; BRIDGE, D. Models of similarity for case-based reasoning. In: Proceedings of the Interdisciplinary Workshop on Similarity and Categorisation. [S.l.: s.n.], 1997. p. 173–179.

SUEBSING, A.; HIRANSAKOLWONG, N. Feature se- lection using euclidean distance and cosine similarity for in- trusion detection model. In: Proceedings of the 2009 First Asian Conference on Intelligent Information and Database Systems. Washington, DC, USA: IEEE Computer Society, 2009. (ACIIDS ’09), p. 86–91.

WATSON, I.; MARIR, F. Case-based reasoning: A review. The Knowledge Engineering Review, v. 9, p. 327– 354,121994.

LEWIS, L. Managing Computer Networks: A Case- Based Reasoning Approach. Norwood, MA, USA: Artech House, Inc., 1995.

AAMODT, A.; PLAZA, E. Case-based reasoning: Foun- dational issues, methodological variations, and system appro- aches. AI Commun., IOS Press, Amsterdam, The Netherlands, The Netherlands, v. 7, n. 1, p. 39–59, mar. 1994.

BECHTSOUDIS, A.; SKLAVOS, N. Aiming at higher network security through extensive penetration tests. Latin America Transactions, IEEE (Revista IEEE America Latina), v. 10, n. 3, p. 1752–1756, 2012.

PAVLOU, G. On the Evolution of Management Approaches, Frameworks and Protocols: A Historical Perspective. New York, NY, USA: Plenum Press, 2007. 425–445 p.

COCKBURN, A. Writing Effective Use Cases. 1st. ed. Boston, MA, USA: Addison-Wesley Longman Publishing Co., Inc., 2000.




DOI: https://doi.org/10.22456/2175-2745.82079

Copyright (c) 2019 Douglas Santos, Jéferson Campos Nobre

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Indexing databases:
        

Acknowledgments: