Ontology model for c overflow vulnerabilities attack
1. Ontology Model
for
C-Overflow
Vulnerabilities
Attack
NURUL HASZELI, SYED AHMAD
ALJUNID, NORMALY KAMAL ISMAIL,
MUTHUKKARUPPAN ANNAMALAI,
SHAIFUL BAKHTIAR BIN RODZMAN
Faculty of Computer & Mathematical Sciences,
Universiti Teknologi MARA, Shah Alam, Malaysia
21st March 2020
2. Abstract
1. A proposal to model C-Overflow Vulnerabilities (COV) Attack using Ontology concept
2. The proposed model includes the relationship between the vulnerabilities and its properties
(characteristics and behavior)
3. Many existing COV model ignore the relationship resulting of inefficiencies in detecting COV.
4. There are existing COV model that focus on relationship based on the symptoms rather than root cause
resulting of false alarm.
5. Using Ontology Model to model the COV attack will resolved the above limitations does increase the
accuracy in detecting COV.
6. The Ontology Model of COV Attack is comprises of 16 classes and 4 new object properties
Ontology Model for C-Overflow Vulnerabilities Attack
3. Table of Contents
1.0 Introduction
• 2.1 Ontology Framework Design
• 2.2 Ontology Construction
• 2.3 Result & Analysis
2.0 Research Method
3.0 Conclusion
4.0 Acknowledgement
Ontology Model for C-Overflow Vulnerabilities Attack
5. 1.0 Introduction
1. Program analysis started in the early 70s for debugging, verifying and understanding computer systems and
further extended as program analysis is used for security analysis to analyze software vulnerabilities within
computer systems in the early 2000s.
2. Among all vulnerabilities, overflow vulnerabilities (OV) is the most prominent and predicted to continue its
existence, with C Overflow Vulnerabilities (COV) as the most dangerous due to its behavior, lack of defensive and
preventive measures.
3. There are 10 classes of COV based on its unique characteristics, behavior and trigger path.
4. There are many methods, techniques and tools introduce to combat COV.
5. Recently, ontology was brought into software security domain such as by H. Gomes in [13] and specifically for
program analysis by Harshal et al in [14] to improve the effectiveness of COV detection.
Ontology Model for C-Overflow Vulnerabilities Attack
6. 1.0 Introduction .. continue
6. The use of ontology will help to capture the relationship between the classes and provide a readable
specifications between the taxonomy and source code in a structure model [14]. This will enhance the
analysis capability such as in [15] especially in a complicated source code or application in [16].
7. The earliest and significant implementation of ontology method in static analysis was identified as by
Ellison & Rosu in 2012 [18] and Hatthorn in 2015 [19].
8. However, there are still shortcomings on the implementations. The ontology used was similar to
constructing taxonomy and/or focusing on symptoms rather than root cause. This has reduced the
effectiveness of the method (Alqahtani et al. in [20])
Ontology Model for C-Overflow Vulnerabilities Attack
9. 2.2 Ontology Construction
1. Ontology must be designed in intention to meet the purpose and reasons of their development
(Shaharuddin et al in [21] )
2. The ontology construction is started by identifying the additional classes based on the 10 attack classes.
Based on that, it is extended with Activity, Function, Vulnerable Criteria, Location, Other Attack and
Situation which is significant to the domain.
Ontology Model for C-Overflow Vulnerabilities Attack
Class Vulnerable
Criteria
Function Activity Location Other
Attack
Situations
Array Out of Bound ✔ ✔
Unsafe Function ✔ ✔ ✔ ✔
Memory Function ✔ ✔ ✔
Table 1: The Example Extended Classes of C-Overflow Vulnerabilities for Ontology Construction
10. 2.2 Ontology Construction.. continue
1. It is followed with the data collection and analysis according to the previous
taxonomy in [22].
2. Upon completed, the ontology is designed based on the step suggested by
Noy, N. F., & McGuinness in [23].
3. Once the design completed, it is constructed using a tool (Protégé) and
finally, the ontology is verified using SPARQL query.
Ontology Model for C-Overflow Vulnerabilities Attack
11. 2.3 Result & Analysis
Ontology Model for C-Overflow Vulnerabilities Attack
With extended classes due to satisfying the
ontology domain
An Ontograph of Unsafe Function class in C-Overflow
Vulnerabilities Attack
12. 2.3 Result & Analysis… continue
Ontology Model for C-Overflow Vulnerabilities Attack
An example of hasCriteria and the criteria satisfying the
domain for Array Out of Bound Vulnerabilities Attack
Class
13. 2.3 Result & Analysis… continue (result)
1. The method was based on work by Hamiz et al [24] and informal review with Dr. Hazrina binti Sofian
from Faculty of Computer Science & Information Technology, Universiti Malaya.
2. Using SPARQL query to extract the information based on the constructed ontology.
3. Based on the evaluation, it shows that using ontology, reliable and significant information are possible to
be extracted, thus allowing for accurate and effective analysis on COV.
4. Consequently, shown to us the classes and Object Properties that have been added on the C-Overflow
Vulnerabilities Attack Ontology Model have its own purpose and can be utilized in further research and
analysis due to it can provide the correct and right information.
15. 3.0 Conclusion
1. Through the previous research, the researcher has identified the 10 types COV that can be the basis of
the Classes with additional frequent classes related to the domain such as Activity, Function, Vulnerable
Criteria, Location, Other Attack and Situation.
2. Furthermore, four object properties such as; afffectFunction, hasCriteria, hasPart, and hasSituation also
have been added to link and provide the association among the classes.
3. Evaluation on the constructed ontology shown a promising technique in combating COV attacks.
4. Further research which shall includes an actual complete constructed C program and the development
of static analysis program to analyze the code shall be implemented to prove the effectiveness of the
ontology model.
Ontology Model for C-Overflow Vulnerabilities Attack
16. 4.0
Acknowledgement
This research is funded by the
Ministry of Education (MOE)
Malaysia under FRGS Research
Grant at Universiti Teknologi MARA,
Shah Alam (600-IRMI/FRGS 5/3
(021/2017)).
Ontology Model for C-Overflow Vulnerabilities Attack
18. Ontology Model for C-Overflow
Vulnerabilities Attack
Nurul Haszeli Ahmad, Syed Ahmad Aljunid, Normaly Kamal Ismail,
Muthukkaruppan Annamalai, Shaiful Bakhtiar bin Rodzman
Ontology Model for C-Overflow Vulnerabilities Attack
Faculty of Computer & Mathematical Sciences,
Universiti Teknologi MARA, Shah Alam, Malaysia
21st March 2020
Editor's Notes
An example, the Unsafe Function class that contain three subclasses such as Criteria, Most Attack and Similar Attach