Skip to main content
Book cover

International Conference on Computer Safety, Reliability, and Security

SAFECOMP 2020: Computer Safety, Reliability, and Security pp 133–149Cite as

Automated Attacker Synthesis for Distributed Protocols

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 12234)

Abstract

Distributed protocols should be robust to both benign malfunction (e.g. packet loss or delay) and attacks (e.g. message replay). In this paper we take a formal approach to the automated synthesis of attackers, i.e. adversarial processes that can cause the protocol to malfunction. Specifically, given a formal threat model capturing the distributed protocol model and network topology, as well as the placement, goals, and interface of potential attackers, we automatically synthesize an attacker. We formalize four attacker synthesis problems - across attackers that always succeed versus those that sometimes fail, and attackers that may attack forever versus those that may not - and we propose algorithmic solutions to two of them. We report on a prototype implementation called Korg and its application to TCP as a case-study. Our experiments show that Korg can automatically generate well-known attacks for TCP within seconds or minutes.

Keywords

  • Synthesis
  • Security
  • Distributed protocols

This is a preview of subscription content, access via your institution.

Chapter
EUR   29.95
Price includes VAT (Finland)
  • DOI: 10.1007/978-3-030-54549-9_9
  • Chapter length: 17 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
EUR   71.68
Price includes VAT (Finland)
  • ISBN: 978-3-030-54549-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
EUR   93.49
Price includes VAT (Finland)
Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.

Notes

  1. 1.

    http://github.com/maxvonhippel/AttackerSynthesis.

References

  1. Alur, R., Tripakis, S.: Automatic synthesis of distributed protocols. SIGACT News 48(1), 55–90 (2017)

    CrossRef  MathSciNet  Google Scholar 

  2. Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008)

    MATH  Google Scholar 

  3. Bang, L., Rosner, N., Bultan, T.: Online synthesis of adaptive side-channel attacks based on noisy observations. In: 2018 IEEE European Symposium on Security and Privacy, pp. 307–322. IEEE (2018)

    Google Scholar 

  4. Barthe, G., Dupressoir, F., Fouque, P.A., Grégoire, B., Zapalowicz, J.C.: Synthesis of fault attacks on cryptographic implementations. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1016–1027 (2014)

    Google Scholar 

  5. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop, pp. 82–96. IEEE Computer Society, Cape Breton (2001)

    Google Scholar 

  6. Branco, R., Hu, K., Kawakami, H., Sun, K.: A mathematical modeling of exploitations and mitigation techniques using set theory. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 323–328. IEEE (2018)

    Google Scholar 

  7. Bratus, S., Locasto, M.E., Patterson, M.L., Sassaman, L., Shubina, A.: Exploit programming: from buffer overflows to weird machines and theory of computation. USENIX Login 36(6), 13–21 (2011)

    Google Scholar 

  8. Cho, C.Y., Babic, D., Poosankam, P., Chen, K.Z., Wu, E.X., Song, D.: MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery. In: USENIX Security Symposium, vol. 139 (2011)

    Google Scholar 

  9. Chong, S., et al.: Report on the NSF workshop on formal methods for security (2016)

    Google Scholar 

  10. Church, A.: Application of recursive arithmetic to the problem of circuit synthesis (1957). https://doi.org/10.2307/2271310

  11. Dijkstra, E.W., et al.: Notes on structured programming (1970). http://www.cs.utexas.edu/users/EWD/ewd02xx/EWD249.PDF. Accessed 11 May 2020

  12. Duran, J.W., Ntafos, S.: A report on random testing. In: Proceedings of the 5th International Conference on Software Engineering, pp. 179–183. IEEE Press (1981)

    Google Scholar 

  13. Friedrichs, O.: A simple TCP spoofing attack (1997). http://citi.umich.edu/u/provos/papers/secnet-spoof.txt. Accessed 3 Jan 2020

  14. von Hippel, M., Vick, C., Tripakis, S., Nita-Rotaru, C.: Automated attacker synthesis for distributed protocols (2020). arXiv preprint arXiv:2004.01220

  15. Holzmann, G.: The Spin Model Checker. Addison-Wesley, Boston (2003)

    Google Scholar 

  16. Hoque, E., Chowdhury, O., Chau, S.Y., Nita-Rotaru, C., Li, N.: Analyzing operational behavior of stateful protocol implementations for detecting semantic bugs. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 627–638. IEEE (2017)

    Google Scholar 

  17. Huang, S.K., Huang, M.H., Huang, P.Y., Lai, C.W., Lu, H.L., Leong, W.M.: Crax: software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations. In: 2012 IEEE Sixth International Conference on Software Security and Reliability, pp. 78–87. IEEE (2012)

    Google Scholar 

  18. Huang, Z., Etigowni, S., Garcia, L., Mitra, S., Zonouz, S.: Algorithmic attack synthesis using hybrid dynamics of power grid critical infrastructures. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 151–162. IEEE (2018)

    Google Scholar 

  19. Jero, S., Lee, H., Nita-Rotaru, C.: Leveraging state information for automated attack discovery in transport protocol implementations. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 1–12. IEEE (2015)

    Google Scholar 

  20. Kang, E., Lafortune, S., Tripakis, S.: Automated synthesis of secure platform mappings. In: Dillig, I., Tasiran, S. (eds.) CAV 2019. LNCS, vol. 11561, pp. 219–237. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25540-4_12

