×

Meta-instrumentation for security analysis

  • US 7,774,637 B1
  • Filed: 09/05/2007
  • Issued: 08/10/2010
  • Est. Priority Date: 09/05/2007
  • Status: Active Grant
First Claim
Patent Images

1. A method for testing and analyzing a security vulnerability of a multi-device network system to protocol abuse of a network communications protocol, the method implemented by a security analyzer device, comprising:

  • establishing a first communication link between a member network device-under-analysis (DUA) of the multi-device network system and the security analyzer device;

    establishing a second communication link between a member network device-under-observation (DUO) of the multi-device network system and the security analyzer device, the DUA and the DUO being distinct member devices of the multi-device network system;

    establishing a baseline snapshot of the multi-device network system'"'"'s state when the multi-device network system is operating normally, comprising;

    sending to the DUO through the second communication link a message that is valid with respect to the network communication protocol;

    observing the DUO'"'"'s response to the valid message through the second communication link; and

    establishing the baseline snapshot based at least in part on the observed response;

    attacking the DUA multiple times, the attacks comprising sending to the DUA through the first communication link test messages that are invalid with respect to the network communication protocol;

    periodically establishing snapshots of the multi-device network system'"'"'s state during the attacks, comprising periodically;

    sending to the DUO through the second communication link the valid message;

    observing the DUO'"'"'s response to the valid message through the second communication link; and

    establishing a snapshot of the multi-device network system'"'"'s state during the attacks based at least in part on the observed response;

    determining, based on the baseline snapshot and the snapshots established during the attacks, whether the multi-device network system includes a security vulnerability; and

    responsive to a determination that the multi-device network system includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×