ABSTRACT
Attacks exploiting design or implementation flaws of particular features in popular protocols are becoming prevalent and have led to severe security impacts on a majority of software systems. Protocol customization as a general approach to specialize a standard protocol holds significant promise in reducing such attack surfaces in common protocols. In this work, we perform an initial investigation of applying protocol customization practices to reduce the attack surface of standard protocols. Our characterization study on 20 medium or high-impact common vulnerability exposures (CVEs) published in recent years indicates that some forms of customization have been supported in existing protocol software, but were implemented with huge manual effort and in an ad-hoc manner. More systematic and automated ways of protocol customization are awaited to generalize common customization practices across protocols. To work towards this goal, we identify key research challenges for the support of systematic and sufficiently automated protocol customization through real-world case study on popular protocol software, and propose an access control framework as a principled solution to unify existing protocol customization practices. We also present a preliminary design of a protocol customization system based on this design principle. Preliminary evaluation results demonstrate that our proposed system supports common customization practices for a majority of real-world protocol vulnerabilities in a systematic way.
- Apache HTTP Server configure - Configure the source tree. http://httpd.apache.org/docs/2.4/programs/configure.html.Google Scholar
- Check request/response submission error based side of session. https://github.com/nghttp2/nghttp2/commit/bb6f842b37b57c3d8e191db948e9165c59af7daf.Google Scholar
- Cloud Natural Language API. https://cloud.google.com/natural-language/.Google Scholar
- Customer Guidance for WannaCrypt Attacks. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/.Google Scholar
- CVE-2008-2364: mod_proxy_http DoS. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364.Google Scholar
- CVE-2009-1191: mod_proxy_ajp data leak. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191.Google Scholar
- CVE-2009-3555: SSL/TLS renegotiation attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555.Google Scholar
- CVE-2011-3192: Range header DoS. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192.Google Scholar
- CVE-2011-3607: Integer overflow in Apache HTTP server. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201--3607.Google Scholar
- CVE-2012-3499: Apache XSS. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499.Google Scholar
- CVE-2012-4929: CRIME attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929.Google Scholar
- CVE-2013-0169: Lucky13 attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169.Google Scholar
- CVE-2013-3587: BREACH attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587.Google Scholar
- CVE-2014-0160: Heartbleed bug. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160.Google Scholar
- CVE-2015-0204: OpenSSL FREAK attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204.Google Scholar
- CVE-2015-2808: RC4 attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808.Google Scholar
- CVE-2015-4000: Logjam attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000.Google Scholar
- CVE-2015-8659: Dependency cycle DoS. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8659.Google Scholar
- CVE-2016-0777: OpenSSH client information leak. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777.Google Scholar
- CVE-2016-1232: Prosody XMPP dialback vulnerability. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232.Google Scholar
- CVE-2016-1544: HPACK bomb. https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/.Google Scholar
- CVE-2016-1546: Slow read DoS. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546.Google Scholar
- CVE-2016-5387: HTTP_PROXY redirection. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387.Google Scholar
- CVE-2016-6581: HPACK bomb. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6581.Google Scholar
- CVE-2017-5858: XMPP Message Carbons extension vulnerability. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5858.Google Scholar
- Deepmind ai reduces google data centre cooling bill by 40%. https://deepmind.com/blog/deepmind-ai-reduces-google-data-centre-cooling-bill-40/.Google Scholar
- Google Application Security. https://www.google.com/about/appsecurity/research/.Google Scholar
- Hypertext Transfer Protocol Version 2 (HTTP/2). https://http2.github.io/http2-spec/.Google Scholar
