Platform for analyzing the security of communication protocols and channels
First Claim
1. A method for analyzing a security vulnerability of a network device under analysis (DUA) to protocol abuse of a network communication protocol, comprising:
- establishing a baseline snapshot of the DUA'"'"'s state when the DUA is operating normally, comprising;
sending to the DUA a message that is valid with respect to the network communication protocol;
observing the DUA'"'"'s response to the valid message; and
establishing the baseline snapshot, the baseline snapshot based at least in part on the observed response of the DUA to the valid message;
attacking the DUA multiple times, the attacks comprising sending to the DUA test messages that are invalid with respect to the network communication protocol;
periodically establishing snapshots of the DUA'"'"'s state during the attacks, based at least in part on observing responses of the DUA to the attacks;
determining, based on the baseline snapshot and the snapshots established during the attacks, whether the DUA includes a security vulnerability; and
responsive to a determination that the DUA includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability.
3 Assignments
0 Petitions
Accused Products
Abstract
A security analyzer tests the security of a device by attacking the device and observing the device'"'"'s response. Attacking the device includes sending one or more messages to the device. A message can be generated by the security analyzer or generated independently of the security analyzer. The security analyzer uses various methods to identify a particular attack that causes a device to fail or otherwise alter its behavior. Monitoring includes analyzing data (other than messages) output from the device in response to an attack. Packet processing analysis includes analyzing one or more messages generated by the device in response to an attack. Instrumentation includes establishing a baseline snapshot of the device'"'"'s state when it is operating normally and then attacking the device in multiple ways while obtaining snapshots periodically during the attacks.
118 Citations
20 Claims
-
1. A method for analyzing a security vulnerability of a network device under analysis (DUA) to protocol abuse of a network communication protocol, comprising:
-
establishing a baseline snapshot of the DUA'"'"'s state when the DUA is operating normally, comprising; sending to the DUA a message that is valid with respect to the network communication protocol; observing the DUA'"'"'s response to the valid message; and establishing the baseline snapshot, the baseline snapshot based at least in part on the observed response of the DUA to the valid message; attacking the DUA multiple times, the attacks comprising sending to the DUA test messages that are invalid with respect to the network communication protocol; periodically establishing snapshots of the DUA'"'"'s state during the attacks, based at least in part on observing responses of the DUA to the attacks; determining, based on the baseline snapshot and the snapshots established during the attacks, whether the DUA includes a security vulnerability; and responsive to a determination that the DUA includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A security analyzer device for analyzing a vulnerability of a network device under analysis (DUA) to protocol abuse of a network communications protocol, the security analyzer device comprising:
-
a computer processor for executing computer program instructions; and a tangible computer-readable storage medium having executable computer program instructions stored thereon, the executable computer program instructions comprising instructions configured to cause the computer processor to perform the steps of; establishing a baseline snapshot of the DUA'"'"'s state when the DUA is operating normally, comprising; sending to the DUA a message that is valid with respect to the network communication protocol; observing the DUA'"'"'s response to the valid message; and establishing the baseline snapshot, the baseline snapshot based at least in part on the observed response of the DUA to the valid message; attacking the DUA multiple times, the attacks comprising sending to the DUA test messages that are invalid with respect to the network communication protocol; periodically establishing snapshots of the DUA'"'"'s state during the attacks, based at least in part on observing responses of the DUA to the attacks; determining, based on the baseline snapshot and the snapshots established during the attacks, whether the DUA includes a security vulnerability; and responsive to a determination that the DUA includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An article of manufacture, the article of manufacture including a computer-readable recording medium having stored thereon executable computer program instructions for analyzing vulnerability of a network device under analysis (DUA) to protocol abuse of a network communication protocol tangibly embodied thereon, the executable computer program instructions comprising instructions for performing the steps of:
-
establishing a baseline snapshot of the DUA'"'"'s state when the DUA is operating normally, comprising; sending to the DUA a message that is valid with respect to the network communication protocol; observing the DUA'"'"'s response to the valid message; and establishing the baseline snapshot, the baseline snapshot based at least in part on the observed response of the DUA to the valid message; attacking the DUA multiple times, the attacks comprising sending to the DUA test messages that are invalid with respect to the network communication protocol; periodically establishing snapshots of the DUAs state during the attacks, based at least in part on observing responses of the DUA to the attacks; determining, based on the baseline snapshot and the snapshots established during the attacks, whether the DUA includes a security vulnerability; and responsive to a determination that the DUA includes a security vulnerability, using the baseline snapshot and the snapshots established during the attacks to identify which attack causes the security vulnerability. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification