Proceedings 2019 Network and Distributed System Security Symposium 2019
DOI: 10.14722/ndss.2019.23430
|View full text |Cite
|
Sign up to set email alerts
|

Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification

Abstract: We discuss how symbolic execution can be used to not only find low-level errors but also analyze the semantic correctness of protocol implementations. To avoid manually crafting test cases, we propose a strategy of meta-level search, which leverages constraints stemmed from the input formats to automatically generate concolic test cases. Additionally, to aid root-cause analysis, we develop constraint provenance tracking (CPT), a mechanism that associates atomic sub-formulas of path constraints with their corre… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
4
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
6
1
1

Relationship

0
8

Authors

Journals

citations
Cited by 11 publications
(4 citation statements)
references
References 11 publications
0
4
0
Order By: Relevance
“…To also allow fast simulations, we used parameters šœƒ = 8 and ā„“ = 24 in our experiments. For the construction of the precomputed table we used š‘‘ = 8 for distinguished fingerprints, š‘” max = 2 11 as the maximum chain length, š‘š = 2 8 starting points per table, and š‘Ÿ = 2 8…”
Section: Methodsmentioning
confidence: 99%
See 1 more Smart Citation
“…To also allow fast simulations, we used parameters šœƒ = 8 and ā„“ = 24 in our experiments. For the construction of the precomputed table we used š‘‘ = 8 for distinguished fingerprints, š‘” max = 2 11 as the maximum chain length, š‘š = 2 8 starting points per table, and š‘Ÿ = 2 8…”
Section: Methodsmentioning
confidence: 99%
“…Flexibilities in parsing public keys were previously abused to attack RSA ciphers [11,24]. In this line of work it was also discovered that some libraries accept arbitrary parameters in the algorithm identifier, which was assigned CVE-2018-16151, and they also discovered other parsing flexibilities in cryptographic libraries [7,8].…”
Section: Related Workmentioning
confidence: 99%
“…Felsch et al [10] proposed the principle of Bleichenbacher oracle attacks against IPsec, showing that it was sufficient to break all the certificate authentication schemes of the IKEv1 and IKEv2 protocols, and discovered specific Bleichenbacher oracle attack vulnerabilities in four router firmware. Chau et al [3] However, none of the aforementioned studies focused on the correctness of IPsec hostname matching. In contrast, a few studies have been conducted on hostname matching in SSL/TLS protocol.…”
Section: Related Workmentioning
confidence: 99%
“…In the past decade, symbolic execution has emerged as a powerful formal verification technique and been widely applied in the analysis and verification of network protocol and network function implementations. For example, in [14], [15], the authors employ symbolic execution to extract the accept and reject paths in essential components of the TLS protocol, i.e., X.509 certificate validation and PKCS#1 signature verification, to find semantic bugs by cross-validating different implementations. Kothari et al [27] use symbolic execution to find protocol manipulation attacks where a malicious endhost can induce a remote peer to send more packets more aggressive than it should.…”
Section: Related Workmentioning
confidence: 99%