Relational Operators

2022-02-25 20:50:23 -06:00 · 2022-02-25 20:50:23 -06:00 · 86639cfaf0
commit 86639cfaf0
parent c0ed4c3607
10 changed files with 72 additions and 44 deletions
--- a/Appendices.aux
+++ b/Appendices.aux
@ -12,7 +12,7 @@
 \setcounter{enumi}{0}
 \setcounter{enumii}{0}
 \setcounter{enumiii}{0}
-\setcounter{enumiv}{6}
+\setcounter{enumiv}{7}
 \setcounter{footnote}{0}
 \setcounter{mpfootnote}{0}
 \setcounter{part}{0}
--- a/Bibliography.bib
+++ b/Bibliography.bib
@ -35,6 +35,16 @@
 	url = {https://patterns.eecs.berkeley.edu/?page_id=571},
 }

+@misc{CVE-2019-10747,
+	key = {CVE-2019-10747},
+	title = {{set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and $\_$proto$\_$ payloads.}},
+	howpublished = {National Vulnerability Database},
+	institution ={NIST},
+	month = aug,
+	year = {2019},
+	url = {https://nvd.nist.gov/vuln/detail/CVE-2019-10747},
+}
+
@article{abraham_predictive_2014,
 	title = {Predictive {Cyber} {Security} {Analytics} {Framework} : {A} {Non}-{Homogenous} {Markov} {Model} for {Security} {Quantification}},
 	doi = {10.5121/csit.2014.41316},
--- a/Chapter3.aux
+++ b/Chapter3.aux
@ -1,13 +1,12 @@
 \relax 
 \@writefile{toc}{\contentsline {chapter}{\numberline {CHAPTER 3: }{\bf  \uppercase {UTILITY EXTENSIONS TO THE RAGE ATTACK GRAPH GENERATOR}}}{3}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {3.1}\bf  Path Walking}{3}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {3.2}\bf  Compound Operators}{3}{}\protected@file@percent }
+\newlabel{sec:compops}{{3.2}{3}}
 \citation{cook_rage_2018}
 \@writefile{lof}{\contentsline {figure}{\numberline {3.1}{\ignorespaces Path Walking to State 14}}{4}{}\protected@file@percent }
 \newlabel{fig:PW}{{3.1}{4}}
-\@writefile{toc}{\contentsline {section}{\numberline {3.2}\bf  Compound Operators}{4}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {3.3}\bf  Color Coding}{5}{}\protected@file@percent }
-\@writefile{lof}{\contentsline {figure}{\numberline {3.2}{\ignorespaces Color Coding a Small Network Based on Violations}}{6}{}\protected@file@percent }
-\newlabel{fig:CC}{{3.2}{6}}
 \citation{cook_rage_2018}
 \citation{li_concurrency_2019}
 \citation{li_combining_2019}
@ -15,11 +14,14 @@
 \citation{ainsworth_graph_2016}
 \citation{berry_graph_2007}
 \citation{cook_rage_2018}
+\@writefile{lof}{\contentsline {figure}{\numberline {3.2}{\ignorespaces Color Coding a Small Network Based on Violations}}{6}{}\protected@file@percent }
+\newlabel{fig:CC}{{3.2}{6}}
+\@writefile{toc}{\contentsline {section}{\numberline {3.4}\bf  Intermediate Database Storage}{6}{}\protected@file@percent }
 \citation{zhang_boosting_2017}
-\@writefile{toc}{\contentsline {section}{\numberline {3.4}\bf  Intermediate Database Storage}{7}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.4.1}\it  Memory Constraint Difficulties}{7}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.4.2}\it  Maximizing Performance with Intermediate Database Storage}{8}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.4.3}\it  Portability}{9}{}\protected@file@percent }
+\citation{CVE-2019-10747}
 \@writefile{toc}{\contentsline {section}{\numberline {3.5}\bf  Relational Operators}{10}{}\protected@file@percent }
 \@setckpt{Chapter3}{
 \setcounter{page}{11}
--- a/Chapter3.tex
+++ b/Chapter3.tex
@ -20,7 +20,7 @@ of the original Attack Graph, but the reduction can aid in simplifying the analy
        \label{fig:PW}
 \end{figure}

