noah/MSThesis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Relational Operators

Browse Source
This commit is contained in:
Noah L. Schrick 2022-02-25 20:50:23 -06:00
parent c0ed4c3607
commit 86639cfaf0
10 changed files with 72 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Appendices.aux
View File

@ -12,7 +12,7 @@
\setcounter{enumi}{0} \setcounter{enumi}{0}
\setcounter{enumii}{0} \setcounter{enumii}{0}
\setcounter{enumiii}{0} \setcounter{enumiii}{0}
\setcounter{enumiv}{6} \setcounter{enumiv}{7}
\setcounter{footnote}{0} \setcounter{footnote}{0}
\setcounter{mpfootnote}{0} \setcounter{mpfootnote}{0}
\setcounter{part}{0} \setcounter{part}{0}

10
Bibliography.bib
View File

@ -35,6 +35,16 @@
url = {https://patterns.eecs.berkeley.edu/?page_id=571}, url = {https://patterns.eecs.berkeley.edu/?page_id=571},
} }
@misc{CVE-2019-10747,
key = {CVE-2019-10747},
title = {{set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and $\_$proto$\_$ payloads.}},
howpublished = {National Vulnerability Database},
institution ={NIST},
month = aug,
year = {2019},
url = {https://nvd.nist.gov/vuln/detail/CVE-2019-10747},
}
@article{abraham_predictive_2014, @article{abraham_predictive_2014,
title = {Predictive {Cyber} {Security} {Analytics} {Framework} : {A} {Non}-{Homogenous} {Markov} {Model} for {Security} {Quantification}}, title = {Predictive {Cyber} {Security} {Analytics} {Framework} : {A} {Non}-{Homogenous} {Markov} {Model} for {Security} {Quantification}},
doi = {10.5121/csit.2014.41316}, doi = {10.5121/csit.2014.41316},

10
Chapter3.aux
View File

@ -1,13 +1,12 @@
\relax \relax
\@writefile{toc}{\contentsline {chapter}{\numberline {CHAPTER 3: }{\bf \uppercase {UTILITY EXTENSIONS TO THE RAGE ATTACK GRAPH GENERATOR}}}{3}{}\protected@file@percent } \@writefile{toc}{\contentsline {chapter}{\numberline {CHAPTER 3: }{\bf \uppercase {UTILITY EXTENSIONS TO THE RAGE ATTACK GRAPH GENERATOR}}}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3.1}\bf Path Walking}{3}{}\protected@file@percent } \@writefile{toc}{\contentsline {section}{\numberline {3.1}\bf Path Walking}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3.2}\bf Compound Operators}{3}{}\protected@file@percent }
\newlabel{sec:compops}{{3.2}{3}}
\citation{cook_rage_2018} \citation{cook_rage_2018}
\@writefile{lof}{\contentsline {figure}{\numberline {3.1}{\ignorespaces Path Walking to State 14}}{4}{}\protected@file@percent } \@writefile{lof}{\contentsline {figure}{\numberline {3.1}{\ignorespaces Path Walking to State 14}}{4}{}\protected@file@percent }
