Automatic Vulnerability Detection
Testing distributed systems is a complex task. Debugging and testing normal software is quite challenging by itself, and distributed systems, by their very nature, operate on multiple independent systems simultaneously. Further, these systems typically include some form of fault tolerance which both complicates testing further and is difficult to test. Perhaps unsurprisingly, these systems rarely receive more than ad hoc testing, typically in the form of a developer test suite.
Formal analysis and model checking can help some. Model checking the design of distributed systems, in particular, is extremely helpful. However, model checking only verifies the design of the system. Implementation bugs are still a very real problem that model checking does not protect against. Formal analysis can also help in some cases, but distributed systems tend to be too large for timely analysis with such tools. Further, many of these systems are written in languages like C and make use of low level constructs that make formal analysis difficult.
We take a different approach and consider attacks that could be performed by compromised participants manipulating message content and delivery. We use the unmodified distributed system running in a virtualized environment for testing and insert a proxy capable of modifying messages between the participants in an attempt to find bugs or vulnerabilities. This design allows us to discover implementation bugs as well as issues with the formal protocol specification.
This approach operates on unmodified applications in their original environment. We do not require source code instrutmentation, or even access to the source code. This enables our approach to work on the maximum number of applications.
This approach was originally developed by Hyojeong Lee. Since the Fall of 2013, I have been working with her to expand this concept to work with network transport protocols, like TCP, DCCP, and SCTP. We have had significant success on networking protocols, finding 9 vulnerabilities in 5 implementations of 2 transport protocols, 5 of which were previously unknown. In Summer of 2015, we published a paper in DSN about this system.
Update: We have released the source code for SNAKE, our automated attack finding system for transport protocols. Code is on github here.
- Samuel Jero, Hyojeong Lee, and Cristina Nita-Rotaru. Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations. 45th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June 2015, pp 1-12. [PDF][Presentation]
- Samuel Jero, Hyojeong Lee, and Cristina Nita-Rotaru. A Framework to Find Vulnerabilities Using State Characteristics in Transport Protocol Implementations. Poster. 2014 CERIAS Symposium, 2014. [PDF]