A model-guided symbolic execution approach for network protocol implementations and vulnerability detection

Formal techniques have been devoted to analyzing whether network protocol specifications violate security policies; however, these methods cannot detect vulnerabilities in the implementations of the network protocols themselves. Symbolic execution can be used to analyze the paths of the network prot...

Descripción completa

Detalles Bibliográficos
Autores principales: Wen, Shameng, Meng, Qingkun, Feng, Chao, Tang, Chaojing
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2017
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5690638/
https://www.ncbi.nlm.nih.gov/pubmed/29145458
http://dx.doi.org/10.1371/journal.pone.0188229
_version_ 1783279644920774656
author Wen, Shameng
Meng, Qingkun
Feng, Chao
Tang, Chaojing
author_facet Wen, Shameng
Meng, Qingkun
Feng, Chao
Tang, Chaojing
author_sort Wen, Shameng
collection PubMed
description Formal techniques have been devoted to analyzing whether network protocol specifications violate security policies; however, these methods cannot detect vulnerabilities in the implementations of the network protocols themselves. Symbolic execution can be used to analyze the paths of the network protocol implementations, but for stateful network protocols, it is difficult to reach the deep states of the protocol. This paper proposes a novel model-guided approach to detect vulnerabilities in network protocol implementations. Our method first abstracts a finite state machine (FSM) model, then utilizes the model to guide the symbolic execution. This approach achieves high coverage of both the code and the protocol states. The proposed method is implemented and applied to test numerous real-world network protocol implementations. The experimental results indicate that the proposed method is more effective than traditional fuzzing methods such as SPIKE at detecting vulnerabilities in the deep states of network protocol implementations.
format Online
Article
Text
id pubmed-5690638
institution National Center for Biotechnology Information
language English
publishDate 2017
publisher Public Library of Science
record_format MEDLINE/PubMed
spelling pubmed-56906382017-11-30 A model-guided symbolic execution approach for network protocol implementations and vulnerability detection Wen, Shameng Meng, Qingkun Feng, Chao Tang, Chaojing PLoS One Research Article Formal techniques have been devoted to analyzing whether network protocol specifications violate security policies; however, these methods cannot detect vulnerabilities in the implementations of the network protocols themselves. Symbolic execution can be used to analyze the paths of the network protocol implementations, but for stateful network protocols, it is difficult to reach the deep states of the protocol. This paper proposes a novel model-guided approach to detect vulnerabilities in network protocol implementations. Our method first abstracts a finite state machine (FSM) model, then utilizes the model to guide the symbolic execution. This approach achieves high coverage of both the code and the protocol states. The proposed method is implemented and applied to test numerous real-world network protocol implementations. The experimental results indicate that the proposed method is more effective than traditional fuzzing methods such as SPIKE at detecting vulnerabilities in the deep states of network protocol implementations. Public Library of Science 2017-11-16 /pmc/articles/PMC5690638/ /pubmed/29145458 http://dx.doi.org/10.1371/journal.pone.0188229 Text en © 2017 Wen et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
spellingShingle Research Article
Wen, Shameng
Meng, Qingkun
Feng, Chao
Tang, Chaojing
A model-guided symbolic execution approach for network protocol implementations and vulnerability detection
title A model-guided symbolic execution approach for network protocol implementations and vulnerability detection
title_full A model-guided symbolic execution approach for network protocol implementations and vulnerability detection
title_fullStr A model-guided symbolic execution approach for network protocol implementations and vulnerability detection
title_full_unstemmed A model-guided symbolic execution approach for network protocol implementations and vulnerability detection
title_short A model-guided symbolic execution approach for network protocol implementations and vulnerability detection
title_sort model-guided symbolic execution approach for network protocol implementations and vulnerability detection
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5690638/
https://www.ncbi.nlm.nih.gov/pubmed/29145458
http://dx.doi.org/10.1371/journal.pone.0188229
work_keys_str_mv AT wenshameng amodelguidedsymbolicexecutionapproachfornetworkprotocolimplementationsandvulnerabilitydetection
AT mengqingkun amodelguidedsymbolicexecutionapproachfornetworkprotocolimplementationsandvulnerabilitydetection
AT fengchao amodelguidedsymbolicexecutionapproachfornetworkprotocolimplementationsandvulnerabilitydetection
AT tangchaojing amodelguidedsymbolicexecutionapproachfornetworkprotocolimplementationsandvulnerabilitydetection
AT wenshameng modelguidedsymbolicexecutionapproachfornetworkprotocolimplementationsandvulnerabilitydetection
AT mengqingkun modelguidedsymbolicexecutionapproachfornetworkprotocolimplementationsandvulnerabilitydetection
AT fengchao modelguidedsymbolicexecutionapproachfornetworkprotocolimplementationsandvulnerabilitydetection
AT tangchaojing modelguidedsymbolicexecutionapproachfornetworkprotocolimplementationsandvulnerabilitydetection

Ejemplares similares