Jan. 28, 2013 to Jan. 30, 2013
Meijian Li , Compute Coll. NUDT, Changsha, China
Yongjun Wang , Compute Coll. NUDT, Changsha, China
Peidai Xie , Compute Coll. NUDT, Changsha, China
Generally there are several versions of implementations for a network protocol specification. However, these protocol implementations inevitably contain deviations, which are usually introduced by errors in engineering development process or different interpretations of software developers for the same protocol specification. Thus, discovery of protocol deviations in implementation binaries is significant for several applications, such as exploiting vulnerability and generating fingerprint from a series of protocol implementations. In this paper, we propose an approach to discover deviations based on dynamic binary analysis technique and semantic-based active testing technique. Comparing with previous similar works, the proposed approach has the following advantages: (1) It works on the binaries of protocol implementations under test, thus do not have to require source code for each implementation; (2) By observing how protocol implementation parses encrypted messages, it is able to discover deviations in cryptographic protocol implementations. We have developed a prototype system to evaluate the proposed approach, and use this system to discover deviations in several implementations of two kinds of protocols: text-based HTTP protocol and cryptography-based FTPS protocol. The results show that the prototype system can successfully discover deviations between their different implementations, and verifies the feasibility of the proposed approach.
Protocols, Testing, Servers, Monitoring, Fingerprint recognition, Computer crashes, Semantics,Protocol Error Detection, Dynamic Binary Analysis, Protocol Reverse Engineering
Meijian Li, Yongjun Wang, Peidai Xie, "A binary analysis method for protocol deviation discovery from implementations", ICOIN, 2013, The International Conference on Information Networking 2014 (ICOIN2014), The International Conference on Information Networking 2014 (ICOIN2014) 2013, pp. 670-675, doi:10.1109/ICOIN.2013.6496707