Automated packet trace analysis of TCP implementations
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Advanced compiler design and implementation
Advanced compiler design and implementation
Avoiding exponential explosion: generating compact verification conditions
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic execution and program testing
Communications of the ACM
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A Discipline of Programming
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Modular verification of software components in C
Proceedings of the 25th International Conference on Software Engineering
Integrated TCP/IP Protocol Software Testing for Vulnerability Detection
ICCNMC '03 Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing
Violating Assumptions with Fuzzing
IEEE Security and Privacy
CMC: a pragmatic approach to model checking real code
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Efficient weakest preconditions
Information Processing Letters
SCL: a language for security testing of network applications
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Automatically Generating Malicious Disks using Symbolic Execution
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Replayer: automatic protocol replay by binary analysis
Proceedings of the 13th ACM conference on Computer and communications security
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Model checking large network protocol implementations
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
USTC'94 Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference - Volume 1
Rule-based static analysis of network protocol implementations
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Creating Vulnerability Signatures Using Weakest Preconditions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Advanced Network Fingerprinting
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
Impact of IT monoculture on behavioral end host intrusion detection
Proceedings of the 1st ACM workshop on Research on enterprise networking
Darwin: an approach for debugging evolving programs
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Testing system virtual machines
Proceedings of the 19th international symposium on Software testing and analysis
On test repair using symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Input generation via decomposition and re-stitching: finding bugs in Malware
Proceedings of the 17th ACM conference on Computer and communications security
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Inferring protocol state machine from network traces: a probabilistic approach
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
DARWIN: An approach to debugging evolving programs
ACM Transactions on Software Engineering and Methodology (TOSEM)
B@bel: leveraging email delivery for spam mitigation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
TACHYON: tandem execution for efficient live patch testing
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
PeerPress: utilizing enemies' P2P strength against them
Proceedings of the 2012 ACM conference on Computer and communications security
Detecting and analyzing insecure component usage
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Taint analysis of security code in the KLEE symbolic execution engine
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Hi-index | 0.00 |
Different implementations of the same protocol specification usually contain deviations, i.e., differences in how they check and process some of their inputs. Deviations are commonly introduced as implementation errors or as different interpretations of the same specification. Automatic discovery of these deviations is important for several applications. In this paper, we focus on automatic discovery of deviations for two particular applications: error detection and fingerprint generation. We propose a novel approach for automatically detecting deviations in the way different implementations of the same specification check and process their input. Our approach has several advantages: (1) by automatically building symbolic formulas from the implementation, our approach is precisely faithful to the implementation; (2) by solving formulas created from two different implementations of the same specification, our approach significantly reduces the number of inputs needed to find deviations; (3) our approach works on binaries directly, without access to the source code. We have built a prototype implementation of our approach and have evaluated it using multiple implementations of two different protocols: HTTP and NTP. Our results show that our approach successfully finds deviations between different implementations, including errors in input checking, and differences in the interpretation of the specification, which can be used as fingerprints.