The University of Southampton
University of Southampton Institutional Repository

Rule-based verification of network protocol implementations using symbolic execution

Rule-based verification of network protocol implementations using symbolic execution
Rule-based verification of network protocol implementations using symbolic execution
The secure and correct implementation of network protocols for resource discovery, device configuration and network management is complex and error-prone. Protocol specifications contain ambiguities, leading to implementation flaws and security vulnerabilities in network daemons. Such problems are hard to detect because they are often triggered by complex sequences of packets that occur only after prolonged operation. The goal of this work is to find semantic bugs in network daemons. Our approach is to replay a set of input packets that result in high source code coverage of the daemon and observe potential violations of rules derived from the protocol specification. We describe SYMNV, a practical verification tool that first symbolically executes a network daemon to generate high coverage input packets and then checks a set of rules constraining permitted input and output packets. We have applied SYMNV to three different implementations of the Zeroconf protocol and show that it is able to discover non-trivial bugs
1-8
Song, J.
e82ff981-9c67-4ff5-8971-cb518bd1b3db
Ma, Tiejun
1f591849-f17c-4209-9f42-e6587b499bae
Cadar, C.
f571ab43-49ec-4459-8655-7309f67a2c3e
Piezuch, P.
d56c9962-8d38-48dd-aa22-35123a550b1d
Song, J.
e82ff981-9c67-4ff5-8971-cb518bd1b3db
Ma, Tiejun
1f591849-f17c-4209-9f42-e6587b499bae
Cadar, C.
f571ab43-49ec-4459-8655-7309f67a2c3e
Piezuch, P.
d56c9962-8d38-48dd-aa22-35123a550b1d

Song, J., Ma, Tiejun, Cadar, C. and Piezuch, P. (2011) Rule-based verification of network protocol implementations using symbolic execution. 20th International Conference on Computer Communications and Networks (ICCCN 2011), Maui County, United States. 30 Jul - 04 Aug 2011. pp. 1-8 . (doi:10.1109/ICCCN.2011.6005945).

Record type: Conference or Workshop Item (Paper)

Abstract

The secure and correct implementation of network protocols for resource discovery, device configuration and network management is complex and error-prone. Protocol specifications contain ambiguities, leading to implementation flaws and security vulnerabilities in network daemons. Such problems are hard to detect because they are often triggered by complex sequences of packets that occur only after prolonged operation. The goal of this work is to find semantic bugs in network daemons. Our approach is to replay a set of input packets that result in high source code coverage of the daemon and observe potential violations of rules derived from the protocol specification. We describe SYMNV, a practical verification tool that first symbolically executes a network daemon to generate high coverage input packets and then checks a set of rules constraining permitted input and output packets. We have applied SYMNV to three different implementations of the Zeroconf protocol and show that it is able to discover non-trivial bugs

This record has no associated files available for download.

More information

Published date: 2011
Venue - Dates: 20th International Conference on Computer Communications and Networks (ICCCN 2011), Maui County, United States, 2011-07-30 - 2011-08-04
Organisations: Southampton Business School

Identifiers

Local EPrints ID: 204603
URI: http://eprints.soton.ac.uk/id/eprint/204603
PURE UUID: 37d79794-5a37-4d75-9ec7-3fcc60ba4292

Catalogue record

Date deposited: 01 Dec 2011 10:16
Last modified: 14 Mar 2024 04:31

Export record

Altmetrics

Contributors

Author: J. Song
Author: Tiejun Ma
Author: C. Cadar
Author: P. Piezuch

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×