- Introducing DeepText: Facebook's text understanding engine. https://code.facebook.com/posts/181565595577955/introducing-deeptext-facebook-s-text-understanding-engine/.Google Scholar
- nghttp2 - HTTP/2 C Library and tools. https://github.com/nghttp2/nghttp2/.Google Scholar
- OpenSCAP. https://www.open-scap.org/.Google Scholar
- Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry. http://thehackernews.com/2017/06/petya-ransomware-attack.html.Google Scholar
- Return error from nghttp2_submit_headers, request when self dependency. https://github.com/nghttp2/nghttp2/commit/8716dd05d44f3b4cf0ff719240297cec57359815.Google Scholar
- Set max number of outgoing concurrent streams to 100 by default. https://github.com/nghttp2/nghttp2/commit/a151a44caf92d8bc7ecca8d8ec4780fa6206be96.Google Scholar
- Spark MLlib. https://spark.apache.org/mllib/.Google Scholar
- The DROWN Attack. https://drownattack.com.Google Scholar
- The Heartbleed Bug. http://heartbleed.com.Google Scholar
- Use NGHTTP2_PROTOCOL_ERROR when peer exceeds MAX_CONCURRENT_STREAMS limit. https://github.com/nghttp2/nghttp2/commit/e2bbc9461618d953e60c51f6ad3c44a65c178db5.Google Scholar
- Weak Diffie-Hellman and the Logjam Attack. https://weakdh.org.Google Scholar
- A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools, volume 2. Addison-wesley Reading, 2007.Google Scholar
- L. O. Andersen. Program analysis and specialization for the C programming language. PhD thesis, University of Cophenhagen, 1994.Google Scholar
- D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In Proceedings of the 21st Annual Network and Distributed System Security Symposium, NDSS '14, 2014. Google ScholarCross Ref
- T. Bao, J. Burket, M. Woo, R. Turner, and D. Brumley. BYTEWEIGHT: Learning to Recognize Functions in Binary Code. In Proceedings of the 23rd USENIX Conference on Security Symposium, SEC '14, 2014.Google Scholar
- Y. Bengio. Deep Learning of Representations for Unsupervised and Transfer Learning. In Proceedings of the 2011 International Conference on Unsupervised and Transfer Learning Workshop - Volume 27, UTLW '11, 2011.Google ScholarDigital Library
- K. Bhargavan, D. Obradovic, and C. A. Gunter. Formal Verification of Standards for Distance Vector Routing Protocols. Journal of the ACM, 2002. Google ScholarDigital Library
- S. Bishop, M. Fairbairn, M. Norrish, P. Sewell, M. Smith, and K. Wansbrough. Rigorous Specification and Conformance Testing Techniques for Network Protocols, as Applied to TCP, UDP, and Sockets. SIGCOMM, 2005. Google ScholarDigital Library
- J. A. Boyan and M. L. Littman. Packet Routing in Dynamically Changing Networks: A Reinforcement Learning Approach. In Proceedings of the 6th International Conference on Neural Information Processing Systems, NIPS '93, 1993.Google Scholar
- M. Burke and R. Cytron. Interprocedural Dependence Analysis and Parallelization. In Proceedings of the 1986 SIGPLAN Symposium on Compiler Construction, SIGPLAN '86, 1986. Google ScholarDigital Library
- C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI '08, 2008.Google ScholarDigital Library
- R. Chang, G. Jiang, F. Ivancic, S. Sankaranarayanan, and V. Shmatikov. Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities. In CSF, 2009.Google ScholarDigital Library
- Q. A. Chen, Z. Qian, Y. Jia, Y. Shao, and Z. M. Mao. Static Detection of Packet Injection Vulnerabilities - A Case for Identifying Attacker-controlled Implicit Information Leaks. In ACM CCS, 2015.Google Scholar
- B. Chess and G. McGraw. Static Analysis for Security. In IEEE Security & Privacy, 2004. Google ScholarDigital Library
- Z. L. Chua, S. Shen, P. Saxena, and Z. Liang. Neural Nets Can Learn Function Type Signatures From Binaries. In Proceedings of the 26th USENIX Conference on Security Symposium, Security '17, 2017.Google ScholarDigital Library
- C. Cifuentes and M. V. Emmerik. Recovery of Jump Table Case Statements from Binary Code. In Proceedings of the 7th International Workshop on Program Comprehension, IWPC '99, 1999. Google ScholarCross Ref
- J. Clause, W. Li, and A. Orso. Dytan: A Generic Dynamic Taint Analysis Framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis, ISSTA '07, 2007. Google ScholarDigital Library
- B. De Sutter, B. De Bus, K. De Bosschere, P. Keyngnaert, and B. Demoen. On the Static Analysis of Indirect Control Transfers in Binaries. In Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, 2000.Google Scholar
- Z. Deng, X. Zhang, and D. Xu. BISTRO: Binary Component Extraction and Embedding for Software Security Applications. In Proceedings of the 18th European Symposium on Research in Computer Security, ESORICS '13, 2013. Google ScholarCross Ref
- D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security (TISSEC), 2001.Google Scholar
