Mechanism for characterizing soft failures in systems under attack

US 7,954,161 B1
Filed: 06/08/2007
Issued: 05/31/2011
Est. Priority Date: 06/08/2007
Status: Active Grant

First Claim

Patent Images

1. A method for characterizing system security of a device under analysis (DUA), comprising:

sending a plurality of test messages to attack the DUA;

sending a plurality of instrumentation commands to the DUA, the sending of the plurality of instrumentation commands interleaved with the sending of the plurality of test messages;

measuring response times for the DUA to successfully respond to each of the plurality of instrumentation commands;

responsive to observing no response from the DUA to one of the plurality of instrumentation commands for a predetermined period of time;

restarting the DUA, andresending test messages sent to the DUA prior to sending the one of the plurality of instrumentation commands that receives no response;

responsive to the DUA sending a message indicating system busy in response to a second one of the plurality of instrumentation commands, resending the second one of the plurality of instrumentation commands to the DUA; and

characterizing the system security based, at least in part, on the measured response times.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method to identify and characterize nonfatal failures of a device-under-analysis (DUA). A security analyzer executes attacks to test the security of the DUA. During the attacks, the security analyzer periodically sends an instrumentation command to the DUA and measures the time the DUA takes to successfully respond to the instrumentation command (the response time sample). The security analyzer uses the response time samples to identify and/or characterize the nonfatal failures in the DUA caused by the attacks.

36 Citations

View as Search Results

27 Claims

1. A method for characterizing system security of a device under analysis (DUA), comprising:
- sending a plurality of test messages to attack the DUA;
  
  sending a plurality of instrumentation commands to the DUA, the sending of the plurality of instrumentation commands interleaved with the sending of the plurality of test messages;
  
  measuring response times for the DUA to successfully respond to each of the plurality of instrumentation commands;
  
  responsive to observing no response from the DUA to one of the plurality of instrumentation commands for a predetermined period of time;
  
  restarting the DUA, andresending test messages sent to the DUA prior to sending the one of the plurality of instrumentation commands that receives no response;
  
  responsive to the DUA sending a message indicating system busy in response to a second one of the plurality of instrumentation commands, resending the second one of the plurality of instrumentation commands to the DUA; and
  
  characterizing the system security based, at least in part, on the measured response times.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein measuring the response times comprises:
    - for each instrumentation command sent to the DUA, measuring the time between when the instrumentation command is sent and when a successful response from the DUA is received.
  - 3. The method of claim 2, wherein the time when a successful response from the DUA is received comprises a time when the successful response is completely received.
  - 4. The method of claim 1, wherein characterizing the system security based on the measured response times comprises:
    - identifying a potential presence of a soft failure in the DUA caused by at least one of the plurality of test messages by comparing the measured response times for different ones of the plurality of instrumentation commands.
  - 5. The method of claim 1, further comprising:
    - establishing a baseline response time for the DUA to successfully respond to at least one of the plurality of instrumentation commands while not under attack, wherein characterizing the system security is further based on comparison of the measured response times for different ones of the plurality of instrumentation commands with the baseline response time.
  - 6. The method of claim 1, wherein characterizing the system security comprises:
    - calculating a robustness index that quantifies the distribution of the measured response times.
  - 7. The method of claim 6, wherein characterizing the system security comprises calculating a robustness index indicating what fraction of response times falls within a given tolerance of the mean of the measured response times.
  - 8. The method of claim 6, wherein calculating a robustness index comprises calculating the robustness index based on a standard deviation of the measured response times.
  - 9. The method of claim 1, wherein characterizing the system security comprises determining a time-series graph for the measured response times.
  - 10. The method of claim 1, wherein sending the plurality of instrumentation commands to the DUA comprises sending the plurality of instrumentation commands to the DUA at least one of:
    - a fixed time interval, between a fixed number of test messages, between test suites, between test variants, or between a fixed number of test vectors.
  - 11. The method of claim 2, wherein the time when a successful response from the DUA is received comprises a start time when the successful response is starting to be received.
  - 12. The method of claim 1, wherein the plurality of test messages are malformed test messages.
  - 13. The method of claim 12, wherein the malformed test messages are generated by mutation of normal messages.

