Reconfigurable message-delivery preconditions for delivering attacks to analyze the security of networked systems
First Claim
1. A method for analyzing vulnerability of a network device under analysis (DUA) to protocol abuse of a higher-layer network protocol from a layered network protocol, the layered network protocol including lower-layer network protocols that work with the higher-layer network protocol, the method comprising:
- discovering using black box testing a plurality of valid lower-layer message-delivery preconditions for the DUA to receive a message in the higher-layer network protocol, where the plurality of valid lower layer message-delivery preconditions are not known a priori, the discovering comprising repeatedly;
selecting a lower-layer network protocol from the layered network protocol,selecting a configuration of the lower-layer network protocol from a plurality of configurations associated with the lower-layer network protocol, andsending a first message toward the DUA using the selected lower-layer network protocol and the selected configuration;
based on a response or non-response to the first message, determining whether the selected configuration of the selected lower-layer network protocol comprises a valid lower-layer message-delivery precondition by determining whether the selected lower-layer network protocol as implemented in the DUA (1) supports the selected configuration, and (2) is used by the DUA to receive messages in the higher-layer network protocol; and
for at least two of the discovered plurality of valid lower-layer message-delivery preconditions, attacking the DUA multiple times, the attacking comprising;
establishing a lower-layer connection with the DUA using the lower-layer network protocol according to the one of the discovered valid lower-layer message-delivery preconditions,on top of the lower-layer connection, establishing a higher-layer connection with the DUA using the higher-layer network protocol, andthrough the higher-layer connection, sending to the DUA test messages that are invalid mutations of valid messages with respect to the higher-layer network protocol.
3 Assignments
0 Petitions
Accused Products
Abstract
A security analyzer analyzes a security of a device-under-analysis (DUA). In one embodiment, the security analyzer identifies two or more valid message-delivery preconditions for a communication protocol supported by the DUA. One of the identified valid message-delivery preconditions is selected and the security analyzer delivers an attack to the DUA according to the selected message-delivery precondition. The same or similar attacks can also be delivered to the DUA via other message-delivery preconditions. Based on the DUA'"'"'s response, the security analyzer determines whether a vulnerability has been found.
112 Citations
19 Claims
-
1. A method for analyzing vulnerability of a network device under analysis (DUA) to protocol abuse of a higher-layer network protocol from a layered network protocol, the layered network protocol including lower-layer network protocols that work with the higher-layer network protocol, the method comprising:
-
discovering using black box testing a plurality of valid lower-layer message-delivery preconditions for the DUA to receive a message in the higher-layer network protocol, where the plurality of valid lower layer message-delivery preconditions are not known a priori, the discovering comprising repeatedly; selecting a lower-layer network protocol from the layered network protocol, selecting a configuration of the lower-layer network protocol from a plurality of configurations associated with the lower-layer network protocol, and sending a first message toward the DUA using the selected lower-layer network protocol and the selected configuration; based on a response or non-response to the first message, determining whether the selected configuration of the selected lower-layer network protocol comprises a valid lower-layer message-delivery precondition by determining whether the selected lower-layer network protocol as implemented in the DUA (1) supports the selected configuration, and (2) is used by the DUA to receive messages in the higher-layer network protocol; and for at least two of the discovered plurality of valid lower-layer message-delivery preconditions, attacking the DUA multiple times, the attacking comprising; establishing a lower-layer connection with the DUA using the lower-layer network protocol according to the one of the discovered valid lower-layer message-delivery preconditions, on top of the lower-layer connection, establishing a higher-layer connection with the DUA using the higher-layer network protocol, and through the higher-layer connection, sending to the DUA test messages that are invalid mutations of valid messages with respect to the higher-layer network protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 15)
-
-
13. A security analyzer apparatus for analyzing a security of a device under analysis (DUA), comprising:
-
a non-transitory computer-readable storage medium encoded with executable computer program code for analyzing vulnerability of a network device under analysis (DUA) to protocol abuse of a higher-layer network protocol from a layered network protocol, the layered network protocol including lower-layer network protocols that work with the higher-layer network protocol, the computer program code comprising program code configured to; discover using black box testing a plurality of valid lower-layer message-delivery preconditions for the DUA to receive a message in the higher-layer network protocol, where the plurality of valid lower layer message-delivery preconditions are not known a priori, the discovering comprising repeatedly; selecting a lower-layer network protocol from the layered network protocol, selecting a configuration of the lower-layer network protocol from a plurality of configurations associated with the lower-layer network protocol, and sending a first message toward the DUA using the selected lower-layer network protocol and the selected configuration; based on a response or non-response to the first message, determining whether the selected configuration of the selected lower-layer network protocol comprises a valid lower-layer message-delivery precondition by determining whether the selected lower-layer network protocol as implemented in the DUA (1) supports the selected configuration, and (2) is used by the DUA to receive messages in the higher-layer network protocol; and
,for at least two of the discovered plurality of valid lower-layer message-delivery preconditions, attack the DUA multiple times, the attack comprising; establishing a lower-layer connection with the DUA using the lower-layer network protocol according to the one of the discovered valid lower-layer message-delivery preconditions, on top of the lower-layer connection, establishing a higher-layer connection with the DUA using the higher-layer network protocol, and through the higher-layer connection, sending to the DUA test messages that are invalid mutations of valid messages with respect to the higher-layer network protocol. - View Dependent Claims (18, 19)
-
-
14. A non-transitory computer-readable storage medium encoded with executable computer program code for analyzing vulnerability of a network device under analysis (DUA) to protocol abuse of a higher-layer network protocol from a layered network protocol, the layered network protocol including lower-layer network protocols that work with the higher-layer network protocol, the computer program code comprising program code configured to:
-
discover using black box testing a plurality of valid lower-layer message-delivery preconditions for the DUA to receive a message in the higher-layer network protocol, where the plurality of valid lower layer message-delivery preconditions are not known a priori, the discovering comprising repeatedly; selecting a lower-layer network protocol from the layered network protocol, selecting a configuration of the lower-layer network protocol from a plurality of configurations associated with the lower-layer network protocol, and sending a first message toward the DUA using the selected lower-layer network protocol and the selected configuration; based on a response or non-response to the first message, determining whether the selected configuration of the selected lower-layer network protocol comprises a valid lower-layer message-delivery precondition by determining whether the selected lower-layer network protocol as implemented in the DUA (1) supports the selected configuration, and (2) is used by the DUA to receive messages in the higher-layer network protocol; and
,for at least two of the discovered plurality of valid lower-layer message-delivery preconditions, attack the DUA multiple times, the attack comprising; establishing a lower-layer connection with the DUA using the lower-layer network protocol according to the one of the discovered valid lower-layer message-delivery preconditions, on top of the lower-layer connection, establishing a higher-layer connection with the DUA using the higher-layer network protocol, and through the higher-layer connection, sending to the DUA test messages that are invalid mutations of valid messages with respect to the higher-layer network protocol. - View Dependent Claims (16, 17)
-
Specification