- A. Flexeder, B. Mihaila, M. Petter, and H. Seidl. Interprocedural Control Flow Reconstruction. In Proceedings of the 8th Asian Symposium on Programming Languages and Systems, APLAS 2010, 2010. Google ScholarCross Ref
- Y. Goldberg. A Primer on Neural Network Models for Natural Language Processing. CoRR, 2015.Google Scholar
- B. Hardekopf and C. Lin. Flow-Sensitive Pointer Analysis for Millions of Lines of Code. In Proceedings of the 9th Annual International Symposium on Code Generation and Optimization, CGO '11, 2011. Google ScholarCross Ref
- HexHive. libdetox: Fast and efficient binary translator. https://github.com/HexHive/libdetox.Google Scholar
- W.-M. W. Hwu, S. A. Mahlke, W. Y. Chen, P. P. Chang, N. J. Warter, R. A. Bringmann, R. G. Ouellette, R. E. Hank, T. Kiyohara, G. E. Haab, et al. The Superblock: An Effective Technique for VLIW and Superscalar Compilation. In Instruction-Level Parallelism, 1993.Google ScholarCross Ref
- A. Javaid, Q. Niyaz, W. Sun, and M. Alam. A Deep Learning Approach for Network Intrusion Detection System. In Proceedings of the 9th International Conference on Bio-inspired Information and Communications Technologies, BICT '15, 2015.Google Scholar
- Y. Jiang, D. Wu, and P. Liu. JRed: Program Customization and Bloatware Mitigation Based on Static Analysis. In 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC '16, 2016.Google Scholar
- Y. Jiang, C. Zhang, D. Wu, and P. Liu. Feature-based Software Customization: Preliminary Analysis, Formalization, and Methods. In Proceedings of the 17th IEEE High Assurance Systems Engineering Symposium, HASE '16, 2016. Google ScholarDigital Library
- G. Jin, W. Zhang, D. Deng, B. Liblit, and S. Lu. Automated Concurrency-Bug Fixing. In OSDI, 2012.Google ScholarDigital Library
- J. Kinder, F. Zuleger, and H. Veith. An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries. In Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation, 2009.Google Scholar
- N. Kothari, R. Mahajan, T. Millstein, R. Govindan, and M. Musuvathi. Finding Protocol Manipulation Attacks. In SIGCOMM, 2011. Google ScholarDigital Library
- C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization, 2004. Google ScholarCross Ref
- W. Lee and D. Xiang. Information-Theoretic Measures for Anomaly Detection. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, SP '01, 2001.Google ScholarDigital Library
- K. R. M. Leino. Dafny: An Automatic Program Verifier for Functional Correctness. In International Conference on Logic for Programming Artificial Intelligence and Reasoning, 2010. Google ScholarCross Ref
- V. B. Livshits and M. S. Lam. Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs. In Proceedings of the 9th European Software Engineering Conference, ESEC '11, 2003. Google ScholarDigital Library
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '05, 2005. Google ScholarDigital Library
- C. D. Manning and H. Schütze. Foundations of Statistical Natural Language Processing. MIT Press, 1999.Google ScholarDigital Library
- H. Mao, M. Alizadeh, I. Menache, and S. Kandula. Resource Management with Deep Reinforcement Learning. In Proceedings of the 15th ACM Workshop on Hot Topics in Networks, HotNets '16, 2016. Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate Language and Tools for Analysis and Transformation of C prhttps://www.readcube.com/homeograms. In CC, 2002.Google ScholarDigital Library
- R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. WHYPER: Towards Automating Risk Assessment of Mobile Applications. In USENIX security, 2013.Google ScholarDigital Library
- L. Pedrosa, A. Fogel, N. Kothari, R. Govindan, R. Mahajan, and T. Millstein. Analyzing protocol implementations for interoperability. In NSDI, 2015.Google ScholarDigital Library
- H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using Probabilistic Generative Models for Ranking Risks of Android Apps. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, 2012. Google ScholarDigital Library
- Z. Qu, V. Rastogi, X. Zhang, Y. Chen, T. Zhu, and Z. Chen. Autocog: Measuring the Description-to-permission Fidelity in Android Applications. In ACM CCS, 2014.Google ScholarDigital Library
- A. Quinn, D. Devecsery, P. M. Chen, and J. Flinn. JetStream: Cluster-scale Parallelization of Information Flow Queries. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI '16, 2016.Google Scholar
- D. A. Ramos and D. R. Engler. Under-Constrained Symbolic Execution: Correctness Checking for Real Code. In USENIX Security Symposium, 2015.Google Scholar
- T. Reps, S. Horwitz, and M. Sagiv. Precise Interprocedural Dataflow Analysis via Graph Reachability. In Proceedings of the 22Nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '95, 1995. Google ScholarDigital Library
