Finding protocol manipulation attacks

KothariNupur,; MahajanRatul,; MillsteinTodd,; GovindanRamesh,; MusuvathiMadanlal,

doi:10.1145/2043164.2018440

Cited by 18 publications

(15 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Like others [19], we observe that, to deal with loops, symbolic execution would potentially need to explore an unbounded number of paths. As described in Section 3.2, we effectively side-step this problem by exploiting knowledge of the OpenFlow message grammar to construct inputs that ensure we explore a bounded number of paths.…”

Section: Symbolic Executionmentioning

confidence: 62%

See 1 more Smart Citation

A SOFT way for openflow switch interoperability testing

Kuźniar

Perešíni

Canini

et al. 2012

Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies

View full text Add to dashboard Cite

The increasing adoption of Software Defined Networking, and OpenFlow in particular, brings great hope for increasing extensibility and lowering costs of deploying new network functionality. A key component in these networks is the OpenFlow agent, a piece of software that a switch runs to enable remote programmatic access to its forwarding tables. While testing high-level network functionality, the correct behavior and interoperability of any OpenFlow agent are taken for granted. However, existing tools for testing agents are not exhaustive nor systematic, and only check that the agent's basic functionality works. In addition, the rapidly changing and sometimes vague OpenFlow specifications can result in multiple implementations that behave differently. This paper presents SOFT, an approach for testing the interoperability of OpenFlow switches. Our key insight is in automatically identifying the testing inputs that cause different OpenFlow agent implementations to behave inconsistently. To this end, we first symbolically execute each agent under test in isolation to derive which set of inputs causes which behavior. We then crosscheck all distinct behaviors across different agent implementations and evaluate whether a common input subset causes inconsistent behaviors. Our evaluation shows that our tool identified several inconsistencies between the publicly available Reference OpenFlow switch and Open vSwitch implementations.

show abstract

Section: Symbolic Executionmentioning

confidence: 62%

“…Finally, SOFT does not require the definition of correct behavior to be specified. Complementary to SOFT, Kothari et al [19] use symbolic execution to identify protocol manipulation attacks. The goal here is for a node to try to determine harmful behavior induced upon itself by received messages from other participants.…”

Section: Testing Openflow Switchesmentioning

confidence: 99%

A SOFT way for openflow switch interoperability testing

Kuźniar

Perešíni

Canini

et al. 2012

Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies

View full text Add to dashboard Cite

show abstract

“…On the other hand, from a secure system design point of view, identification of covert channels is equally important in order to prevent information leakage from high priority level processes to the lower levels. Thus, a great deal of attention has been focused on developing efficient methods for identification of weaknesses and design oversights that may be used for covert communication [72].…”

Section: Covert Channel Countermeasuresmentioning

confidence: 99%

“…The design oversights can be fixed once they are identified [72]. Therefore, covert channels that are designed based on such weaknesses can not have long life spans and will be removed easily when their target systems are upgraded.…”

Section: Covert Channel Countermeasuresmentioning

confidence: 99%

Behavioral Mimicry Covert Communication

Ahmadzadeh

Agnew

2012

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

“…The only work we are aware of that used automation for finding attacks in TCP congestion control implementations is the work in [24] which relies on the user to provide a vulnerable line of code and then performs static analysis. The vulnerable line of code from the user is critical to ensure scalability of the approach.…”

Section: Introductionmentioning

confidence: 99%

Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach

Jero

Hoque

Choffnes

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-One of the most important goals of TCP is to ensure fairness and prevent congestion collapse by implementing congestion control. Various attacks against TCP congestion control have been reported over the years, most of which have been discovered through manual analysis. In this paper, we propose an automated method that combines the generality of implementation-agnostic fuzzing with the precision of runtime analysis to find attacks against implementations of TCP congestion control. It uses a model-guided approach to generate abstract attack strategies, by leveraging a state machine model of TCP congestion control to find vulnerable state machine paths that an attacker could exploit to increase or decrease the throughput of a connection to his advantage. These abstract strategies are then mapped to concrete attack strategies, which consist of sequences of actions such as injection or modification of acknowledgements and a logical time for injection. We design and implement a virtualized platform, TCPWN, that consists of a a proxy-based attack injector and a TCP congestion control state tracker that uses only network traffic to create and inject these concrete attack strategies. We evaluated 5 TCP implementations from 4 Linux distributions and Windows 8.1. Overall, we found 11 classes of attacks, of which 8 are new.

show abstract

Finding protocol manipulation attacks

Cited by 18 publications

References 23 publications

A SOFT way for openflow switch interoperability testing

A SOFT way for openflow switch interoperability testing

Behavioral Mimicry Covert Communication

Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach

Contact Info

Product

Resources

About