18 research outputs found
Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks
Embedded Network Stacks (ENS) enable low-resource devices to communicate with
the outside world, facilitating the development of the Internet of Things and
Cyber-Physical Systems. Some defects in ENS are thus high-severity
cybersecurity vulnerabilities: they are remotely triggerable and can impact the
physical world. While prior research has shed light on the characteristics of
defects in many classes of software systems, no study has described the
properties of ENS defects nor identified a systematic technique to expose them.
The most common automated approach to detecting ENS defects is feedback-driven
randomized dynamic analysis ("fuzzing"), a costly and unpredictable technique.
This paper provides the first systematic characterization of cybersecurity
vulnerabilities in ENS. We analyzed 61 vulnerabilities across 6 open-source
ENS. Most of these ENS defects are concentrated in the transport and network
layers of the network stack, require reaching different states in the network
protocol, and can be triggered by only 1-2 modifications to a single packet. We
therefore propose a novel systematic testing framework that focuses on the
transport and network layers, uses seeds that cover a network protocol's
states, and systematically modifies packet fields. We evaluated this framework
on 4 ENS and replicated 12 of the 14 reported IP/TCP/UDP vulnerabilities. On
recent versions of these ENSs, it discovered 7 novel defects (6 assigned CVES)
during a bounded systematic test that covered all protocol states and made up
to 3 modifications per packet. We found defects in 3 of the 4 ENS we tested
that had not been found by prior fuzzing research. Our results suggest that
fuzzing should be deferred until after systematic testing is employed.Comment: 12 pages, 3 figures, to be published in the 38th IEEE/ACM
International Conference on Automated Software Engineering (ASE 2023
Recommended from our members
Protecting Smart Devices from the Bottom-up
Modern systems are mainly composed of IoT devices and Smartphones.Most of these devices use ARM processors, which, along with flexiblelicensing, have new security architecture features, such as ARMTrustZone, that enables execution of a secure application in anuntrusted environment. Furthermore, with well-supported, extensible,open-source embedded operating systems like Android allows themanufactures to quickly customize their operating system with devicedrivers, thus reducing the time-to-market.Unfortunately, the proliferation of device vendors and race to the market has resulted in poor quality device drivers containing criticalsecurity vulnerabilities. Furthermore, the patches for thesevulnerabilities get merged into the end-products with a significantdelay resulting in the Patch Gap, which causes privacy andsecurity of billions of users to be at risk.In this dissertation, I will show how the new architecture features can leadto security issues by introducing new attack vectors.Second, I will show that the existing techniques are inadequate to find the security issues in Linux kernel drivers and how, with certain well-defined optimizations, we canprecisely find security issues.Third, I will present my solution to the problem of Patch Gap byshowing a principled approach to automatically port patches to vendor productrepositories.Finally, I will present our on-going work to automatically port C toChecked C, which provides a low overhead, backward-compatible, andmemory-safe C alternative that could be used on resource-constrained modern systems to prevent security vulnerabilities.Through this work, I presented effective ways to find, fix, propagate, and prevent vulnerabilities in modern system software, thus improving modern systems security
Recommended from our members
Protecting Smart Devices from the Bottom-Up
Modern systems are mainly composed of IoT devices and Smartphones. Most of these devices use ARM processors, which, along with flexible licensing, have new security architecture features, such as ARM TrustZone, that enables execution of a secure application in an untrusted environment. Furthermore, with well-supported, extensible, open-source embedded operating systems like Android allows the manufactures to quickly customize their operating system with device drivers, thus reducing the time-to-market. Unfortunately, the proliferation of device vendors and race to the market has resulted in poor quality device drivers containing critical security vulnerabilities. Furthermore, the patches for these vulnerabilities get merged into the end-products with a significant delay resulting in the Patch Gap, which causes privacy and security of billions of users to be at risk. In this dissertation, I will show how the new architecture features can lead to security issues by introducing new attack vectors. Second, I will show that the existing techniques are inadequate to find the security issues in Linux kernel drivers and how, with certain well-defined optimizations, we can precisely find security issues. Third, I will present my solution to the problem of Patch Gap by showing a principled approach to automatically port patches to vendor product repositories. Finally, I will present our on-going work to automatically port C to Checked C, which provides a low overhead, backward-compatible, and memory-safe C alternative that could be used on resource-constrained modern systems to prevent security vulnerabilities. Through this work, I presented effective ways to find, fix, propagate, and prevent vulnerabilities in modern system software, thus improving modern systems security
Dynodroid: An Input Generation System for Android Apps
We present a system Dynodroid for generating relevant inputs to unmodified Android apps. Dynodroid views an app as an event-driven program that interacts with its environment by means of a sequence of events through the Android framework. By instrumenting the framework once and for all, Dynodroid monitors the reaction of an app upon each event in a lightweight manner, using it to guide the generation of the next event to the app. Dynodroid also allows interleaving events from machines, which are better at generating a large number of simple inputs, with events from humans, who are better at providing intelligent inputs. We evaluated Dynodroid on 50 open-source Android apps, and compared it with two prevalent approaches: users manually exercising apps, and Monkey, a popular fuzzing tool. Dynodroid, humans, and Monkey covered 55%, 60%, and 53%, respectively, of each app’s Java source code on average. Monkey took 20X more events on average than Dynodroid. Dynodroid also found 9 bugs in 7 of the 50 apps, and 6 bugs in 5 of the top 1,000 free apps on Google Play. 1
Toward a Secure Crowdsourced Location Tracking System
Low-energy Bluetooth devices have become ubiquitous and widely used for different applications. Among these, Bluetooth trackers are becoming popular as they allow users to track the location of their physical objects. To do so, Bluetooth trackers are often built-in within other commercial products connected to a larger crowdsourced tracking system. Such a system, however, can pose a threat to the security and privacy of the users, for instance, by revealing the location of a user's valuable object. In this paper, we introduce a set of security properties and investigate the state of commercial crowdsourced tracking systems, which present common design flaws that make them insecure. Leveraging the results of our investigation, we propose a new design for a secure crowdsourced tracking system (SECrow), which allows devices to leverage the benefits of the crowdsourced model without sacrificing security and privacy. Our preliminary evaluation shows that SECrow is a practical, secure, and effective crowdsourced tracking solutio