2011
DOI: 10.1145/2043164.2018440
|View full text |Cite
|
Sign up to set email alerts
|

Finding protocol manipulation attacks

Abstract: We develop a method to help discover manipulation attacks in protocol implementations. In these attacks, adversaries induce honest nodes to exhibit undesirable behaviors by misrepresenting their intent or network conditions. Our method is based on a novel combination of static analysis with symbolic execution and dynamic analysis with concrete execution. The former finds code paths that are likely vulnerable, and the latter emulates adversarial actions that lead to effective attacks. Our method is precise (i.e… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
15
0

Year Published

2012
2012
2022
2022

Publication Types

Select...
3
3
1

Relationship

0
7

Authors

Journals

citations
Cited by 18 publications
(15 citation statements)
references
References 23 publications
0
15
0
Order By: Relevance
“…Like others [19], we observe that, to deal with loops, symbolic execution would potentially need to explore an unbounded number of paths. As described in Section 3.2, we effectively side-step this problem by exploiting knowledge of the OpenFlow message grammar to construct inputs that ensure we explore a bounded number of paths.…”
Section: Symbolic Executionmentioning
confidence: 62%
See 1 more Smart Citation
“…Like others [19], we observe that, to deal with loops, symbolic execution would potentially need to explore an unbounded number of paths. As described in Section 3.2, we effectively side-step this problem by exploiting knowledge of the OpenFlow message grammar to construct inputs that ensure we explore a bounded number of paths.…”
Section: Symbolic Executionmentioning
confidence: 62%
“…Finally, SOFT does not require the definition of correct behavior to be specified. Complementary to SOFT, Kothari et al [19] use symbolic execution to identify protocol manipulation attacks. The goal here is for a node to try to determine harmful behavior induced upon itself by received messages from other participants.…”
Section: Testing Openflow Switchesmentioning
confidence: 99%
“…On the other hand, from a secure system design point of view, identification of covert channels is equally important in order to prevent information leakage from high priority level processes to the lower levels. Thus, a great deal of attention has been focused on developing efficient methods for identification of weaknesses and design oversights that may be used for covert communication [72].…”
Section: Covert Channel Countermeasuresmentioning
confidence: 99%
“…The design oversights can be fixed once they are identified [72]. Therefore, covert channels that are designed based on such weaknesses can not have long life spans and will be removed easily when their target systems are upgraded.…”
Section: Covert Channel Countermeasuresmentioning
confidence: 99%
“…The only work we are aware of that used automation for finding attacks in TCP congestion control implementations is the work in [24] which relies on the user to provide a vulnerable line of code and then performs static analysis. The vulnerable line of code from the user is critical to ensure scalability of the approach.…”
Section: Introductionmentioning
confidence: 99%