SOFIA: An Automated Security Oracle for Black-Box Testing of SQL-Injection Vulnerabilities

Ceccato, Mariano; Nguyen, Duy Cu; Appelt, Dennis; Briand, Lionel

Reference : SOFIA: An Automated Security Oracle for Black-Box Testing of SQL-Injection Vulnerabilities


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/28150

Title :	SOFIA: An Automated Security Oracle for Black-Box Testing of SQL-Injection Vulnerabilities
Language :	English
Author, co-author :	Ceccato, Mariano [Fondazione Bruno Kessler]
	Nguyen, Duy Cu [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Appelt, Dennis [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Briand, Lionel [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Publication date :	2016
Main document title :	Proceedings of the 31th IEEE/ACM International Conference on Automated Software Engineering
Peer reviewed :	Yes
On invitation :	No
Audience :	International
Event name :	31st IEEE/ACM International Conference on Automated Software Engineering (ASE 2016)
Event date :	from 05-09-2016 to 07-09-2016
Keywords :	[en] Web Application Security ; Penetration Testing ; Software Testing
Abstract :	[en] Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. The latter phase is known as the security oracle problem. In this work, we present SOFIA, a Security Oracle for SQL-Injection Vulnerabilities. SOFIA is programming-language and source-code independent, and can be used with various attack generation tools. Moreover, because it does not rely on known attacks for learning, SOFIA is meant to also detect types of \sqli attacks that might be unknown at learning time. The oracle challenge is recast as a one-class classification problem where we learn to characterise legitimate SQL statements to accurately distinguish them from \sqli attack statements. We have carried out an experimental validation on six applications, among which two are large and widely-used. SOFIA was used to detect real \sqli vulnerabilities with inputs generated by three attack generation tools. The obtained results show that SOFIA is computationally fast and achieves a recall rate of 100\% (i.e., missing no attacks) with a low false positive rate (0.6\%).
Research centres :	University of Luxembourg: High Performance Computing - ULHPC
Funders :	Fonds National de la Recherche - FnR ; FBK Mobility project
Target :	Researchers ; Professionals ; Students
Permalink :	http://hdl.handle.net/10993/28150
FnR project :	FnR ; FNR4800382 > Dennis Appelt > > Black-Box Security Testing for Web Applications and Services > 01/10/2012 > 30/06/2016 > 2012

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	main.pdf		Author preprint	273.17 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices