Reconfigurable Message-Delivery Preconditions for Delivering Attacks to Analyze the Security of Networked Systems

US 20080072322A1
Filed: 11/08/2006
Published: 03/20/2008
Est. Priority Date: 09/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing a security of a device under analysis (DUA), comprising:

identifying two or more valid message-delivery preconditions for a communication protocol supported by the DUA;

selecting one of the identified valid message-delivery preconditions; and

delivering an attack to the DUA according to the selected message-delivery precondition.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security analyzer analyzes a security of a device-under-analysis (DUA). In one embodiment, the security analyzer identifies two or more valid message-delivery preconditions for a communication protocol supported by the DUA. One of the identified valid message-delivery preconditions is selected and the security analyzer delivers an attack to the DUA according to the selected message-delivery precondition. The same or similar attacks can also be delivered to the DUA via other message-delivery preconditions. Based on the DUA'"'"'s response, the security analyzer determines whether a vulnerability has been found.

Citations

19 Claims

1. A method for analyzing a security of a device under analysis (DUA), comprising:
- identifying two or more valid message-delivery preconditions for a communication protocol supported by the DUA;
  
  selecting one of the identified valid message-delivery preconditions; and
  
  delivering an attack to the DUA according to the selected message-delivery precondition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein the step of selecting one of the valid message-delivery preconditions comprises:
    - selecting a state for at least one of a plurality of precondition components, wherein the valid message-delivery preconditions comprise different combinations of precondition components.
  - 3. The method of claim 1, wherein the plurality of precondition components comprises at least one selected from a group consisting of:
    - network protocols and protocol states.
  - 4. The method of claim 3, wherein the network protocols comprise at least one selected from a group consisting of:
    - transport layer protocols, network layer protocols, data link layer protocols, and tunneling protocols.
  - 5. The method of claim 3, wherein the protocol states comprise at least one selected from a group consisting of:
    - authentication schemes and initial protocol negotiation options.
  - 6. The method of claim 1, further comprising:
    - delivering attacks to the DUA according to each of the identified message-delivery preconditions.
  - 7. The method of claim 1, further comprising:
    - delivering a same attack to the DUA according to each of the identified message-delivery preconditions.
  - 8. The method of claim 1 further comprising:
    - identifying two or more valid message-delivery preconditions for a second communication protocol supported by the DUA;
      
      selecting one of the identified valid message-delivery preconditions for the second communication protocol; and
      
      delivering an attack to the DUA according to the selected message-delivery precondition for the second communication protocol.
  - 9. The method of claim 1 wherein the step of determining the valid message-delivery preconditions comprises:
    - discovering the valid message-delivery preconditions.
  - 10. The method of claim 9 wherein the step of discovering the valid message-delivery preconditions comprises:
    - identifying the communication protocol for the DUA;
      
      identifying a plurality of message-delivery precondition components associated with the communication protocol, at least one precondition component having at least two possible states;
      
      selecting different combinations of states for the precondition components;
      
      attempting to communicate with the DUA through the communication protocol according to the selected combinations of states; and
      
      based on the attempted communication, determining which of the selected combinations of states are valid message-delivery preconditions.
  - 11. The method of claim 9, wherein the communication protocol comprises at least an application layer protocol.
  - 12. The method of claim 9, wherein the communication protocol comprises at least one selected from a group consisting of:
    - SMTP, FTP, and HTTP.
  - 13. The method of claim 9, wherein the plurality of precondition components comprises at least one selected from a group consisting of:
    - network protocols and protocol states.
  - 14. The method of claim 13, wherein the network protocols comprise at least one selected from a group consisting of:
    - transport layer protocols, network layer protocols, data link layer protocols, and tunneling protocols.
  - 15. The method of claim 13, wherein the protocol states comprise at least one selected from a group consisting of:
    - authentication schemes and initial protocol negotiation options.
  - 16. The method of claim 9, wherein the step of selecting different combinations of states depends at least in part on previously selected combinations of states.
  - 17. The method of claim 1 further comprising:
    - delivering an attack on at least one of a plurality of precondition components, wherein the valid message-delivery preconditions comprise different combinations of precondition components.

18. A security analyzer for analyzing a security of a device under analysis (DUA), comprising:
- means for identifying two or more valid message-delivery preconditions for a communication protocol supported by the DUA;
  
  means for selecting one of the identified valid message-delivery preconditions; and
  
  means for delivering an attack to the DUA according to the selected message-delivery precondition.

19. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- instructions for identifying two or more valid message-delivery preconditions for a communication protocol supported by the DUA;
  
  instructions for selecting one of the identified valid message-delivery preconditions; and
  
  instructions for delivering an attack to the DUA according to the selected message-delivery precondition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Spirent Communications Incorporated
Original Assignee
Mu Dynamics, Inc.
Inventors
Guruswamy, Kowsik

Granted Patent

US 8,316,447 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2105   Dual mode as a secondary as...

H04L 63/1433   Vulnerability analysis

Reconfigurable Message-Delivery Preconditions for Delivering Attacks to Analyze the Security of Networked Systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Reconfigurable Message-Delivery Preconditions for Delivering Attacks to Analyze the Security of Networked Systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links