CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations

Samuel Jero

Samuel Jero - Purdue University

Aug 26, 2015

Size: 103.5MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Network transport protocols, like TCP, underlie the vast majority of Internet communication, from email to web browsing to instant messaging to file transfer. Despite their importance, these protocols are difficult to implement correctly, leading to a long string of bugs and vulnerabilities dating back to 1985.

In this talk we present a new method for finding attacks in unmodified transport protocol implementations using the specification of the protocol state machine to reduce the search space of possible attacks. Such reduction is obtained by applying malicious actions to all packets of the same type observed in the same state instead of applying them to individual packets. Our method requires knowledge of the packet formats and protocol state machine. We demonstrate our approach by developing SNAKE, a tool that automatically finds performance and resource exhaustion attacks on unmodified transport protocol implementations. SNAKE utilizes virtualization to run unmodified implementations in their intended environments and network emulation to create the network topology. SNAKE was able to find 9 attacks on 2 transport protocols, 5 of which we believe to be unknown in the literature. This work was awarded best paper in DSN 2015.

About the Speaker

Samuel Jero is a PhD student in the Department of Computer Science at Purdue University working with Prof. Cristina Nita-Rotaru. He is a member of the Dependable and Secure Distributed Systems Lab (DS^2) and the Center for Education and Research in Information Assurance and Security (CERIAS). His research interests include fault tolerance, security, and testing for network protocols and distributed systems. He is a recipient of the Purdue University Andrews Fellowship. He received a combined BS and MS in Computer Science from Ohio University in 2013.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.