PORTABLE PROGRAM FOR GENERATING ATTACKS ON COMMUNICATION PROTOCOLS AND CHANNELS
3 Assignments
0 Petitions
Accused Products
Abstract
A security analyzer is capable of generating attacks to test the security of a device under analysis. The security analyzer further has the capability to generate a portable, executable program to generate specified attacks. In this way, others can recreate the attacks without requiring access to the security analyzer.
-
Citations
25 Claims
-
1-2. -2. (canceled)
-
3. A method for generating a security analysis test program for analyzing the vulnerability of a network device under analysis (DUA) to protocol abuse of a network protocol, comprising:
-
receiving captured network traffic from network communication according to the network communication protocol; based on the received traffic, producing a model of the message syntax for the network communication protocol; and based on the model;
automatically generating the executable security analysis test program, the program configured, when executed, to generate multiple attacks on the DUA, the attacks comprising sending intentionally malformed test message to the DUA. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An article of manufacture having stored thereon a series of computer executable instructions, the instructions configured, when executed by a processor, the cause the performance of a method for generating a security analysis test program for analyzing the vulnerability of a network device under analysis (DUA) to protocol abuse of a network protocol, the method comprising:
-
receiving captured network traffic from network communication according to the network communication protocol; based on the received traffic, producing a model of the message syntax for the network communication protocol; and based on the model;
automatically generating the executable security analysis test program, the program configured, when executed, to generate multiple attacks on the DUA, the attacks comprising sending intentionally malformed test message to the DUA. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A security analyzer for analyzing the vulnerability of a network device under analysis (DUA) to protocol abuse of a network protocol, comprising:
-
a parsing program stored on the security analyzer and configured to process a model of message syntax for messages in the network protocol; an I/O processor configured to generate and send test messages to the DUA based on the model, the test messages including intentionally malformed messages; and an executable program generation module configured to output an executable program based on the model that is configured, when executed, to generate intentionally malformed messages to be sent as test cases to a DUA. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification