Professional Documents
Culture Documents
1 Introduction
Recently, it has been being increased to introduce an Open Source Software
(OSS) such as Apache, Linux, BSD, Mozilla, MySQL, OpenSSL, Crypto++
and so on, that contains security functions and cryptography modules, for the
purpose of shorten the development duration of Information Security System
(ISS)[1]. OpenSSL which is a well known OSS of cryptography component is
mostly used for IDS or VPN development[11]. OSS based components (e.g.,
cryptography component, communication functions) embodied in various forms,
and they are offered as a form of OSS. It is possible that most of ISS developers
use components, which are in the form of OSS, without a formal analysis to
shorten the period of development.Thus, they could be loaded and embedded
to source code of ISS without the assurance of security. Therefore, the safety
and security of OSS-embedded ISS is not guaranteed. Also, the most developers
and security evaluators in Common Criteria(CC, ISO/IEC 15408) evaluation
scheme should know the details about inner structure and source code as well as
development information of OSS, because they use and evaluate some cryptog-
raphy components in OSS. However, it is very hard, because most of OSS do not
have any documentation and development information. Thus, we should obtain
deliverables for evaluation by means of reverse-engineering from OSS.
From those backgrounds, we have researched and developed the following
topics for developers and evaluators in CC evaluation scheme:
O. Gervasi et al. (Eds.): ICCSA 2005, LNCS 3481, pp. 215–224, 2005.
c Springer-Verlag Berlin Heidelberg 2005
216 S.-j. Choi, Y.-h. Kang, and G.-s. Lee
• Research of a new test method and paradigm for an OSS embedded ISS.
• Development of a ROSEM as a test case generation for cryptography com-
ponents in OpenSSL.
• As a case study, generation of test case for testing cryptography function
such as rc4 in OpenSSL by using ROSEM.
Next section presents a test method for OSS embedded ISS. Section 3 presents
development of ROSEM. Section 4 presents the result of test case generation for
OpenSSL by using ROSEM, as a case study. In Section 5, we summarize and
conclude.
"deliverables"
vulnerability configuration
manage template for non-security
analysis
evaluation OSS function
• OSS development process: The most of OSS does not have the development
and evaluation process. Because it has been modified by developers without
uniform development process and evaluation process whenever new function
is required. Then, new version of OSS has been distributed through network.
Note that, the integrity of configuration of the OSS should be preserved and
A Security Evaluation and Testing Methodology 217
• [Step 2.1] Derivation of test item: The phase of function specification has
the test items. It is regarded a test item as a class have been divided according
to function approximately.
• [Step 2.2] Family and component (function A1, A2..) specific : All of the
function could be divided sub-function in details. The several sub-functions
218 S.-j. Choi, Y.-h. Kang, and G.-s. Lee
TOE requested
evaluation component An element An
OpenSSL+
>
"start" “St Module "inserted harness
Module code"
Analyser
command Module >
execution Module >
Module >
Module >
"execution
"finish" path" Module
result
(execution etc.)
GUI engine
code of OpenSSL+, and the result of analyzed information have been output
which certain orders are being operated. The ROSEM shows the monitoring
procedure of the operation for OpenSSL embedded ISS.
This method have been perfectly executed the every test case on real time.
ISS which used certain function of OpenSSL will be call a set of function library
in OpenSSL and the called function library sends its own operation information
to monitoring tools and returns the operating result to the next code. After it
chould be analyzed the received logging information through log analyzer, also
the monitoring tool shows that on the screen by using GUI engine.
ROSEM have been made up correcting module, analyzing module, preserva-
tion module and presentation module of OpenSSL-embedded ISS as like Fig. 5.
We have designed classes for implementation of ROSEM. In Fig 6. is a sample
of generated class design.
A Security Evaluation and Testing Methodology 221
Below clause shows a generated test case and an evaluation method by ap-
plying monitor tools had been developed.
The cryptography resulting of the testfile.txt had been done the gathering
of hex value. It is certain that the cryptography function of RC2 had been
achieved normally. The RC2 cryptography had been used EVP as well. The
testing of Module, which had been used in this cryptography function, it could
be analyzed on the monitor tool with the information of logging, too. It had been
occurred about 15,600 logs during running this RC2 cryptography function. We
present logs screen which is captured the testing result as like Fig. 8.
Fig. 8. The captured of RC2 function test result log screen (TS-37)
We can see that mainly five modules are operating apart from basic modules
to cryptography RC2. That is, BIO module for input/output and user interface
module to ask codes and take them, RAND module which is generating random
222 S.-j. Choi, Y.-h. Kang, and G.-s. Lee
Element
(API NUMBER Function) Kind of function type Function form
numbers to encode, MD for message digest, and SHA module, and RC module
for cryptography.
An evaluation requestor has to generate the specification of test through test
bed as like Fig. 9 and should be evaluated it with other deliverables of TOE
when he applies to evaluation. It is similar to procedure of existing certification,
the OSS part in TOE should be compared the template of OSS testing with
test specification of TOE in deliverable which provided from the requestor of
evaluation. It has been assured to be correctly loaded the OSS part in TOE and
to be trusted OSS-embedded TOE.
Acknowledgements
This work was supported by KISA(Korea Information Security Agency)&RRC(a
grand No.R12-2003-004-01001-0 from Ministry of Commerce a Industry and
Energy).
References
1. A. Wheeler, Why Open Source Software / Free Software (OSS/FS)? Look at the
Numbers!. July 23, 2004, http://www.dwheeler.com.
2. B. Beizer, Black-Box Testing, John Wiley & Sons, 1995.
3. NIST Special Publication 800-29, A Comparison of the Security Requirements for
Cryptographic Modules, FIPS 140-1 AND FIPS 140-2, Ray Snouffer, Annabelle Lee
and Arch Oldehoeft, NIST, June, 2001.
4. British Computer Society Specialist Interest Group in Software Testing(BCS
SIGIST), Standard for Software Component Testing, Working Draft 3.4, April
2001. 2001.
224 S.-j. Choi, Y.-h. Kang, and G.-s. Lee