Network protocol software is usually characterized by complicated functions and a vast state space.In this type of program,a massive number of stateful variables that are used to represent the evolution of the states ...Network protocol software is usually characterized by complicated functions and a vast state space.In this type of program,a massive number of stateful variables that are used to represent the evolution of the states and store some information about the sessions are prone to potentialflaws caused by violations of protocol specification requirements and program logic.Discovering such variables is significant in discovering and exploiting vulnerabilities in protocol software,and still needs massive manual verifications.In this paper,we propose a novel method that could automatically discover the use of stateful variables in network protocol software.The core idea is that a stateful variable features information of the communication entities and the software states,so it will exist in the form of a global or static variable during program execution.Based on recording and replaying a protocol program’s execution,varieties of variables in the life cycle can be tracked with the technique of dynamic instrument.We draw up some rules from multiple dimensions by taking full advantage of the existing vulnerability knowledge to determine whether the data stored in critical memory areas have stateful characteristics.We also implement a prototype system that can discover stateful variables automatically and then perform it on nine programs in Pro FuzzBench and two complex real-world software programs.With the help of available open-source code,the evaluation results show that the average true positive rate(TPR)can reach 82%and the average precision can be approximately up to 96%.展开更多
基金Project supported by the National Natural Science Foundation of China(Nos.61902416 and 61902412)the Natural Science Foundation of Hunan Province,China(No.2019JJ50729)。
文摘Network protocol software is usually characterized by complicated functions and a vast state space.In this type of program,a massive number of stateful variables that are used to represent the evolution of the states and store some information about the sessions are prone to potentialflaws caused by violations of protocol specification requirements and program logic.Discovering such variables is significant in discovering and exploiting vulnerabilities in protocol software,and still needs massive manual verifications.In this paper,we propose a novel method that could automatically discover the use of stateful variables in network protocol software.The core idea is that a stateful variable features information of the communication entities and the software states,so it will exist in the form of a global or static variable during program execution.Based on recording and replaying a protocol program’s execution,varieties of variables in the life cycle can be tracked with the technique of dynamic instrument.We draw up some rules from multiple dimensions by taking full advantage of the existing vulnerability knowledge to determine whether the data stored in critical memory areas have stateful characteristics.We also implement a prototype system that can discover stateful variables automatically and then perform it on nine programs in Pro FuzzBench and two complex real-world software programs.With the help of available open-source code,the evaluation results show that the average true positive rate(TPR)can reach 82%and the average precision can be approximately up to 96%.
