Portable program for generating attacks on communication protocols and channels

US 8,359,653 B2
Filed: 06/07/2011
Issued: 01/22/2013
Est. Priority Date: 03/15/2005
Status: Active Grant

First Claim

Patent Images

1. A method for generating a security analysis test program for analyzing the vulnerability of a network device under analysis (DUA) to protocol abuse of a network protocol, comprising:

receiving captured network traffic from network communication according to the network communication protocol;

based on the received traffic, producing a model of the message syntax for the network communication protocol; and

based on the model, automatically generating the executable security analysis test program, the program configured, when executed, to generate multiple attacks on the DUA, the attacks comprising sending intentionally malformed test message to the DUA.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security analyzer is capable of generating attacks to test the security of a device under analysis. The security analyzer further has the capability to generate a portable, executable program to generate specified attacks. In this way, others can recreate the attacks without requiring access to the security analyzer.

112 Citations

23 Claims

1. A method for generating a security analysis test program for analyzing the vulnerability of a network device under analysis (DUA) to protocol abuse of a network protocol, comprising:
- receiving captured network traffic from network communication according to the network communication protocol;
  
  based on the received traffic, producing a model of the message syntax for the network communication protocol; and
  
  based on the model, automatically generating the executable security analysis test program, the program configured, when executed, to generate multiple attacks on the DUA, the attacks comprising sending intentionally malformed test message to the DUA.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - generating, on a first system, based on the model, attacks on the DUA, the attacks comprising sending intentionally malformed test message to the DUA;
      
      receiving response messages from the DUA to the attacks; and
      
      analyzing the attacks and response messages to identify an attack that triggers a vulnerability in the DUA.
  - 3. The method of claim 2, further comprising:
    - executing the executable program on a second system so as to regenerate the attacks on the DUA and to reproduce the security vulnerability in the DUA.
  - 4. The method of claim 1, wherein the model comprises a graph model representing the message syntax of the network communication protocol.
  - 5. The method of claim 4, further comprising:
    - parsing a description of the message syntax of the network communication protocol to generate the graph model.
  - 6. The method of claim 5, wherein the description of the message syntax further comprises a file in eXtensible Markup Language (XML) format.
  - 7. The method of claim 6, wherein a format of the file includes at least one of Document Type Definition (DTD) or Interface Definition Language (IDL).
  - 8. The method of claim 4, further comprising:
    - traversing the graph model to generate the attacks.
  - 9. The method of claim 8, wherein each of the malformed test messages is represented by a sub-graph within the graph, and the malformed test messages are sent to the DUA in the order that said sub-graphs are connected to each other in the output graph.
  - 10. The method of claim 1, wherein the model further comprises rules specifying semantic elements for a message in the communication protocol.
  - 11. The method of claim 10, further comprising:
    - generating attacks by using the rules to generate a semantic element in a test message with an incorrect or missing value.
  - 12. The method of claim 1, wherein the executable program is configured to generate test messages with a semantic element having an incorrect or missing value.

13. An article of manufacture comprising a non-transitory computer readable storage medium, a computer-readable recording medium, or computer readable storage device having stored thereon a series of computer executable instructions, the instructions configured, when executed by a processor, that cause the performance of a method for generating a security analysis test program for analyzing the vulnerability of a network device under analysis (DUA) to protocol abuse of a network protocol, the method comprising:
- receiving captured network traffic from network communication according to the network communication protocol;
  
  based on the received traffic, producing a model of the message syntax for the network communication protocol; and
  
  based on the model, automatically generating the executable security analysis test program, the program configured, when executed, to generate multiple attacks on the DUA, the attacks comprising sending intentionally malformed test message to the DUA.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The article of manufacture of claim 13, wherein the method further comprises:
    - generating, on a first system, based on the model, attacks on the DUA, the attacks comprising sending intentionally malformed test message to the DUA;
      
      receiving response messages from the DUA to the attacks; and
      
      analyzing the attacks and response messages to identify an attack that triggers a vulnerability in the DUA.
  - 15. The article of manufacture of claim 14, wherein the method further comprises:
    - executing the executable program on a second system so as to regenerate the attacks on the DUA and to reproduce the security vulnerability in the DUA.
  - 16. The article of manufacture of claim 13, wherein the model further comprises rules specifying semantic elements for a message in the communication protocol.
  - 17. The article of manufacture of claim 16, wherein the method further comprises:
    - generating attacks by using the rules to generate a semantic element in a test message with an incorrect or missing value.

18. A security analyzer for analyzing the vulnerability of a network device under analysis (DUA) to protocol abuse of a network protocol, comprising:
- a parsing program stored on the security analyzer and configured to process a model of message syntax for messages in the network protocol;
  
  an I/0 processor configured to generate and send test messages to the DUA based on the model, the test messages including intentionally malformed messages; and
  
  an executable program generation module configured to output an executable program based on the model that is configured, when executed, to generate intentionally malformed messages to be sent as test cases to a DUA.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The system of claim 18, wherein the security analyzer is further configured to receive response messages from the DUA in response to the attacks.
  - 20. The security analyzer device of claim 18, wherein the model of the message syntax further comprises a file in eXtensible Markup Language (XML) format.
  - 21. The security analyzer device of claim 20, wherein a format of the file includes at least one of Document Type Definition (DTD) or Interface Definition Language (IDL).
  - 22. The security analyzer of claim 18, wherein the model comprises rules specifying semantic content of a message in the protocol, and wherein the I/0 generator is further configured to generate attacks by using the rules to generate a semantic element in a message with an incorrect or missing value.
  - 23. The security analyzer of claim 22, wherein the executable program generation module is further configured to output an executable program based on the model that is configured, when executed, to generate a message that has a semantic element with an incorrect or missing value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Spirent Communications Incorporated
Original Assignee
Spirent Communications Incorporated
Inventors
Guruswamy, Kowsik
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US13/154,636
Publication Number

US 20110271348A1
Time in Patent Office

595 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

Portable program for generating attacks on communication protocols and channels

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Portable program for generating attacks on communication protocols and channels

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links