- R. Saint-Germain. Information Security Management Best Practice Based on ISO/IEC 17799. ARMA International Information Management, 2005.Google Scholar
- R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based Access Control Models. IEEE Computer, 1996.Google ScholarDigital Library
- J. Saxe and K. Berlin. Deep Neural Network Based Malware Detection Using Two Dimensional Binary Program Features. In Proceedings of the 10th International Conference on Malicious and Unwanted Software, MALWARE '15, 2015. Google ScholarDigital Library
- E. C. R. Shin, D. Song, and R. Moazzezi. Recognizing Functions in Binaries with Neural Networks. In Proceedings of the 24th USENIX Conference on Security Symposium, SEC '15, 2015.Google ScholarDigital Library
- Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, and G. Vigna. SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis. In IEEE Symposium on Security and Privacy, 2016.Google ScholarCross Ref
- Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, and G. Vigna. SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis. In Proceedings of the 2016 IEEE Symposium on Security and Privacy, SP '16, 2016. Google ScholarCross Ref
- R. Socher, Y. Bengio, and C. D. Manning. Deep Learning for NLP (Without Magic). In Tutorial Abstracts of ACL 2012, ACL '12, 2012.Google ScholarDigital Library
- R. Sommer and V. Paxson. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP '10, 2010. Google ScholarDigital Library
- D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. BitBlaze: A New Approach to Computer Security via Binary Analysis. In Information systems security, 2008. Google ScholarDigital Library
- Y. Sui and J. Xue. SVF: Interprocedural Static Value-flow Analysis in LLVM. In Proceedings of the 25th International Conference on Compiler Construction, CC 2016, 2016. Google ScholarDigital Library
- H. Theiling. Extracting safe and precise control flow from binaries. In Proceedings of the 7th International Workshop on Real-Time Computing and Applications Symposium, RTCSA 2000, 2000. Google ScholarCross Ref
- D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. In NDSS, 2000.Google Scholar
- R. Wang, W. Enck, D. Reeves, X. Zhang, P. Ning, D. Xu, W. Zhou, and A. M. Azab. EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-scale Semi-Supervised Learning. In Proceedings of the 24th USENIX Conference on Security Symposium, SEC'15, 2015.Google Scholar
- S. Wang, P. Wang, and D. Wu. Reassembleable Disassembling. In Proceedings of the 24th USENIX Conference on Security Symposium, SEC '15, 2015.Google Scholar
- S. Wang, P. Wang, and D. Wu. UROBOROS: Instrumenting Stripped Binaries with Static Reassembling. In Proceedings of the 23rd International Conference on Software Analysis, Evolution, and Reengineering, SANER '16, 2016. Google ScholarCross Ref
- T. Xu, X. Jin, P. Huang, Y. Zhou, S. Lu, L. Jin, and S. Pasupathy. Early Detection of Configuration Errors to Reduce Failure Damage. In OSDI, 2016.Google Scholar
- E. Yuan and J. Tong. Attributed based Access Control (ABAC) for Web Services. In IEEE ICWS, 2005.Google ScholarDigital Library
- W. Zhang, J. Lim, R. Olichandran, J. Scherpelz, G. Jin, S. Lu, and T. Reps. ConSeq: Detecting Concurrency Bugs Through Sequential Errors. In ACM SIGPLAN Notices, 2011.Google ScholarDigital Library
- Z. Zhu and T. Dumitras. FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS '16, 2016. Google ScholarDigital Library
Index Terms
- An Initial Investigation of Protocol Customization
Recommendations
A security architecture to protect against the insider threat from damage, fraud and theft
CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and StrategiesThe insider threat poses a significant and increasing problem for organizations. This is shown by the regular stories of fraud and data loss reported daily in the media in the US and elsewhere. There is a need to provide systematic protection from ...
QoS customization in distributed object systems
Special issue: MiddlewareApplications built on networked collections of computers are increasingly using distributed object platforms such as CORBA, Java Remote Method Invocation (RMI), and DCOM to standardize object interactions. With this increased use comes the increased ...
A framework for customizing coherence protocols of distributed file caches
ICDCS '96: Proceedings of the 16th International Conference on Distributed Computing Systems (ICDCS '96)In cooperative applications such as group CAD and group software development systems, multiple processes communicate with each other by sharing complex data structures consisting of nested structures and pointers. Although the sharing of complex data ...
Comments