-\TUsection{Compound Operators}
+\TUsection{Compound Operators} \label{sec:compops}
 Many of the networks previously generated by RAGE compromise of states with features that can be fully enumerated. In many of the generated networks, there is an 
 established set of qualities that will be used, with an established set of values. These typically have included $``compliance$\_$vio=true/false"$,
 $``root=true/false"$, or other general $``true/false"$ values or $``version=X"$ qualities. To expand on the types and complexities of networks that can be
@ -89,7 +89,7 @@ performance benefits of memory operations since graph computation relies less on
 To decide when to store to the database instead of memory, two separate checks are made. The first check is for the frontier. If the size of the frontier consumes equal to or more than the allowed allocated memory, then all new states
 are stored into a new table in the database called “unexplored states”. Each new state from this point forward is stored in the table, regardless of if room is freed in the frontier. This is to ensure proper ordering of the FIFO queue.
 The only time new states are stored directly into the frontier is when the unexplored states table is empty. Once the frontier has been completely emptied, new states are then pulled from the database into the frontier. To pull from
- the database, parent loop for the generator process has been altered. Instead of a while loop for when the frontier is not empty, it has been adjusted to when the frontier is not empty or the unexplored states table is not empty. Due
+ the database, the parent loop for the generator process has been altered. Instead of a while loop for when the frontier is not empty, it has been adjusted to when the frontier is not empty or the unexplored states table is not empty. Due
 to C++ using short-circuit evaluation, some performance is gained since no SQL statement must be passed to disk to check the size of the unexplored states table unless the frontier is empty. The original design was to store new states
 into the frontier during the critical section to avoid testing on already-explored states. As a result, writing new states to the database is also performed during the critical section.

@ -109,5 +109,13 @@ performance benefits of memory operations since graph computation relies less on
 request option), and the intermediate database storage process would function in the same fashion.


-\TUsection{Relational Operators} Fifth section of the third chapter.
+\TUsection{Relational Operators}
+As discussed in Section \ref{sec:compops}, many of the networks previously generated by RAGE compromise of states with an established set of qualities and values. These typically have included $``compliance$\_$vio=true/false"$,
+$``root=true/false"$, or other general $``true/false"$ values or $``version=X"$ qualities. To further expand the dynamism of attack graph generation, it is important to distinguish when a quality has a value that satisifies a
+relational comparison to an exploit. An example application can be seen through CVE-2019-10747, where "set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1" \cite{CVE-2019-10747}. Prior to the implementation
+of relational operators, to determine whether this exploit was applicable to a network state, multiple exploit qualities must be enumerated for all versions prior to 3.0.1. This would mean that the exploit needed to check if 
+\textit{version=3.0.0}, or \textit{version=2.0.0}, or \textit{version=1.0.0}, or \textit{version=0.4.3}, etc. This becomes increasingly tedious when there are many versions, and not only reduces readability, but is also more
+prone to human error when creating the exploit files. As a result, relational operators were implemented.

+To implement the relational operators, operator overloads were placed into the Quality class. At the time of writing, the following are implemented: $==$, $<$, $>$, $\leq$, $\geq$. However, these operators do not take up room in the 
+encoding scheme, so additional operators can be freely implemented as needed. The overloads ensure that the Quality asset IDs and Quality names match, and then compares the Quality values based on the operator in question.
--- a/Schrick-Noah_MS-Thesis.aux
+++ b/Schrick-Noah_MS-Thesis.aux
@ -24,9 +24,10 @@
 \bibcite{ainsworth_graph_2016}{1}
 \bibcite{berry_graph_2007}{2}
 \bibcite{cook_rage_2018}{3}
-\bibcite{li_combining_2019}{4}
-\bibcite{li_concurrency_2019}{5}
-\bibcite{zhang_boosting_2017}{6}
+\bibcite{CVE-2019-10747}{4}
+\bibcite{li_combining_2019}{5}
+\bibcite{li_concurrency_2019}{6}
+\bibcite{zhang_boosting_2017}{7}
 \bibstyle{plain}
 \@writefile{toc}{{\hfill \ }}
 \@writefile{toc}{\contentsline {section}{\hspace  {-\parindent }NOMENCLATURE}{17}{}\protected@file@percent }
--- a/Schrick-Noah_MS-Thesis.bbl
+++ b/Schrick-Noah_MS-Thesis.bbl
@ -16,6 +16,13 @@ Kyle Cook.
 \newblock {\em {RAGE}: {The} {Rage} {Attack} {Graph} {Engine}}.
 \newblock PhD thesis, 2018.