14. A security analyzer for characterizing system security of a device under analysis (DUA), comprising:
- means for sending a plurality of test messages to attack the DUA;
  
  means for sending a plurality of instrumentation commands to the DUA, the sending of the plurality of instrumentation commands interleaved with the sending of the plurality of test messages;
  
  means for measuring response times for the DUA to successfully respond to each of the plurality of instrumentation commands;
  
  means, responsive to observing no response from the DUA to one of the plurality of instrumentation commands for a predetermined period of time, forrestarting the DUA, andresending test messages sent to the DUA prior to sending the one of the plurality of instrumentation commands that receives no response;
  
  means, responsive to the DUA sending a message indicating system busy in response to a second one of the plurality of instrumentation commands, for resending the second one of the plurality of instrumentation commands to the DUA; and
  
  means for characterizing the system security based, at least in part, on the measured response times.
- View Dependent Claims (15, 16)
- - 15. The security analyzer of claim 14, wherein the test messages are malformed test messages.
  - 16. The security analyzer of claim 15, wherein the malformed test messages are generated by mutation of normal messages.

17. A computer program product for use in conjunction with a computer system, the computer program product comprising a non-transitory computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- instructions for sending a plurality of test messages to attack a DUA;
  
  instructions for sending a plurality of instrumentation commands to the DUA, the sending of the plurality of instrumentation commands interleaved with the sending of the plurality of test messages;
  
  instructions for measuring response times for the DUA to successfully respond to each of the plurality of instrumentation commands;
  
  instructions for, responsive to observing no response from the DUA to one of the plurality of instrumentation commands for a predetermined period of time;
  
  restarting the DUA, andresending test messages sent to the DUA prior to sending the one of the plurality of instrumentation commands that receives no response;
  
  instructions for, responsive to the DUA sending a message indicating system busy in response to a second one of the plurality of instrumentation commands, resending the second one of the plurality of instrumentation commands to the DUA; and
  
  instructions for characterizing the system security based, at least in part, on the measured response times.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 18. The computer program product of claim 17, wherein measuring the response times comprises:
    - for each instrumentation command sent to the DUA, measuring the time between when the instrumentation command is sent and when a successful response from the DUA is received.
  - 19. The computer program product of claim 18, wherein when a successful response from the DUA is received comprises the time when a successful response from the DUA is received comprises a time when the successful response is completely received.
  - 20. The computer program product of claim 17, wherein characterizing the system security based on the measured response times comprises:
    - identifying a potential presence of a soft failure in the DUA caused by at least one of the plurality of test messages by comparing the measured response times for different ones of the plurality of instrumentation commands.
  - 21. The computer program product of claim 17, wherein the computer program mechanism further comprises:
    - instructions for establishing a baseline response time for the DUA to successfully respond to at least one of the plurality of instrumentation commands while not under attack, wherein characterizing the system security is further based on comparison of the measured response times for different ones of the plurality of instrumentation commands with the baseline response time.
  - 22. The computer program product of claim 17, wherein characterizing the system security comprises:
    - calculating a robustness index that quantifies the distribution of the measured response times.
  - 23. The computer program product of claim 22, wherein characterizing the system security comprises calculating a robustness index indicating what fraction of response times falls within a given tolerance of the mean of the measured response times.
  - 24. The computer program product of claim 18, wherein when a successful response from the DUA is received comprises the time when a successful response from the DUA is received comprises a start time when the successful response is starting to be received.
  - 25. The computer program product of claim 17, wherein sending the plurality of instrumentation commands to the DUA comprises sending the plurality of instrumentation commands to the DUA at least one of:
    - a fixed time interval, between a fixed number of test messages, between test suites, between test variants, or between a fixed number of test vectors.
  - 26. The computer program product of claim 17, wherein the plurality of test messages are malformed test messages.
  - 27. The computer program product of claim 26, wherein the malformed test messages are generated by mutation of normal messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Spirent Communications Incorporated
Original Assignee
Mu Dynamics, Inc.
Inventors
Sancheti, Ajit, Guruswamy, Kowsik
Primary Examiner(s)
Zee; Edward

Application Number

US11/760,600
Time in Patent Office

1,453 Days
Field of Search

726/22, 726/25, 709/224, 380/1, 380/2
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Mechanism for characterizing soft failures in systems under attack

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for characterizing soft failures in systems under attack

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links