\newlabel{fig:PW}{{3.1}{4}} \newlabel{fig:PW}{{3.1}{4}}
\@writefile{toc}{\contentsline {section}{\numberline {3.2}\bf Compound Operators}{4}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3.3}\bf Color Coding}{5}{}\protected@file@percent } \@writefile{toc}{\contentsline {section}{\numberline {3.3}\bf Color Coding}{5}{}\protected@file@percent }
\@writefile{lof}{\contentsline {figure}{\numberline {3.2}{\ignorespaces Color Coding a Small Network Based on Violations}}{6}{}\protected@file@percent }
\newlabel{fig:CC}{{3.2}{6}}
\citation{cook_rage_2018} \citation{cook_rage_2018}
\citation{li_concurrency_2019} \citation{li_concurrency_2019}
\citation{li_combining_2019} \citation{li_combining_2019}
@ -15,11 +14,14 @@
\citation{ainsworth_graph_2016} \citation{ainsworth_graph_2016}
\citation{berry_graph_2007} \citation{berry_graph_2007}
\citation{cook_rage_2018} \citation{cook_rage_2018}
\@writefile{lof}{\contentsline {figure}{\numberline {3.2}{\ignorespaces Color Coding a Small Network Based on Violations}}{6}{}\protected@file@percent }
\newlabel{fig:CC}{{3.2}{6}}
\@writefile{toc}{\contentsline {section}{\numberline {3.4}\bf Intermediate Database Storage}{6}{}\protected@file@percent }
\citation{zhang_boosting_2017} \citation{zhang_boosting_2017}
\@writefile{toc}{\contentsline {section}{\numberline {3.4}\bf Intermediate Database Storage}{7}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4.1}\it Memory Constraint Difficulties}{7}{}\protected@file@percent } \@writefile{toc}{\contentsline {subsection}{\numberline {3.4.1}\it Memory Constraint Difficulties}{7}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4.2}\it Maximizing Performance with Intermediate Database Storage}{8}{}\protected@file@percent } \@writefile{toc}{\contentsline {subsection}{\numberline {3.4.2}\it Maximizing Performance with Intermediate Database Storage}{8}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4.3}\it Portability}{9}{}\protected@file@percent } \@writefile{toc}{\contentsline {subsection}{\numberline {3.4.3}\it Portability}{9}{}\protected@file@percent }
\citation{CVE-2019-10747}
\@writefile{toc}{\contentsline {section}{\numberline {3.5}\bf Relational Operators}{10}{}\protected@file@percent } \@writefile{toc}{\contentsline {section}{\numberline {3.5}\bf Relational Operators}{10}{}\protected@file@percent }
\@setckpt{Chapter3}{ \@setckpt{Chapter3}{
\setcounter{page}{11} \setcounter{page}{11}

