Can You Fool Me? Towards Automatically Checking Protocol Gullibility

7th ACM Workshop on Hot Topics in Networks, HotNets 2008

Volumn , Issue , 2008, Pages 31-36

  Stanojevic, Milan ^a   Mahajan, Ratul ^b   Millstein, Todd ^a   Musuvathi, Madanlal ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b MICROSOFT RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 80053168763     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (22)

1. A. Barbir, S. Murphy, and Y. Yang. Generic threats to routing protocols. Technical Report RFC-4593, IETF, Oct. 2006.
2. Browser Fuzzing for Fun and Profit. http://blog.metasploit.com/2006/03/browser-fuzzing-for-fun-and-profit.html.
3. C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and D. R. Engler. Exe: automatically generating inputs of death. In ACM Conference on Computer and Communications Security, pages 322-335, 2006.
4. M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach. Secure routing for structured peer-to-peer overlay networks. In OSDI, Dec. 2002.
5. E. M. Clarke, S. Jha, and W. Marrero. Verifying security protocols with brutus. ACM Trans. Softw. Eng. Methodol., 9(4):443-487, 2000.
6. W. Cui, M. Peinado, K. Chen, H. J. Wang, and L. Irun-Briz. Tupni: Automatic reverse engineering of input formats. In The 15th ACM Conference on Computer and Communications Security (CCS), 2008.
7. P. Godefroid. Model checking for programming languages using verisoft. In Principles of Programming Languages (POPL), Jan. 1997.
8. P. Godefroid, A. Kiezun, and M. Y. Levin. Grammar-based whitebox fuzzing. In PLDI, pages 206-215, 2008.
9. P. Godefroid, N. Klarlund, and K. Sen. Dart: Directed automated random testing. In PLDI'05: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 213-223, New York, NY, USA, 2005. ACM.
10. C. Killian, J. W. Anderson, R. Baud, R. Jhala, and A. Vahdat. Mace: Language support for building distributed systems. In PLDI, June 2007.
11. C. Killian, J. W. Anderson, R. Jhala, and A. Vahdat. Life, death, and the critical transition: Finding liveness bugs in system code. In NSDI, Apr. 2007.
12. J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7), 1976.
13. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 1055, pages 147-166. Springer-Verlag, Berlin Germany, 1996.
14. R. Mahajan, M. Rodrig, D. Wetherall, and J. Zahorjan. Encouraging cooperation in multi-hop wireless networks. In NSDI, May 2005.
15. C. Meadows. The NRL protocol analyzer: An overview. Journal of Logic Programming, 26(2):113-131, 1996.
16. B. P. Miller, L. Fredriksen, and B. So. An empirical study of the reliability of unix utilities. Commun. ACM, 33(12):32-44, 1990.
17. M. Musuvathi, D. Park, A. Chou, D. Engler, and D. Dill. CMC: A pragmatic approach to model checking real code. In OSDI, Dec. 2002.
18. L. C. Paulson. Proving properties of security protocols by induction. In CSFW'97: Proceedings of the 10th IEEE workshop on Computer Security Foundations, page 70, Washington, DC, USA, 1997. IEEE Computer Society.
19. S. Savage, N. Cardwell, D. Wetherall, and T. Anderson. TCP congestion control with a misbehaving receiver. Computer Communication Review, 29(5), 1999.
20. V. Shmatikov and U. Stern. Efficient finite-state analysis for large security protocols. In CSFW, pages 106-115, 1998.
21. D. Wetherall, D. Ely, N. Spring, S. Savage, and T. Anderson. Robust congestion signaling. In ICNP, Nov. 2001.
22. J. Yang, P. Twohey, D. R. Engler, and M. Musuvathi. Using model checking to find serious file system errors. In OSDI, pages 273-288, 2004.