Automatic Verification of a Remote Code Execution Vulnerability Detection Model Using the SPIN Model Checker

Anusha, Zannatul Ferdous

DSpace Home
→
Faculty of Science and Information Technology
→
DEPARTMENT OF SOFTWARE ENGINEERING
→
Project Report
→
View Item

Automatic Verification of a Remote Code Execution Vulnerability Detection Model Using the SPIN Model Checker

Anusha, Zannatul Ferdous

URI: http://dspace.daffodilvarsity.edu.bd:8080/handle/123456789/5168

Date: 2020-04-10

Abstract:

Communicating and delivering services to the consumers through web applications are now become very popular because of easily wide range information support and integration of data with other applications. Absolute coding practices during the programming and lack of security awareness are the main cause of various types of vulnerabilities at the application level in the World Wide Web (WWW) system. Cyber Attacks are becoming a critical risk for every digital transformation around the world. One of the biggest weaknesses in this area is remote code execution (RCE). According to the Web Application Security Project (CWE / SANS), RCE is on the list of sensitive critical applications that have been vulnerable since 2016. Objective: This paper proposes a model, and verify using SPIN model checker. Results: This research also simulates the proposed model with automata called finite state machines and exhibits it as a finite model. Conclusions: Various types of case studies and detection models are introduced and compared with other vulnerability detection model. After reviewing literatures, we found insignificant researches conducted on justifying web layer vulnerability detection model using SPIN model.

Description:

Internet applications currently play an important role in automating traditional daily activities by updating existing solutions. Worldwide, over 3.88 billion people use the Internet and various Internet applications from service providers because it is easy to use and available anywhere, anytime. For the aforementioned beneficial reasons, most organizations or service providers, such as industry, banks, government, education, medicine and other industries, want to offer their services to interested parties via a web application and other online systems. Companies automate processes and offer their clients services via web applications to achieve higher profits with greater customer satisfaction. A modern web application stores the confidential information of organizations and consumers for the above-mentioned reasons: The risk of using these web applications increases daily due to various cyber-attacks. A vulnerability in Internet applications is a serious vulnerability in the system that can be affected. ISPs use the PHP platform to create web applications that simplify the use of code According to OWASP and SANS, the most common security vulnerabilities are SQLi (Structured Request Language Injection), injection of the Cross Site Scripting (XSS) injection buffer overflow system command and Interrupted Authentication Session Management , disclosure of confidential data, remote code execution (RCE), attachment of local files (LFI) etc. However, the new years of remote code execution were a major threat on the Internet that could use the web server function for script / file files.

Show full item record