Methods, systems, and computer readable media for converging on network protocol stack vulnerabilities using fuzzing variables, vulnerability ratings and progressive convergence

US 9,432,394 B1
Filed: 03/16/2015
Issued: 08/30/2016
Est. Priority Date: 03/16/2015
Status: Active Grant

First Claim

Patent Images

1. A method for converging on network protocol stack vulnerabilities using fuzzing variables, vulnerability ratings and progressive convergence, the method comprising:

defining an initial protocol field and field value space for fuzz testing of a network communications protocol stack implementation;

dividing the initial protocol field and field value space into regions corresponding to combinations of protocol fields and field values;

assigning vulnerability ratings to at least some of the regions;

executing fuzz testing of the network communications protocol stack implementation using the fields and field values defined by the regions;

updating the vulnerability ratings of the regions based on results of the testing;

identifying, based on the updated vulnerability ratings, at least one region with a higher vulnerability rating than other regions; and

dividing the at least one region into sub-regions and performing fuzz testing of the sub-regions, wherein performing fuzz testing for the sub-regions includes;

identifying at least one sub-region with a higher vulnerability rating than other sub-regions;

determining whether violation causing parameter values are sufficiently localized in the at least one sub-region; and

in response to determining that the violation causing parameter values are not sufficiently localized in the at least one sub-region, dividing the sub-region into sub-regions and performing fuzz testing for the sub-regions.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for progressive convergence on network protocol stack vulnerabilities includes defining an initial protocol field and field value space for fuzz testing of a network communications protocol stack implementation. The method further includes dividing the initial space into regions corresponding to combinations of protocol fields and field values. The method further includes assigning vulnerability ratings to at least some of the regions. The method further includes executing fuzz testing of the network communications protocol stack implementation using the protocol fields and field values corresponding to the regions. The method further includes updating the vulnerability ratings of the regions based on results of the testing. The method further includes identifying, based on the updated vulnerability ratings, at least one region with a higher vulnerability rating than other regions. The method further includes performing fuzz testing for the sub-regions.

60 Citations

View as Search Results

18 Claims

1. A method for converging on network protocol stack vulnerabilities using fuzzing variables, vulnerability ratings and progressive convergence, the method comprising:
- defining an initial protocol field and field value space for fuzz testing of a network communications protocol stack implementation;
  
  dividing the initial protocol field and field value space into regions corresponding to combinations of protocol fields and field values;
  
  assigning vulnerability ratings to at least some of the regions;
  
  executing fuzz testing of the network communications protocol stack implementation using the fields and field values defined by the regions;
  
  updating the vulnerability ratings of the regions based on results of the testing;
  
  identifying, based on the updated vulnerability ratings, at least one region with a higher vulnerability rating than other regions; and
  
  dividing the at least one region into sub-regions and performing fuzz testing of the sub-regions, wherein performing fuzz testing for the sub-regions includes;
  
  identifying at least one sub-region with a higher vulnerability rating than other sub-regions;
  
  determining whether violation causing parameter values are sufficiently localized in the at least one sub-region; and
  
  in response to determining that the violation causing parameter values are not sufficiently localized in the at least one sub-region, dividing the sub-region into sub-regions and performing fuzz testing for the sub-regions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the initial protocol field and field value space includes a combination of different network protocol fields and ranges of values for those fields.
  - 3. The method of claim 2 wherein executing fuzz testing for the regions includes transmitting test packets to a device under test, wherein the test packets include fuzzed parameter values corresponding to the ranges for the different network protocol fields.
  - 4. The method of claim 1 wherein dividing the initial space into regions includes dividing the initial space into regions that correspond to subsets of the initial protocol field and field value space.
  - 5. The method of claim 1 wherein assigning vulnerability ratings to at least some of the regions includes receiving the vulnerability ratings from a user or automatically assigning the vulnerability ratings to the regions.
  - 6. The method of claim 1 wherein executing fuzz testing of the network communications protocol stack implementation using the regions includes transmitting test packets to a device under test that includes the network communications protocol stack implementation, wherein the test packets include combinations of protocol fields and field values corresponding to the regions.
  - 7. The method of claim 1 wherein updating the vulnerability ratings of the regions includes incrementing a vulnerability rating for a region each time fuzz testing with parameter values corresponding to the region causes the network communications protocol stack implementation to fail or transition to an invalid state.
  - 8. The method of claim 1 comprising, in response to determining that the violation causing parameter values are sufficiently localized in the at least one sub-region, ceasing fuzz testing and analyzing the network communications protocol stack implementation for vulnerability using the identified parameter space.