+\bibitem{CVE-2019-10747}
+{set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1.
+  The function mixin-deep could be tricked into adding or modifying properties
+  of Object.prototype using any of the constructor, prototype and $\_$proto$\_$
+  payloads.}
+\newblock National Vulnerability Database, August 2019.
+
 \bibitem{li_combining_2019}
 Ming Li, Peter Hawrylak, and John Hale.
 \newblock Combining {OpenCL} and {MPI} to support heterogeneous computing on a
--- a/Schrick-Noah_MS-Thesis.blg
+++ b/Schrick-Noah_MS-Thesis.blg
@ -12,45 +12,45 @@ The style file: plain.bst
 A level-1 auxiliary file: Appendices.aux
 Database file #1: Bibliography.bib
 Warning--empty school in cook_rage_2018
-You've used 6 entries,
+You've used 7 entries,
            2118 wiz_defined-function locations,
-            535 strings with 5191 characters,
-and the built_in function-call counts, 1883 in all, are:
-= -- 190
-> -- 87
+            540 strings with 5497 characters,
+and the built_in function-call counts, 2047 in all, are:
+= -- 206
+> -- 88
 < -- 2
-+ -- 34
+ -- 35
 - -- 28
-* -- 111
-:= -- 324
-add.period$ -- 18
-call.type$ -- 6
-change.case$ -- 31
+* -- 118
+:= -- 342
+add.period$ -- 20
+call.type$ -- 7
+change.case$ -- 35
 chr.to.int$ -- 0
-cite$ -- 7
-duplicate$ -- 79
-empty$ -- 130
+cite$ -- 8
+duplicate$ -- 86
+empty$ -- 153
 format.name$ -- 28
-if$ -- 392
+if$ -- 433
 int.to.chr$ -- 0
-int.to.str$ -- 6
+int.to.str$ -- 7
 missing$ -- 5
-newline$ -- 33
+newline$ -- 37
 num.names$ -- 12
-pop$ -- 30
+pop$ -- 37
 preamble$ -- 1
-purify$ -- 26
+purify$ -- 29
 quote$ -- 0
-skip$ -- 68
+skip$ -- 76
 stack$ -- 0
-substring$ -- 94
-swap$ -- 24
+substring$ -- 99
+swap$ -- 25
 text.length$ -- 2
 text.prefix$ -- 0
 top$ -- 0
-type$ -- 24
+type$ -- 28
 warning$ -- 1
 while$ -- 18
-width$ -- 7
-write$ -- 65
+width$ -- 8
+write$ -- 73
 (There was 1 warning)
--- a/Schrick-Noah_MS-Thesis.log
+++ b/Schrick-Noah_MS-Thesis.log
@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.141592653-2.6-1.40.23 (TeX Live 2021/Arch Linux) (preloaded format=pdflatex 2022.2.14)  25 FEB 2022 16:46
+This is pdfTeX, Version 3.141592653-2.6-1.40.23 (TeX Live 2021/Arch Linux) (preloaded format=pdflatex 2022.2.14)  25 FEB 2022 17:30
 entering extended mode
 restricted \write18 enabled.
 %&-line parsing enabled.
@ -299,10 +299,10 @@ CHAPTER 7.
 ### semi simple group (level 1) entered at line 52 (\begingroup)
 ### bottom level 
 Here is how much of TeX's memory you used:
- 2121 strings out of 478353
- 37194 string characters out of 5854635
- 344865 words of memory out of 5000000
- 20194 multiletter control sequences out of 15000+600000
+ 2123 strings out of 478353
+ 37223 string characters out of 5854635
+ 344878 words of memory out of 5000000
+ 20196 multiletter control sequences out of 15000+600000
 407157 words of font info for 39 fonts, out of 8000000 for 9000
 1141 hyphenation exceptions out of 8191
 55i,7n,62p,310b,1268s stack positions out of 5000i,500n,10000p,200000b,80000s
@ -312,7 +312,7 @@ texmf-dist/fonts/type1/public/amsfonts/cm/cmmi12.pfb></usr/share/texmf-dist/fon
 ts/type1/public/amsfonts/cm/cmr12.pfb></usr/share/texmf-dist/fonts/type1/public
 /amsfonts/cm/cmsy10.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/c
 mti12.pfb></usr/share/texmf-dist/fonts/type1/public/cm-super/sfrm1200.pfb>
-Output written on Schrick-Noah_MS-Thesis.pdf (29 pages, 200518 bytes).
+Output written on Schrick-Noah_MS-Thesis.pdf (29 pages, 202909 bytes).
 PDF statistics:
 130 PDF objects out of 1000 (max. 8388607)
 84 compressed objects within 1 object stream
--- a/Schrick-Noah_MS-Thesis.pdf
+++ b/Schrick-Noah_MS-Thesis.pdf
--- a/Schrick-Noah_MS-Thesis.toc
+++ b/Schrick-Noah_MS-Thesis.toc
@ -21,9 +21,9 @@
 \contentsline {section}{\numberline {2.4}\bf Compliance Graphs}{2}{}%
 \contentsline {chapter}{\numberline {CHAPTER 3: }{\bf \uppercase {UTILITY EXTENSIONS TO THE RAGE ATTACK GRAPH GENERATOR}}}{3}{}%
 \contentsline {section}{\numberline {3.1}\bf Path Walking}{3}{}%
-\contentsline {section}{\numberline {3.2}\bf Compound Operators}{4}{}%
+\contentsline {section}{\numberline {3.2}\bf Compound Operators}{3}{}%
 \contentsline {section}{\numberline {3.3}\bf Color Coding}{5}{}%
-\contentsline {section}{\numberline {3.4}\bf Intermediate Database Storage}{7}{}%
+\contentsline {section}{\numberline {3.4}\bf Intermediate Database Storage}{6}{}%
 \contentsline {subsection}{\numberline {3.4.1}\it Memory Constraint Difficulties}{7}{}%
 \contentsline {subsection}{\numberline {3.4.2}\it Maximizing Performance with Intermediate Database Storage}{8}{}%
 \contentsline {subsection}{\numberline {3.4.3}\it Portability}{9}{}%