The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Samuel Jero - Purdue University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations

Aug 26, 2015

Download: Video Icon MP4 Video Size: 103.5MB  
Watch on Youtube Watch on YouTube

Abstract

Network transport protocols, like TCP, underlie the vast majority of Internet communication, from email to web browsing to instant messaging to file transfer. Despite their importance, these protocols are difficult to implement correctly, leading to a long string of bugs and vulnerabilities dating back to 1985.

In this talk we present a new method for finding attacks in unmodified transport protocol implementations using the specification of the protocol state machine to reduce the search space of possible attacks. Such reduction is obtained by applying malicious actions to all packets of the same type observed in the same state instead of applying them to individual packets. Our method requires knowledge of the packet formats and protocol state machine. We demonstrate our approach by developing SNAKE, a tool that automatically finds performance and resource exhaustion attacks on unmodified transport protocol implementations. SNAKE utilizes virtualization to run unmodified implementations in their intended environments and network emulation to create the network topology. SNAKE was able to find 9 attacks on 2 transport protocols, 5 of which we believe to be unknown in the literature. This work was awarded best paper in DSN 2015.

About the Speaker

Samuel Jero
Samuel Jero is a PhD student in the Department of Computer Science at Purdue University working with Prof. Cristina Nita-Rotaru. He is a member of the Dependable and Secure Distributed Systems Lab (DS^2) and the Center for Education and Research in Information Assurance and Security (CERIAS). His research interests include fault tolerance, security, and testing for network protocols and distributed systems. He is a recipient of the Purdue University Andrews Fellowship. He received a combined BS and MS in Computer Science from Ohio University in 2013.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!