Dynamic Security Analysis of Costs Applications
Abstract
This is the final technical report for a research effort whose objective was to analyze the robustness of Commercial Off-the-Shelf (COTS) software on the Windows NT platform. Robustness to anomalous data plays an integral role in the security of mission-critical COTS software. This report describes the experiments conducted, analysis of results, and prototypes built during the duration of the project. The bulk of this report discusses the three subprojects that formed the core of this research: The Random and Intelligent Data Design Library Environment (RIDDLE), NetHose, and the Failure Simulation Tool (FST). RIDDLE is a testing framework that provides the ability to perform automated testing of command-line utilities, Application Programming Interfaces (APIs), and network daemons. NetHose is a utility that can be used to test the robustness of the network stack. Both RIDDLE and NetHose rely on the use of a special input generation technique developed for this project. The FST is a prototype tool that allows a tester to analyze the robustness of a COTS application to the failure of operating system calls. The rationale, design, and use of each tool are discussed.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2002
- Accession Number
- ADA404814
Entities
People
- Anup Ghosh
- Frank Hill
- Matthew Schmid