Analyzing the security of communication protocols and channels for a pass through device

US 8,590,048 B2
Filed: 01/06/2012
Issued: 11/19/2013
Est. Priority Date: 03/15/2005
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing vulnerability of a pass-through network device under analysis (DUA) to protocol abuse of a network communications protocol, the method comprising:

establishing a network connection for the sending of messages from a sender through the pass-through network DUA to a receiver, the single software application acting as both the sender and the receiver, making a TCP connection through the pass-through network DUA with the source and destination of the TCP connection controlled by the single software applicationsending multiple test messages from the from the sender port to the receiver probing vulnerability of the pass-through network DUA to protocol abuse of the network communications protocol;

receiving multiple response messages corresponding to the test messages; and

determining whether the pass-through network DUA has vulnerabilities by analyzing the sent test messages and the corresponding received response messages.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security analyzer includes a single software application that both sends test messages to a device under analysis (DUA) and receives response messages generated by the DUA in response to the test messages. In this way, synchronization of which response messages correspond to which test messages can be reduced or avoided. The software application further determines whether the DUA operated correctly by analyzing the received response messages.

Citations

20 Claims

1. A method for analyzing vulnerability of a pass-through network device under analysis (DUA) to protocol abuse of a network communications protocol, the method comprising:
- establishing a network connection for the sending of messages from a sender through the pass-through network DUA to a receiver, the single software application acting as both the sender and the receiver, making a TCP connection through the pass-through network DUA with the source and destination of the TCP connection controlled by the single software applicationsending multiple test messages from the from the sender port to the receiver probing vulnerability of the pass-through network DUA to protocol abuse of the network communications protocol;
  
  receiving multiple response messages corresponding to the test messages; and
  
  determining whether the pass-through network DUA has vulnerabilities by analyzing the sent test messages and the corresponding received response messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the at least some of the test messages are invalid with respect to the network communications protocol.
  - 3. The method of claim 2, further comprising:
    - mutating valid messages to create the invalid test messages.
  - 4. The method of claim 1, wherein at least some of the test messages are malformed with respect to the network communications protocol.
  - 5. The method of claim 4, further comprising:
    - mutating well-formed messages to create the malformed test messages.
  - 6. The method of claim 1, wherein at least some of the test messages are valid with respect to the network communications protocol but are inappropriate based on the pass-through network DUA'"'"'s state.
  - 7. The method of claim 1, wherein the pass-through network DUA comprises multiple devices communicatively coupled to each other.
  - 8. The method of claim 1, wherein the security analyzer device is communicatively separated from the pass-through network DUA by an intervening device.
  - 9. The method of claim 1, wherein:
    - the step of sending multiple test messages comprises sending additional test messages before receiving response messages corresponding to previously sent test messages; and
      
      the step of analyzing the sent test messages and the corresponding received response messages comprises;
      
      determining which received responses messages correspond to which sent test messages; and
      
      comparing the corresponding response messages and test messages.
  - 10. The method of claim 1, wherein:
    - establishing the sending side of the network connection further comprises;
      
      creating a sending socket,binding the sending socket to the sending port, andenabling non-blocking reads/writes for the sending socket;
      
      establishing the receiving side of the network connection further comprises;
      
      creating a receiving socket,binding the receiving socket to the receiving port, andenabling non-blocking reads/writes for the receiving socket; and
      
      establishing the connection through the pass-through network DUA further comprises;
      
      sending a connection request from the sending socket through the pass-through network DUA to the receiving socket,selecting the sending socket for writing activity,selecting the receiving socket for reading activity, andaccepting the connection request by the receiving socket.
  - 11. The method of claim 1, further comprising:
    - sending additional test messages from the receiver to the sender, the additional test messages probing vulnerability of the pass-through network DUA to protocol abuse of the network communications protocol, the additional test messages sent to the pass-through network DUA via the receiving side of the network connection;
      
      receiving additional response messages corresponding to the additional test messages, wherein the additional response messages are received from the pass-through network DUA via the sending side of the network connection; and
      
      determining whether the pass-through network DUA has vulnerabilities by analyzing the sent additional test messages and the corresponding received additional response messages.

12. A security analyzer device for analyzing vulnerability of a pass-through network device under analysis (DUA) to protocol abuse of a network communications protocol, the security analyzer device comprising:
- at least two ports for making network connections to other devices;
  
  a computer processor for executing computer program instructions; and
  
  a computer-readable storage medium having executable computer program instructions for a single software application tangibly embodied thereon, the executable computer program instructions for the single software application comprising instructions for the computer processor to perform steps of;
  
  establishing a network connection for the sending of messages from a sender through the pass-through network DUA to a receiver, the single software application acting as both the sender and the receiver, making a TCP connection through the pass-through network DUA with the source and destination of the TCP connection controlled by the single software applicationsending multiple test messages from the from the sender port to the receiver probing vulnerability of the pass-through network DUA to protocol abuse of the network communications protocol;
  
  receiving multiple response messages corresponding to the test messages; and
  
  determining whether the pass-through network DUA has vulnerabilities by analyzing the sent test messages and the corresponding received response messages.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The security analyzer device of claim 12, wherein the at least some of the test messages are invalid with respect to the network communications protocol.
  - 14. The security analyzer device of claim 13, further comprising:
    - mutating valid messages to create the invalid test messages.
  - 15. The security analyzer device of claim 12, wherein at least some of the test messages are malformed with respect to the network communications protocol.
  - 16. The security analyzer device of claim 15, further comprising:
    - mutating well-formed messages to create the malformed test messages.

17. A non-transitory computer-readable recording medium having executable computer program instructions for a single software application stored thereon, the executable computer program instructions comprising instructions for performing the steps of:
- establishing a network connection for the sending of messages from a sender through the pass-through network DUA to a receiver, the single software application acting as both the sender and the receiver, making a TCP connection through the pass-through network DUA with the source and destination of the TCP connection controlled by the single software applicationsending multiple test messages from the from the sender port to the receiver probing vulnerability of the pass-through network DUA to protocol abuse of the network communications protocol;
  
  receiving multiple response messages corresponding to the test messages; and
  
  determining whether the pass-through network DUA has vulnerabilities by analyzing the sent test messages and the corresponding received response messages.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable recording medium of claim 17, wherein the at least some of the test messages are invalid with respect to the network communications protocol.
  - 19. The non-transitory computer-readable recording medium of claim 18, further comprising:
    - mutating valid messages to create the invalid test messages.
  - 20. The non-transitory computer-readable recording medium of claim 17, wherein at least some of the test messages are malformed with respect to the network communications protocol, created by mutating well-formed messages to create the malformed test messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Spirent Communications Incorporated
Original Assignee
Mu Dynamics, Inc.
Inventors
Guruswamy, Kowsik
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US13/345,323
Publication Number

US 20120124670A1
Time in Patent Office

683 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

Analyzing the security of communication protocols and channels for a pass through device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Analyzing the security of communication protocols and channels for a pass through device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links