Meta-instrumentation for security analysis
First Claim
1. A method for testing and analyzing a security vulnerability of a multi-device network system to protocol abuse of a network communications protocol, the method implemented by a security analyzer device, comprising:
- establishing a first communication link between a member network device-under-analysis (DUA) of the multi-device network system and the security analyzer device;
establishing a second communication link between a member network device-under-observation (DUO) of the multi-device network system and the security analyzer device, the DUA and the DUO being distinct member devices of the multi-device network system;
establishing a baseline snapshot of the multi-device network system'"'"'s state when the multi-device network system is operating normally, comprising;
sending to the DUO through the second communication link a message that is valid with respect to the network communication protocol;
observing the DUO'"'"'s response to the valid message through the second communication link; and
establishing the baseline snapshot based at least in part on the observed response;
attacking the DUA multiple times, the attacks comprising sending to the DUA through the first communication link test messages that are invalid with respect to the network communication protocol;
periodically establishing snapshots of the multi-device network system'"'"'s state during the attacks, comprising periodically;
sending to the DUO through the second communication link the valid message;
observing the DUO'"'"'s response to the valid message through the second communication link; and
establishing a snapshot of the multi-device network system'"'"'s state during the attacks based at least in part on the observed response;
determining, based on the baseline snapshot and the snapshots established during the attacks, whether the multi-device network system includes a security vulnerability; and
responsive to a determination that the multi-device network system includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for analyzing and/or testing member devices in a multi-device system. The multi-device system includes a device-under-analysis (DUA) and a device-under-observation (DUO). An analyzer that is external to the multi-device system generates and sends test messages to the DUA. The analyzer monitors the health of the multi-device system through the DUO and detects a system-wide impact of the DUA caused by the test messages. The analyzer analyzes the DUA based on the test messages and the system-wide impact.
-
Citations
22 Claims
-
1. A method for testing and analyzing a security vulnerability of a multi-device network system to protocol abuse of a network communications protocol, the method implemented by a security analyzer device, comprising:
-
establishing a first communication link between a member network device-under-analysis (DUA) of the multi-device network system and the security analyzer device; establishing a second communication link between a member network device-under-observation (DUO) of the multi-device network system and the security analyzer device, the DUA and the DUO being distinct member devices of the multi-device network system; establishing a baseline snapshot of the multi-device network system'"'"'s state when the multi-device network system is operating normally, comprising; sending to the DUO through the second communication link a message that is valid with respect to the network communication protocol; observing the DUO'"'"'s response to the valid message through the second communication link; and establishing the baseline snapshot based at least in part on the observed response; attacking the DUA multiple times, the attacks comprising sending to the DUA through the first communication link test messages that are invalid with respect to the network communication protocol; periodically establishing snapshots of the multi-device network system'"'"'s state during the attacks, comprising periodically; sending to the DUO through the second communication link the valid message; observing the DUO'"'"'s response to the valid message through the second communication link; and establishing a snapshot of the multi-device network system'"'"'s state during the attacks based at least in part on the observed response; determining, based on the baseline snapshot and the snapshots established during the attacks, whether the multi-device network system includes a security vulnerability; and responsive to a determination that the multi-device network system includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product for testing and analyzing a security vulnerability of a multi-device network system to protocol abuse of a network communications protocol, the method implemented by a security analyzer device, the computer program product comprising a computer-readable medium containing computer program code for performing a method comprising:
-
establishing a first communication link between a member network device-under-analysis (DUA) of the multi-device network system and the security analyzer device; establishing a second communication link between a member network device-under-observation (DUO) of the multi-device network system and the security analyzer device, the DUA and the DUO being distinct member devices of the multi-device network system; establishing a baseline snapshot of the multi-device network system'"'"'s state when the multi-device network system is operating normally, comprising; sending to the DUO through the second communication link a message that is valid with respect to the network communication protocol; observing the DUO'"'"'s response to the valid message through the second communication link; and establishing the baseline snapshot based at least in part on the observed response; attacking the DUA multiple times, the attacks comprising sending to the DUA through the first communication link test messages that are invalid with respect to the network communication protocol; periodically establishing snapshots of the multi-device network system'"'"'s state during the attacks, comprising periodically; sending to the DUO through the second communication link the valid message; observing the DUO'"'"'s response to the valid message through the second communication link; and establishing a snapshot of the multi-device network system'"'"'s state during the attacks based at least in part on the observed response; determining, based on the baseline snapshot and the snapshots established during the attacks, whether the multi-device network system includes a security vulnerability; and responsive to a determination that the multi-device network system includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A security analyzer device for testing and analyzing a security vulnerability of a multi-device network system to protocol abuse of a network communications protocol, comprising:
-
a computer processor for executing computer program instructions; and a computer-readable storage medium having executable computer program instructions tangibly embodied thereon, the executable computer program instructions for the computer processor to perform the steps of; establishing a first communication link between a member network device-under-analysis (DUA) of the multi-device network system and the security analyzer device; establishing a second communication link between a member network device-under-observation (DUO) of the multi-device network system and the security analyzer device, the DUA and the DUO being distinct member devices of the multi-device network system; establishing a baseline snapshot of the multi-device network system'"'"'s state when the multi-device network system is operating normally, comprising; sending to the DUO through the second communication link a message that is valid with respect to the network communication protocol; observing the DUO'"'"'s response to the valid message through the second communication link; and establishing the baseline snapshot based at least in part on the observed response; attacking the DUA multiple times, the attacks comprising sending to the DUA through the first communication link test messages that are invalid with respect to the network communication protocol; periodically establishing snapshots of the multi-device network system'"'"'s state during the attacks, comprising periodically; sending to the DUO through the second communication link the valid message; observing the DUO'"'"'s response to the valid message through the second communication link; and establishing a snapshot of the multi-device network system'"'"'s state during the attacks based at least in part on the observed response; determining, based on the baseline snapshot and the snapshots established during the attacks, whether the multi-device network system includes a security vulnerability; and responsive to a determination that the multi-device network system includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability. - View Dependent Claims (22)
-
Specification