Analyzing network protocol binary software with joint symbolic execution

Network protocol binary software is threaten by vulnerabilities. Current analyzing methods do not make full use of the interaction information in network protocol and do not treat both sides of network protocol as a whole system. This paper proposes a novel method based on joint symbolic execution to test synchronously both server and client of the whole network protocol binary software stacks. Moreover, this paper presents a prototype system, S2EProtocol-joint, upon Selective Symbolic Execution (S2E) platform to automatically test network protocol binary software. The experiment results validate that this approach is effective and efficient in detecting vulnerabilities.

[1]  Ramesh Govindan,et al.  Analyzing Protocol Implementations for Interoperability , 2015, NSDI.

[2]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[3]  David L. Dill,et al.  A Decision Procedure for Bit-Vectors and Arrays , 2007, CAV.

[4]  JaeSeung Song SymbexNet : checking network protocol implementations using symbolic execution , 2013 .

[5]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[6]  Konrad Rieck,et al.  Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols , 2015, SecureComm.

[7]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[8]  Karl N. Levitt,et al.  SELECT—a formal system for testing and debugging programs by symbolic execution , 1975 .

[9]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[10]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[11]  Pedram Amini,et al.  Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[12]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[13]  George Candea,et al.  S2E: a platform for in-vivo multi-path analysis of software systems , 2011, ASPLOS XVI.

[14]  Barton P. Miller,et al.  Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services , 1995 .

[15]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[16]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[17]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[18]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[19]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[20]  Wei Sun,et al.  SPD: Automatically Test Unmodified Network Programs with Symbolic Packet Dynamics , 2014, 2015 IEEE Global Communications Conference (GLOBECOM).

[21]  Soojin Park,et al.  Enhancing Conformance Testing Using Symbolic Execution for Network Protocols , 2015, IEEE Transactions on Reliability.

[22]  Peter R. Pietzuch,et al.  SymbexNet: Testing Network Protocol Implementations with Symbolic Execution and Rule-Based Specifications , 2014, IEEE Transactions on Software Engineering.