Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation

16th USENIX Security Symposium

Volumn , Issue , 2007, Pages 213-228

  Brumley, David ^a   Caballero, Juan ^a   Liang, Zhenkai ^a   Newsome, James ^a   Song, Dawn ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ERROR DETECTION; SPECIFICATIONS;

AUTOMATIC DISCOVERY; DETECTING DEVIATIONS; DIFFERENT PROTOCOLS; IMPLEMENTATION ERROR; PROTOCOL SPECIFICATIONS; PROTOTYPE IMPLEMENTATIONS; SOURCE CODES;

PALMPRINT RECOGNITION;

EID: 85077688456     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (47)

1. The BitBlaze binary analysis platform. http://www.cs.cmu.edu/~dbrumley/bitblaze.
2. Bitscope. http://www.cs.cmu.edu/~chartwig/bitscope.
3. IrcFuzz. http://www.digitaldwarf.be/products/ircfuzz.c.
4. ISIC: IP stack integrity checker. http://www.packetfactory.net/Projects/ISIC.
5. JBroFuzz. http://www.owasp.org/index.php/Category:OWASP\_JBroFuzz.
6. MangleMe. http://lcamtuf.coredump.cx.
7. NetTime. http://nettime.sourceforge.net.
8. Nmap. http://www.insecure.org.
9. Peach. http://peachfuzz.sourceforge.net.
10. QEMU: an open source processor emulator. http://www.qemu.org.
11. Queso. http://ftp.cerias.purdue.edu/pub/tools/unix/scanners/queso.
12. Spike. http://www.immunitysec.com/resources-freesoftware.shtml.
13. Windows NTP server. http://www.ee.udel.edu/~mills/ntp/html/build/hints/winnt.html.
14. Wireshark: fuzz testing tools. http://wiki.wireshark.org/FuzzTesting.
15. Xprobe. http://www.sys-security.com.
16. BERNERS-LEE, T., FIELDING, R., AND MASINTER, L. Uniform Resource Identifier (URI): Generic Syntax. RFC 3986 (Standard), 2005.
17. BRUMLEY, D., HARTWIG, C., LIANG, Z., NEWSOME, J., SONG, D., AND YIN, H. Towards automatically identifying trigger-based behavior in malware using symbolic execution and binary analysis. Tech. Rep. CMU-CS-07-105, Carnegie Mellon University School of Computer Science, 2007.
18. BRUMLEY, D., NEWSOME, J., SONG, D., W., H., AND JHA, S. Towards automatic generation of vulnerability-based signatures. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006).
19. BRUMLEY, D., WANG, H., JHA, S., AND SONG, D. Creating vulnerability signatures using weakest pre-conditions. In Proceedings of the 2007 Symposium on Computer Security Foundations Symposium (2007).
20. CABALLERO, J., VENKATARAMAN, S., POOSANKAM, P., KANG, M. G., SONG, D., AND BLUM, A. Fig: Automatic fingerprint generation. In 14th Annual Network and Distributed System Security Conference (NDSS) (2007).
21. CADAR, C., GANESH, V., PAWLOWSKI, P., DILL, D., AND ENGLER, D. EXE: A system for automatically generating inputs of death using symbolic execution. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS) (2006).
22. CHAKI, S., CLARKE, E., GROCE, A., JHA, S., AND VEITH, H. Modular verification of software components in C. In Proceedings of the 25th International Conference on Software Engineering (ICSE)(2003).
23. CHEN, H., AND WAGNER, D. MOPS: an infrastructure for examining security properties of software. In Proceedings of the 9th ACM conference on Computer and Communications Security (CCS) (2002).
24. COHEN, E. Programming in the 1990’s. Springer-Verlag, 1990.
25. COMER, D., AND LIN, J. C. Probing TCP implementations. In USENIX Summer 1994 (1994).
26. DIJKSTRA, E. A Discipline of Programming. Prentice Hall, Englewood Cliffs, NJ, 1976.
27. FIELDING, R., GETTYS, J., MOGUL, J., FRYSTYK, H., MASINTER, L., LEACH, P., AND BERNERS-LEE, T. Hypertext Transfer Protocol – HTTP/1.1. RFC 2616 (Draft Standard), June 1999. Updated by RFC 2817.
28. FLANAGAN, C., LEINO, K. R. M., LILLIBRIDGE, M., NELSON, G., SAXE, J. B., AND STATA, R. Estended static checking for Java. In ACM Conference on the Programming Language Design and Implementation (PLDI) (2002).
29. FLANAGAN, C., AND SAXE, J. Avoiding exponential explosion: Generating compact verification conditions. In Proceedings of the 28th ACM Symposium on the Principles of Programming Languages (POPL) (2001).
30. GANESH, V., AND DILL, D. STP: A decision procedure for bitvectors and arrays. http://theory.stanford.edu/~vganesh/stp.html.
31. GANESH, V., AND DILL, D. A decision procedure for bit-vectors and arrays. In Proceedings of the Computer Aided Verification Conference (2007).
32. GODEFROID, P., KLARLUND, N., AND SEN, K. DART: Directed automated random testing. In Proceedings of the 2005 Programming Language Design and Implementation Conference (PLDI) (2005).
33. KAKSONEN, R. A Functional Method for Assessing Protocol Implementation Security. PhD thesis, Technical Research Centre of Finland, 2001.
34. KING, J. Symbolic execution and program testing. Communications of the ACM 19 (1976), 386–394.
35. KRUEGEL, C., KIRDA, E., MUTZ, D., ROBERTSON, W., AND VIGNA, G. Automating mimicry attacks using static binary analysis. In Proceedings of the 14th USENIX Security Symposium (2005).
36. LEINO, K. R. M. Efficient weakest preconditions. Information Processing Letters 93, 6 (2005), 281–288.
37. MARQUIS, S., DEAN, T. R., AND KNIGHT, S. SCL: a language for security testing of network applications. In Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research (2005).
38. MILLS, D. Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI. RFC 4330 (Informational), 2006.
39. MUCHNICK, S. Advanced Compiler Design and Implementation. Academic Press, 1997.
40. MUSUVATHI, M., AND ENGLER, D. R. Model checking large network protocol implementations. In Proceedings of the First Symposium on Networked Systems Design and Implementation (NSDI) (2004).
41. MUSUVATHI, M., PARK, D. Y., CHOU, A., ENGLER, D. R.,, AND DILL, D. L. CMC: A pragmatic approach to model checking real code. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI) (2002).
42. th ACM Conference on Computer and and Communications Security (CCS) (2006).
43. OEHLERT, P. Violating assumptions with fuzzing. IEEE Security and Privacy Magazine 3, 2 (2005), 58 – 62.
44. PAXSON, V. Automated packet trace analysis of TCP implementations. In ACM SIGCOMM 1997 (1997).
45. UDREA, O., LUMEZANU, C., AND FOSTER, J. S. Rule-based static analysis of network protocol implementations. In Proceedings of the 15th USENIX Security Symposium (2006).
46. XIAO, S., DENG, L., LI, S., AND WANG, X. Integrated tcp/ip protocol software testing for vulnerability detection. In Proceedgins of International Conference on Computer Networks and Mobile Computing (2003).
47. YANG, J., SAR, C., TWOHEY, P., CADAR, C., AND ENGLER, D. Automatically generating malicious disks using symbolic execution. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006).