By Topic

A binary analysis method for protocol deviation discovery from implementations

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Meijian Li ; Compute College NUDT ChangSha, China ; Yongjun Wang ; Peidai Xie

Generally there are several versions of implementations for a network protocol specification. However, these protocol implementations inevitably contain deviations, which are usually introduced by errors in engineering development process or different interpretations of software developers for the same protocol specification. Thus, discovery of protocol deviations in implementation binaries is significant for several applications, such as exploiting vulnerability and generating fingerprint from a series of protocol implementations. In this paper, we propose an approach to discover deviations based on dynamic binary analysis technique and semantic-based active testing technique. Comparing with previous similar works, the proposed approach has the following advantages: (1) It works on the binaries of protocol implementations under test, thus do not have to require source code for each implementation; (2) By observing how protocol implementation parses encrypted messages, it is able to discover deviations in cryptographic protocol implementations. We have developed a prototype system to evaluate the proposed approach, and use this system to discover deviations in several implementations of two kinds of protocols: text-based HTTP protocol and cryptography-based FTPS protocol. The results show that the prototype system can successfully discover deviations between their different implementations, and verifies the feasibility of the proposed approach.

Published in:

The International Conference on Information Networking 2013 (ICOIN)

Date of Conference:

28-30 Jan. 2013