System and method providing custom attack simulation language for testing networks

US 6,343,362 B1
Filed: 01/21/1999
Issued: 01/29/2002
Est. Priority Date: 09/01/1998
Status: Expired due to Term

First Claim

Patent Images

1. A development system for creating programs that simulate attacks against a computer network, the system comprising:

a language specification specifying primitives facilitating simulation of an attack against a computer network;

a run-time library providing built-in routines facilitating simulation of an attack against a computer network, said built-in routines capable of being invoked through said primitives;

an authoring system for creating a program script specifying program instructions for simulating an attack against a computer network by constructing communication-protocol packets, said program script employing at least some of said primitives for simulating an attack against a computer network; and

a compiler for compiling said program script into a compiled program, said compiled program being deployed together with the run-time library to simulate an attack against a computer network upon execution by a run-time module.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A development system providing a Custom Attack Simulation Language (CASL) for testing networks is described. In particular, the development system implements methodology for facilitating development of network attack simulations. The system includes an editor or authoring system for creating a source code description or Scripts (i.e., CASL-syntax Script) of the simulation program under development. The Scripts, in turn, are “compiled” by a CASL compiler into a compiled CASL program, that may then be used to simulate attacks against a network. CASL makes it easier for users, particularly network and system administrators, to experiment with and learn about the way their networks operate. Since networks work by exchanging packets of information, CASL focuses on allowing users to read and write packets directly to and from the network using a high level programming language. Unlike general-purpose scripting languages, CASL is designed specifically to make it easy to construct, read, and write raw network packets. In this manner, the system provides an extremely flexible and general way to manipulate networks and allows one to create simulation programs in just a few lines of CASL code, instead of hundreds of lines of code typically required when using conventional programming language environments.

113 Citations

33 Claims

1. A development system for creating programs that simulate attacks against a computer network, the system comprising:
- a language specification specifying primitives facilitating simulation of an attack against a computer network;
  
  a run-time library providing built-in routines facilitating simulation of an attack against a computer network, said built-in routines capable of being invoked through said primitives;
  
  an authoring system for creating a program script specifying program instructions for simulating an attack against a computer network by constructing communication-protocol packets, said program script employing at least some of said primitives for simulating an attack against a computer network; and
  
  a compiler for compiling said program script into a compiled program, said compiled program being deployed together with the run-time library to simulate an attack against a computer network upon execution by a run-time module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein said communication-protocol packets comprise Internet Protocol (IP) packets.
  - 3. The system of claim 1, wherein said system supports reading and writing of communication-protocol packets directly to and from a computer network.
  - 4. The system of claim 1, wherein said system supports forgery of arbitrary communication-protocol packets.
  - 5. The system of claim 1, wherein said program script comprises statements, and wherein said statements comprise control constructs and expressions.
  - 6. The system of claim 1, wherein said language specification supports creation of dynamically-typed variables.
  - 7. The system of claim 1, wherein said language specification provides a protocol structure construct for defining a protocol.
  - 8. The system of claim 1, wherein said language specification supports a list data type, for allowing the creation of an arbitrary collection of data.
  - 9. The system of claim 8, wherein said list data type is employed for representing packet and protocol information.
  - 10. The system of claim 1, wherein said protocol structure construct allows one to define a protocol as a sequence of field specifiers specifying a name, a length, and an order of protocol fields, for defining a particular protocol.
  - 11. The system of claim 10, wherein said protocol comprises Internet Protocol (IP).
  - 12. The system of claim 1, wherein said language specification supports definition of an arbitrary packet type.
  - 13. The system of claim 12, wherein said language specification provides a define keyword allowing one to define a packet type to comprise a series of field definitions.
  - 14. The system of claim 13, wherein each field definition comprises a name, a size, and a value for the field.
  - 15. The system of claim 1, wherein said primitives comprise primitives for network input/output (I/O).
  - 16. The system of claim 15, wherein said primitives for network input/output comprise Internet Protocol (IP) output and input primitives.
  - 17. The system of claim 16, wherein said IP input primitive supports reading an IP packet from a network.
  - 18. The system of claim 16, wherein said IP output primitive supports writing an IP packet to a network.
  - 19. The system of claim 18, wherein said IP output primitive is serviced by a run-time library routine taking a list of data elements expected to comprise an IP packet.
  - 20. The system of claim 19, wherein said system automatically calculates checksum fields, packet lengths, and header lengths for the IP packet.

21. In a computing system, a method for creating programs that simulate attacks against a computer network, the method comprising:
- defining a language specification that specifies primitives facilitating simulation of an attack against a computer network;
  
  providing a run-time library having built-in routines facilitating simulation of an attack against a computer network, said built-in routines capable of being invoked through said primitives;
  
  creating a program script specifying program instructions for simulating an attack against a computer network by constructing communication-protocol packets, said program script employing at least some of said primitives for simulating an attack against a computer network; and
  
  compiling said program script into a compiled program, said compiled program being deployed together with the run-time library to simulate an attack against a computer network upon execution by a run-time module.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The method of claim 21, wherein said communication-protocol packets comprise Internet Protocol (IP) packets.
  - 23. The method of claim 24, wherein said method supports reading and writing of communication-protocol packets directly to and from a computer network.
  - 24. The method of claim 21, wherein said method supports forgery of arbitrary communication-protocol packets.
  - 25. The method of claim 21, wherein said program script comprises statements, and wherein said statements comprise control constructs and expressions.
  - 26. The method of claim 21, wherein said language specification supports creation of dynamically-typed variables.
  - 27. The method of claim 21, wherein said language specification provides a protocol structure construct for defining a protocol.
  - 28. The method of claim 21, wherein said protocol structure construct allows one to define a protocol as a sequence of field specifiers specifying a name, a length, and an order of protocol fields, for defining a particular protocol.

29. The method of claim 21, wherein said language specification supports a list data type, for allowing the creation of an arbitrary collection of data.

30. The method of claim 29, wherein said list data type is employed for representing packet and protocol information.

31. The method of claim 21, wherein said language specification supports definition of an arbitrary packet type.

32. The method of claim 31, wherein said language specification provides a define keyword allowing one to define a packet type to comprise a series of field definitions.

33. The method of claim 32, wherein each field definition comprises a name, a size, and a value for the field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Network Associates, Inc.
Inventors
Friedrichs, Oliver, Ptacek, Thomas Henry, Newsham, Timothy Nakula
Primary Examiner(s)
Heckler, Thomas M.

Application Number

US09/235,149
Time in Patent Office

1,104 Days
Field of Search

713/201, 709/223, 709/224, 717/1
US Class Current

726/23
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/14   for detecting or protecting...

H04L 63/1433   Vulnerability analysis

System and method providing custom attack simulation language for testing networks

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

System and method providing custom attack simulation language for testing networks

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links