Vulnerability Assessment

The Vulnerability Assessment project at the University of Wisconsin has the following goals:

• Develop techniques, tools and procedures for vulnerability assessment focusing on grid middleware
• Apply these techniques to production software
• Improve the security of this software
• Educate developers about best practices in secure coding
• Increase awareness about the need of this activity
• Train and build a community of security specialists

Some of the results of this activity are below.

Systems Assessed

This project has completed a vulnerability assessment of the following projects:

• University of Wisconsin's Condor Project
  • Disclosed Vulnerability Reports
• San Diego Supercomputer Center's (SDSC) Storage Resource Broker (SRB)
  • Vulnerability Reports
• National Center for Supercomputing Application's (NCSA) MyProxy
  • Vulnerability Reports
  • MyProxy Vulnerability Assessement
• NIKHEF's glexec
  • In Progress
• CrossBroker
  • In Progress

Secure Programming

How to Open a File and Not Get Hacked: A paper and presentation that describes securely accessing files along with an accompanying library implementing these ideas.

Kupsch, J. A. and Miller, B. P. 2008. How to Open a File and Not Get Hacked. In Proceedings of the 2008 Third International Conference on Availability, Reliability and Security (March 04 - 07, 2008). ARES. IEEE Computer Society, Washington, DC, 1196-1203. DOI= http://dx.doi.org/10.1109/ARES.2008.53 [pdf]

Reports and Tutorials

• Vulnerability Assessment and Secure Coding Practices for Middleware Tutorial
  • Part 1: Vulnerability Assessment Process
  • Part 2: Secure Coding Practices
• Manual vs. Automated Vulnerability Assessment: A Case Study

  Kupsch, J. A. and Miller, B. P. 2009. Manual vs. Automated Vulnerability Assessment: A Case Study. The First International Workshop on Managing Insider Security Threats (June 15-19, 2009). MIST. [pdf]

• First Principles Vulnerability Assessment

  James A. Kupsch, Barton P. Miller, Eduardo César, and Elisa Heymann 2009. First Principles Vulnerability Assessment [pdf]

People

• Prof. Barton P. Miller, University of Wisconsin
• James A. Kupsch, Researcher, University of Wisconsin
• Prof. Miron Livny, University of Wisconsin
• Prof. Elisa Heymann, Universitat Autònoma de Barcelona
• Prof. Eduardo César, Universitat Autònoma de Barcelona
• Jairo David Serrano, Universitat Autònoma de Barcelona

Acknowledgment

This research funded in part by National Science Foundation grant OCI-0844219, NATO grant CLG 983049, the National Science Foundation under contract with San Diego Supercomputing Center, and National Science Foundation grants CNS-0627501 and CNS-0716460.