14
Chapter3.tex
View File

@ -20,7 +20,7 @@ of the original Attack Graph, but the reduction can aid in simplifying the analy
\label{fig:PW} \label{fig:PW}
\end{figure} \end{figure}
\TUsection{Compound Operators} \TUsection{Compound Operators} \label{sec:compops}
Many of the networks previously generated by RAGE compromise of states with features that can be fully enumerated. In many of the generated networks, there is an Many of the networks previously generated by RAGE compromise of states with features that can be fully enumerated. In many of the generated networks, there is an
established set of qualities that will be used, with an established set of values. These typically have included $``compliance$\_$vio=true/false"$, established set of qualities that will be used, with an established set of values. These typically have included $``compliance$\_$vio=true/false"$,
$``root=true/false"$, or other general $``true/false"$ values or $``version=X"$ qualities. To expand on the types and complexities of networks that can be $``root=true/false"$, or other general $``true/false"$ values or $``version=X"$ qualities. To expand on the types and complexities of networks that can be
@ -89,7 +89,7 @@ performance benefits of memory operations since graph computation relies less on
To decide when to store to the database instead of memory, two separate checks are made. The first check is for the frontier. If the size of the frontier consumes equal to or more than the allowed allocated memory, then all new states To decide when to store to the database instead of memory, two separate checks are made. The first check is for the frontier. If the size of the frontier consumes equal to or more than the allowed allocated memory, then all new states
are stored into a new table in the database called “unexplored states”. Each new state from this point forward is stored in the table, regardless of if room is freed in the frontier. This is to ensure proper ordering of the FIFO queue. are stored into a new table in the database called “unexplored states”. Each new state from this point forward is stored in the table, regardless of if room is freed in the frontier. This is to ensure proper ordering of the FIFO queue.
The only time new states are stored directly into the frontier is when the unexplored states table is empty. Once the frontier has been completely emptied, new states are then pulled from the database into the frontier. To pull from The only time new states are stored directly into the frontier is when the unexplored states table is empty. Once the frontier has been completely emptied, new states are then pulled from the database into the frontier. To pull from
the database, parent loop for the generator process has been altered. Instead of a while loop for when the frontier is not empty, it has been adjusted to when the frontier is not empty or the unexplored states table is not empty. Due the database, the parent loop for the generator process has been altered. Instead of a while loop for when the frontier is not empty, it has been adjusted to when the frontier is not empty or the unexplored states table is not empty. Due
to C++ using short-circuit evaluation, some performance is gained since no SQL statement must be passed to disk to check the size of the unexplored states table unless the frontier is empty. The original design was to store new states to C++ using short-circuit evaluation, some performance is gained since no SQL statement must be passed to disk to check the size of the unexplored states table unless the frontier is empty. The original design was to store new states
into the frontier during the critical section to avoid testing on already-explored states. As a result, writing new states to the database is also performed during the critical section. into the frontier during the critical section to avoid testing on already-explored states. As a result, writing new states to the database is also performed during the critical section.
@ -109,5 +109,13 @@ performance benefits of memory operations since graph computation relies less on
request option), and the intermediate database storage process would function in the same fashion. request option), and the intermediate database storage process would function in the same fashion.
\TUsection{Relational Operators} Fifth section of the third chapter. \TUsection{Relational Operators}
As discussed in Section \ref{sec:compops}, many of the networks previously generated by RAGE compromise of states with an established set of qualities and values. These typically have included $``compliance$\_$vio=true/false"$,
$``root=true/false"$, or other general $``true/false"$ values or $``version=X"$ qualities. To further expand the dynamism of attack graph generation, it is important to distinguish when a quality has a value that satisifies a
relational comparison to an exploit. An example application can be seen through CVE-2019-10747, where "set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1" \cite{CVE-2019-10747}. Prior to the implementation
of relational operators, to determine whether this exploit was applicable to a network state, multiple exploit qualities must be enumerated for all versions prior to 3.0.1. This would mean that the exploit needed to check if
\textit{version=3.0.0}, or \textit{version=2.0.0}, or \textit{version=1.0.0}, or \textit{version=0.4.3}, etc. This becomes increasingly tedious when there are many versions, and not only reduces readability, but is also more
prone to human error when creating the exploit files. As a result, relational operators were implemented.
To implement the relational operators, operator overloads were placed into the Quality class. At the time of writing, the following are implemented: $==$, $<$, $>$, $\leq$, $\geq$. However, these operators do not take up room in the
encoding scheme, so additional operators can be freely implemented as needed. The overloads ensure that the Quality asset IDs and Quality names match, and then compares the Quality values based on the operator in question.

7
Schrick-Noah_MS-Thesis.aux
View File

@ -24,9 +24,10 @@
\bibcite{ainsworth_graph_2016}{1} \bibcite{ainsworth_graph_2016}{1}
\bibcite{berry_graph_2007}{2} \bibcite{berry_graph_2007}{2}
\bibcite{cook_rage_2018}{3} \bibcite{cook_rage_2018}{3}
\bibcite{li_combining_2019}{4} \bibcite{CVE-2019-10747}{4}
\bibcite{li_concurrency_2019}{5} \bibcite{li_combining_2019}{5}
\bibcite{zhang_boosting_2017}{6} \bibcite{li_concurrency_2019}{6}
\bibcite{zhang_boosting_2017}{7}
\bibstyle{plain} \bibstyle{plain}
\@writefile{toc}{{\hfill \ }} \@writefile{toc}{{\hfill \ }}
\@writefile{toc}{\contentsline {section}{\hspace {-\parindent }NOMENCLATURE}{17}{}\protected@file@percent } \@writefile{toc}{\contentsline {section}{\hspace {-\parindent }NOMENCLATURE}{17}{}\protected@file@percent }

