A Framework to Find Vulnerabilities Using State Characteristics in Transport Protocol Implementations
Project Members
Sam Jero, Hyojeong Lee and Cristina Nita-Rotaru
Sam Jero, Hyojeong Lee and Cristina Nita-Rotaru
Abstract
We propose a platform for automatically finding attacks in transport protocol
implementations. Our platform uses virtual machines connected with a network
emulator to run unmodified target implementations, ensuring realism. We focus on
attacks involving the manipulation or injection of protocol messages and build a
framework to perform these basic malicious actions. To mitigate state-space
explosion resulting from numerous combinations of malicious actions and protocol
messages, we leverage protocol states. First, we build a state tracker that can
infer the current state of the target system from message traces. Using the
state tracker and a benign execution, we classify states based on observable
characteristics. We then associate basic attack actions with characteristics of
states and compose attack strategies based on this information. We monitor the
effect of these attack strategies and determine which actions are effective for
which states. We use this information to focus or prune our attack strategies
for states with similar characteristics.