Parth
Doshi

Colombian Research Scholars Program Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks

Abstract profile. Full document pending author claim.

Authors:

Parth Doshi

Date Created:

Not specified

Course Title:
Professor:

Not specified

About Paper:

Embedded Network Stacks (ENS) enable communication with cyber-physical systems. Many defects in ENS are high-severity cybersecurity vulnerabilities: they are remotely triggerable and can impact the physical world. The most common automated approach to detecting ENS defects is feedback-driven random dynamic analysis ("fuzzing"), a costly and unpredictable technique. While prior research has shed light on the characteristics of defects in many classes of software systems, no study has described the properties of known ENS defects nor identified a systematic technique for exposing them. This paper provides the first systematic characterization of vulnerabilities in ENS (61 defects across 6 ENS). Most ENS defects are concentrated in two layers of the network stack, occur in different states in the network protocol, and are triggered by only 1-2 modifications to a single packet. We therefore propose a novel systematic testing framework that focuses on the transport and network layers, uses seeds that cover a network protocol, and systematically modifies packet fields. We evaluate this framework on 4 ENS and find it replicates 12 of the 14 reported IP/TCP/UDP vulnerabilities. On recent versions of these ENSs, it discovered 7 novel defects during a bounded systematic test that covered all protocol states and made up to 3 modifications per packet. We found defects in 3 of the 4 ENS we tested that had not been found by prior fuzzing research. Our results suggest that fuzzing should be deferred until after systematic testing is employed.

Source:

Purdue University / 2023

Topics:

No topics listed

Co-authors:

Parth Doshi

0