Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations

Aug 26, 2015

Download: MP4 Video Size: 103.5MB  
Watch on YouTube

Abstract

Network transport protocols, like TCP, underlie the vast majority of Internet communication, from email to web browsing to instant messaging to file transfer. Despite their importance, these protocols are difficult to implement correctly, leading to a long string of bugs and vulnerabilities dating back to 1985.

In this talk we present a new method for finding attacks in unmodified transport protocol implementations using the specification of the protocol state machine to reduce the search space of possible attacks. Such reduction is obtained by applying malicious actions to all packets of the same type observed in the same state instead of applying them to individual packets. Our method requires knowledge of the packet formats and protocol state machine. We demonstrate our approach by developing SNAKE, a tool that automatically finds performance and resource exhaustion attacks on unmodified transport protocol implementations. SNAKE utilizes virtualization to run unmodified implementations in their intended environments and network emulation to create the network topology. SNAKE was able to find 9 attacks on 2 transport protocols, 5 of which we believe to be unknown in the literature. This work was awarded best paper in DSN 2015.