AdI­DoS - Ad­ap­ti­ve and In­tel­li­gent Ful­ly-Au­to­ma­tic De­tec­tion of De­ni­al-of-Ser­vice We­ak­nes­ses in Web Ser­vices

Chris­ti­an Alt­mei­er, Chris­ti­an Main­ka, Juraj So­mo­rovs­ky, Jörg Schwenk

In­ter­na­tio­nal Work­shop on Quan­ti­ta­ti­ve As­pects of Se­cu­ri­ty As­suran­ce (QASA), Vi­en­na, Aus­tria, 2015


Ab­stract

De­ni­al-of-Ser­vice (DoS) at­tacks aim to af­fect avail­a­bi­li­ty of ap­p­li­ca­ti­ons. They can be exe­cu­ted using se­ver­al tech­ni­ques. Most of them are based upon a huge com­pu­ting power that is used to send a large amount of mes­sa­ges to at­ta­cked ap­p­li­ca­ti­ons, e.g. web ser­vices. Web ser­vices apply par­sing tech­no­lo­gies to pro­cess in­co­ming XML mes­sa­ges. This en­lar­ges the amount of at­tack vec­tors since at­ta­ckers get new pos­si­bi­li­ties to abuse spe­ci­fic par­ser fea­tures and com­plex par­sing tech­ni­ques. The­re­fo­re, web ser­vice ap­p­li­ca­ti­ons apply va­rious coun­ter­me­a­su­res, in­clu­ding mes­sa­ge length or XML ele­ment re­stric­tions. These coun­ter­me­a­su­res make va­li­da­ti­ons of web ser­vice ro­bust­ness against DoS at­tacks com­plex and error prone.

In this paper, we pre­sent a novel ad­ap­ti­ve and in­tel­li­gent ap­proach for tes­ting web ser­vices. Our al­go­rithm sys­te­ma­ti­cal­ly in­crea­ses the at­tack strength and eva­lua­tes its im­pact on a given web se­ri­ce, using a black­box ap­proach based on ser­ver re­s­pon­se times. This al­lows one to au­to­ma­ti­cal­ly de­tect mes­sa­ge size li­mits or ele­ment count re­stric­tions. We prove the prac­tica­bi­li­ty of our ap­proach by im­ple­men­ting a new WS-At­ta­cker plu­gin and de­tec­ting new DoS vul­nerabi­li­ties in wi­de­ly used web ser­vice im­ple­men­ta­ti­ons.

The di­stri­bu­ted do­cu­ment has been pro­vi­ded by the cont­ri­bu­ting aut­hors as a means to en­su­re ti­me­ly dis­se­mi­na­ti­on of scho­lar­ly and tech­ni­cal work on a non­com­mer­ci­al basis. Co­py­right and all rights the­r­ein are main­tained by the aut­hors or by other co­py­right hol­ders, not­wi­th­stan­ding that they have of­fe­red their works here elec­tro­ni­cal­ly. It is un­ders­tood that all per­sons co­py­ing this in­for­ma­ti­on will ad­he­re to the terms and cons­traints in­vo­ked by each aut­hor's co­py­right. These works may not be re­pos­ted wi­thout the ex­pli­cit per­mis­si­on of the co­py­right hol­der.

[Paper PDF]

Tags: DoS, soap, Web Ser­vice, WS-At­ta­cker