7
Schrick-Noah_MS-Thesis.bbl
View File

@ -16,6 +16,13 @@ Kyle Cook.
\newblock {\em {RAGE}: {The} {Rage} {Attack} {Graph} {Engine}}. \newblock {\em {RAGE}: {The} {Rage} {Attack} {Graph} {Engine}}.
\newblock PhD thesis, 2018. \newblock PhD thesis, 2018.
\bibitem{CVE-2019-10747}
{set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1.
The function mixin-deep could be tricked into adding or modifying properties
of Object.prototype using any of the constructor, prototype and $\_$proto$\_$
payloads.}
\newblock National Vulnerability Database, August 2019.
\bibitem{li_combining_2019} \bibitem{li_combining_2019}
Ming Li, Peter Hawrylak, and John Hale. Ming Li, Peter Hawrylak, and John Hale.
\newblock Combining {OpenCL} and {MPI} to support heterogeneous computing on a \newblock Combining {OpenCL} and {MPI} to support heterogeneous computing on a

50
Schrick-Noah_MS-Thesis.blg
View File

@ -12,45 +12,45 @@ The style file: plain.bst
A level-1 auxiliary file: Appendices.aux A level-1 auxiliary file: Appendices.aux
Database file #1: Bibliography.bib Database file #1: Bibliography.bib
Warning--empty school in cook_rage_2018 Warning--empty school in cook_rage_2018
You've used 6 entries, You've used 7 entries,
2118 wiz_defined-function locations, 2118 wiz_defined-function locations,
535 strings with 5191 characters, 540 strings with 5497 characters,
and the built_in function-call counts, 1883 in all, are: and the built_in function-call counts, 2047 in all, are:
= -- 190 = -- 206
> -- 87 > -- 88
< -- 2 < -- 2
+ -- 34 + -- 35
- -- 28 - -- 28
* -- 111 * -- 118
:= -- 324 := -- 342
add.period$ -- 18 add.period$ -- 20
call.type$ -- 6 call.type$ -- 7
change.case$ -- 31 change.case$ -- 35
chr.to.int$ -- 0 chr.to.int$ -- 0
cite$ -- 7 cite$ -- 8
duplicate$ -- 79 duplicate$ -- 86
empty$ -- 130 empty$ -- 153
format.name$ -- 28 format.name$ -- 28
if$ -- 392 if$ -- 433
int.to.chr$ -- 0 int.to.chr$ -- 0
int.to.str$ -- 6 int.to.str$ -- 7
missing$ -- 5 missing$ -- 5
newline$ -- 33 newline$ -- 37
num.names$ -- 12 num.names$ -- 12
pop$ -- 30 pop$ -- 37
preamble$ -- 1 preamble$ -- 1
purify$ -- 26 purify$ -- 29
quote$ -- 0 quote$ -- 0
skip$ -- 68 skip$ -- 76
stack$ -- 0 stack$ -- 0
substring$ -- 94 substring$ -- 99
swap$ -- 24 swap$ -- 25
text.length$ -- 2 text.length$ -- 2
text.prefix$ -- 0 text.prefix$ -- 0
top$ -- 0 top$ -- 0
type$ -- 24 type$ -- 28
warning$ -- 1 warning$ -- 1
while$ -- 18 while$ -- 18
width$ -- 7 width$ -- 8
write$ -- 65 write$ -- 73
(There was 1 warning) (There was 1 warning)

