Development of Application Layer Vulnerability Exploitation Training Platform

Abstract

The concept of security in software applications is maturing every day alongside the ever evolving techniques of bypassing them. The key to any exploitation attempt in any software application is the identification, visibility and access to the vulnerable area called "attack surface" that could be manipulated to either disrupt the desired behavior of the application and its hosting machine or take unauthorized control of the application or the host machine for malicious intent. The need for the awareness of this trend always remains high and critical for achievement of main security goals of confidentiality, integrity and availability of information. We reviewed some of the major application layer vulnerabilities, their exploitation techniques, their preventive measures and measures to bypass those protections. That gave us sufficient knowledge-base for better understanding of the vulnerabilities and exploitation process. We further carried out the survey of different security testbeds developed so far in the security research community in order to understand their designs, capabilities and configuration features in order to identify the areas on which we could suggest improvements in our proposed design. Based on our survey we have observed that the testbeds so far developed have mostly been based on large scale distributed networks and physical hardware for the evaluation of the cyber attacks on the real-time systems with special focus on those running critical infrastructures. The notable efforts in this regards include LARIAT, LLSIM, Netbed, DETER and most recent NCR (National Cyber Range). Most of these have been developed to test the effectiveness of the IDS systems and study of malicious scripts and worms as forensic tools in the closer-to-real-world environment. For compact and more robust testing of vulnerable systems the shift towards virtualization is noticed with solutions like TIDeS, vGrounds, SCADA Testbed, VIKING Testbed and ViSe (Virtual Security Testbed). These testbeds have provided useful platform to study the exploitation of vulnerabilities in the target system. A very few provide any explicit facility to assess the effectiveness of exploitation while mostly suffice to detection. Our study of application layer vulnerabilities and security testbed designs gave us necessary knowledge to further design an improved solution with additional features. Our work attempts to take the concept of security testbeds a step further by introducing the exploitation assessment features in addition to detection. The Applicaion Layer Vulnerability Exploitation Training Platform we developed includes the exploitation success/failure assessment capability with the assessment of the exploitation level in order to assess the attacker's skill level and ability. The proposed testbed is fully virtualized with a collection of variety of Linux and Windows based vulnerable applications and services installed in Linux and Windows based Victim images while an Attacker image is configured with exploitation tools and exploit scripts for attacks on Victims. A Monitor System has been configured for detection of attacks and assessment. It is easy to configure and takes less time to setup and re-configure as compared to large-scale hardware based testbeds. It is also easily scalable with inclusion of more attacker, victim or monitor images in the virtual network.