“Using Attack Injection on Closed Protocols”
in Fast Abstract in Supplement of the International Conference on Dependable Systems and Networks (DSN'10), Jun. 2010.
Abstract: Many network servers rely on the correctness and security of closed protocols. However, the unavailability of the protocol specification hinders any attempt to adequately test the implementations of that protocol. The paper addresses this problem by complementing an attack injection methodology with a protocol reverse engineering component. We introduce a new approach to automatically infer the message formats and the protocol state machine based only on network traces, without requiring access to the source code or binaries.