12
Schrick-Noah_MS-Thesis.log
View File

@ -1,4 +1,4 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.23 (TeX Live 2021/Arch Linux) (preloaded format=pdflatex 2022.2.14) 25 FEB 2022 16:46 This is pdfTeX, Version 3.141592653-2.6-1.40.23 (TeX Live 2021/Arch Linux) (preloaded format=pdflatex 2022.2.14) 25 FEB 2022 17:30
entering extended mode entering extended mode
restricted \write18 enabled. restricted \write18 enabled.
%&-line parsing enabled. %&-line parsing enabled.
@ -299,10 +299,10 @@ CHAPTER 7.
### semi simple group (level 1) entered at line 52 (\begingroup) ### semi simple group (level 1) entered at line 52 (\begingroup)
### bottom level ### bottom level
Here is how much of TeX's memory you used: Here is how much of TeX's memory you used:
2121 strings out of 478353 2123 strings out of 478353
37194 string characters out of 5854635 37223 string characters out of 5854635
344865 words of memory out of 5000000 344878 words of memory out of 5000000
20194 multiletter control sequences out of 15000+600000 20196 multiletter control sequences out of 15000+600000
407157 words of font info for 39 fonts, out of 8000000 for 9000 407157 words of font info for 39 fonts, out of 8000000 for 9000
1141 hyphenation exceptions out of 8191 1141 hyphenation exceptions out of 8191
55i,7n,62p,310b,1268s stack positions out of 5000i,500n,10000p,200000b,80000s 55i,7n,62p,310b,1268s stack positions out of 5000i,500n,10000p,200000b,80000s
@ -312,7 +312,7 @@ texmf-dist/fonts/type1/public/amsfonts/cm/cmmi12.pfb></usr/share/texmf-dist/fon
ts/type1/public/amsfonts/cm/cmr12.pfb></usr/share/texmf-dist/fonts/type1/public ts/type1/public/amsfonts/cm/cmr12.pfb></usr/share/texmf-dist/fonts/type1/public
/amsfonts/cm/cmsy10.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/c /amsfonts/cm/cmsy10.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/c
mti12.pfb></usr/share/texmf-dist/fonts/type1/public/cm-super/sfrm1200.pfb> mti12.pfb></usr/share/texmf-dist/fonts/type1/public/cm-super/sfrm1200.pfb>
Output written on Schrick-Noah_MS-Thesis.pdf (29 pages, 200518 bytes). Output written on Schrick-Noah_MS-Thesis.pdf (29 pages, 202909 bytes).
PDF statistics: PDF statistics:
130 PDF objects out of 1000 (max. 8388607) 130 PDF objects out of 1000 (max. 8388607)
84 compressed objects within 1 object stream 84 compressed objects within 1 object stream

BIN
Schrick-Noah_MS-Thesis.pdf
View File

Binary file not shown.

4
Schrick-Noah_MS-Thesis.toc
View File

@ -21,9 +21,9 @@
\contentsline {section}{\numberline {2.4}\bf Compliance Graphs}{2}{}% \contentsline {section}{\numberline {2.4}\bf Compliance Graphs}{2}{}%
\contentsline {chapter}{\numberline {CHAPTER 3: }{\bf \uppercase {UTILITY EXTENSIONS TO THE RAGE ATTACK GRAPH GENERATOR}}}{3}{}% \contentsline {chapter}{\numberline {CHAPTER 3: }{\bf \uppercase {UTILITY EXTENSIONS TO THE RAGE ATTACK GRAPH GENERATOR}}}{3}{}%
\contentsline {section}{\numberline {3.1}\bf Path Walking}{3}{}% \contentsline {section}{\numberline {3.1}\bf Path Walking}{3}{}%
\contentsline {section}{\numberline {3.2}\bf Compound Operators}{4}{}% \contentsline {section}{\numberline {3.2}\bf Compound Operators}{3}{}%
\contentsline {section}{\numberline {3.3}\bf Color Coding}{5}{}% \contentsline {section}{\numberline {3.3}\bf Color Coding}{5}{}%
\contentsline {section}{\numberline {3.4}\bf Intermediate Database Storage}{7}{}% \contentsline {section}{\numberline {3.4}\bf Intermediate Database Storage}{6}{}%
\contentsline {subsection}{\numberline {3.4.1}\it Memory Constraint Difficulties}{7}{}% \contentsline {subsection}{\numberline {3.4.1}\it Memory Constraint Difficulties}{7}{}%
\contentsline {subsection}{\numberline {3.4.2}\it Maximizing Performance with Intermediate Database Storage}{8}{}% \contentsline {subsection}{\numberline {3.4.2}\it Maximizing Performance with Intermediate Database Storage}{8}{}%
\contentsline {subsection}{\numberline {3.4.3}\it Portability}{9}{}% \contentsline {subsection}{\numberline {3.4.3}\it Portability}{9}{}%