9. A system for converging on network protocol stack vulnerabilities using fuzzing variables, vulnerability rating and progressive convergence, the system comprising:
- a computing platform including a processor and a memory;
  
  a progressive fuzzer stored in the memory and executed by the processor for defining an initial protocol field and field value space for fuzz testing of a network communications protocol stack implementation and dividing the initial space into regions corresponding to combinations of protocol fields and field values; and
  
  a vulnerability ratings module stored in the memory and executed by the processor for assigning vulnerability ratings to at least some of the regions, wherein the progressive fuzzer executes fuzz testing of the network communications protocol stack implementation using the fields and field values defined by the regions, wherein the vulnerability ratings module or the progressive fuzzer updates the vulnerability ratings of the regions based on results of the testing, wherein the progressive fuzzer identifies, based on the updated vulnerability ratings, at least one region with a higher vulnerability rating than other regions, divides the at least one regions into sub-regions and performing fuzz testing of the sub-regions, wherein, in performing the fuzz testing for the sub-regions, the progressive fuzzer;
  
  identifies at least one sub-region with a higher vulnerability rating than other sub-regions;
  
  determines whether violation causing parameter values are sufficiently localized to the at least one sub-region; and
  
  in response to determining that the violation causing parameter values are not sufficiently localized in the at least one identified sub-region, divides the sub-region into sub-regions and performs fuzz testing for the sub-regions of the identified sub-region.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9 wherein the initial protocol field and field value space includes a combination of different network protocol fields and ranges of values for those fields.
  - 11. The system of claim 10 wherein, in performing fuzz testing for the regions, the progressive fuzzer transmits test packets to a device under test, wherein the test packets include fuzzed parameter values corresponding to the ranges for the different network protocol fields.
  - 12. The system of claim 9 wherein the progressive fuzzer divides the initial space into regions that correspond to subsets of the initial protocol field and field value space.
  - 13. The system of claim 9 wherein the vulnerability ratings module receives the vulnerability ratings for the regions from a user or automatically assigns the vulnerability ratings to the regions.
  - 14. The system of claim 9 wherein the progressive fuzzer executes the fuzz testing of the network communications protocol stack implementation using the regions by transmitting test packets to a device under test that includes the network communications protocol stack implementation, wherein the test packets include combinations of protocol fields and field values corresponding to the regions.
  - 15. The system of claim 9 wherein the vulnerability ratings module or the progressive fuzzer increments a vulnerability rating for a region each time fuzz testing with parameter values corresponding to the region causes the network communications protocol stack implementation to fail or transition to an invalid state.
  - 16. The system of claim 9 wherein the progressive fuzzer is configured to cease the fuzz testing in response to determining that the violation causing parameter values are sufficiently localized to the identified sub-region.

17. A non-transitory computer readable medium having stored thereon executable instructions that when executed by the processor of a computer control the computer to perform steps comprising:
- defining an initial protocol field and field value space for fuzz testing of a network communications protocol stack implementation;
  
  dividing the initial space into regions corresponding to combinations of protocol fields and field values;
  
  assigning vulnerability ratings to at least some of the regions;
  
  executing fuzz testing of the network communications protocol stack implementation using the fields and field values defined by the regions;
  
  updating the vulnerability ratings of the regions based on results of the testing;
  
  identifying, based on the updated vulnerability ratings, at least one region with a higher vulnerability rating than other regions; and
  
  dividing the at least one region into sub-regions and performing fuzz testing of the sub-regions, wherein performing fuzz testing for the sub-regions includes;
  
  identifying at least one sub-region with a higher vulnerability rating than other sub-regions;
  
  determining whether violation causing parameter values are sufficiently localized in the at least one sub-region; and
  
  in response to determining that the violation causing parameter values are not sufficiently localized in the at least one sub-region, dividing the sub-region into sub-regions and performing fuzz testing for the sub-regions.
- View Dependent Claims (18)
- - 18. The non-transitory computer readable medium of claim 17 wherein the initial protocol field and field value space includes a combination of different network protocol fields and ranges of values for those fields.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Keysight Technologies Singapore (Holdings) Pte. Limited. (Keysight Technologies, Inc.)
Original Assignee
Ixia (Keysight Technologies, Inc.)
Inventors
Mandal, Kingshuk, Lahiri, Abhijit
Primary Examiner(s)
Ho, Dao

Application Number

US14/659,309
Publication Number

US 20160277432A1
Time in Patent Office

533 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

Methods, systems, and computer readable media for converging on network protocol stack vulnerabilities using fuzzing variables, vulnerability ratings and progressive convergence

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Methods, systems, and computer readable media for converging on network protocol stack vulnerabilities using fuzzing variables, vulnerability ratings and progressive convergence

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others