    CrossRef  Google Scholar 

  21. Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I., Burschka, S.: Generating mimicry attacks using genetic programming: a benchmarking study. In: 2009 IEEE Symposium on Computational Intelligence in Cyber Security, pp. 136–143. IEEE (2009)

    Google Scholar 

  22. Klaška, D., Kučera, A., Lamser, T., Řehák, V.: Automatic synthesis of efficient regular strategies in adversarial patrolling games. In: Proceedings of the 17th International Conference on Autonomous Agents and MultiAgent Systems, pp. 659–666. International Foundation for Autonomous Agents and Multiagent Systems (2018)

    Google Scholar 

  23. Lin, L., Zhu, Y., Su, R.: Synthesis of actuator attackers for free (2019). arXiv preprint arXiv:1904.10159

  24. McMillan, K.L., Zuck, L.D.: Formal specification and testing of QUIC. In: Proceedings of the ACM Special Interest Group on Data Communication, pp. 227–240. ACM (2019)

    Google Scholar 

  25. Meira-Góes, R., Kwong, R., Lafortune, S.: Synthesis of sensor deception attacks for systems modeled as probabilistic automata. In: 2019 American Control Conference, pp. 5620–5626. IEEE (2019)

    Google Scholar 

  26. Myers, G.J.: The Art of Software Testing. John Wiley & Sons, Hoboken (1979)

    Google Scholar 

  27. Phan, Q.S., Bang, L., Pasareanu, C.S., Malacaria, P., Bultan, T.: Synthesis of adaptive side-channel attacks. In: 2017 IEEE 30th Computer Security Foundations Symposium, pp. 328–342. IEEE (2017)

    Google Scholar 

  28. Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, pp. 46–57. IEEE (1977)

    Google Scholar 

  29. Postel, J., et al.: Rfc 793 Transmission Control Protocol (1981)

    Google Scholar 

  30. Srivastava, H., Dwivedi, K., Pankaj, P.K., Tewari, V.: A formal attack centric framework highlighting expected losses of an information security breach. Int. J. Comput. Appl. 68(17), 26–31 (2013)

    Google Scholar 

  31. @henryouly: [Solved] TCP connection blocked in SYN\_SENT status (2007). https://bbs.archlinux.org/viewtopic.php?id=33875. Accessed 3 Jan 2020

  32. Trippel, C., Lustig, D., Martonosi, M.: Security verification via automatic hardware-aware exploit synthesis: the CheckMate approach. IEEE Micro 39(3), 84–93 (2019)

    CrossRef  Google Scholar 

  33. Valizadeh, S., van Dijk, M.: Toward a theory of cyber attacks (2019). arXiv preprint arXiv:1901.01598

  34. Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: The game of “stealthy takeover”. J. Cryptol. 26(4), 655–713 (2013)

    CrossRef  MathSciNet  Google Scholar 

  35. Vardi, M.Y., Wolper, P.: An automata-theoretic approach to automatic program verification. In: Proceedings of the First Symposium on Logic in Computer Science, pp. 322–331. IEEE Computer Society (1986)

    Google Scholar 

  36. Vasilevskaya, M., Nadjm-Tehrani, S.: Quantifying risks to data assets using formal metrics in embedded system design. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 347–361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24255-2_25

    CrossRef  Google Scholar 

  37. Wideł, W., Audinot, M., Fila, B., Pinchinat, S.: Beyond 2014: formal methods for attack tree-based security modeling. ACM Comput. Surv. 52(4), 1–36 (2019)

    CrossRef  Google Scholar 

  38. You, W., et al.: Semfuzz: semantics-based automatic generation of proof-of-concept exploits. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2139–2154 (2017)

    Google Scholar 

  39. Yuan, Y., Moon, S.J., Uppal, S., Jia, L., Sekar, V.: NetSMC: a custom symbolic model checker for stateful network verification. In: 17th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, Santa Clara (2020)

    Google Scholar 

Download references

Acknowledgments

This material is based upon work supported by the National Science Foundation under NSF SaTC award CNS-1801546. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. The authors thank four anonymous reviewers. Additionally, the first author thanks Benjamin Quiring, Dr. Ming Li, and Dr. Frank von Hippel.

Author information

Authors and Affiliations

  1. Northeastern University, Boston, MA, 02118, USA

    Max von Hippel, Cole Vick, Stavros Tripakis & Cristina Nita-Rotaru

Authors
  1. Max von Hippel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cole Vick
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stavros Tripakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Cristina Nita-Rotaru
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Max von Hippel , Stavros Tripakis or Cristina Nita-Rotaru .

Editor information

Editors and Affiliations

  1. University of Lisbon, Lisbon, Portugal

    António Casimiro

  2. Otto-von-Guericke University, Magdeburg, Germany

    Frank Ortmeier

  3. Thales Deutschland GmbH, Ditzingen, Germany

    Friedemann Bitsch

  4. University of Lisbon, Lisbon, Portugal

    Pedro Ferreira

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

von Hippel, M., Vick, C., Tripakis, S., Nita-Rotaru, C. (2020). Automated Attacker Synthesis for Distributed Protocols. In: Casimiro, A., Ortmeier, F., Bitsch, F., Ferreira, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2020. Lecture Notes in Computer Science(), vol 12234. Springer, Cham. https://doi.org/10.1007/978-3-030-54549-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-54549-9_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-54548-2

  • Online ISBN: 978-3-030-54549-9

  • eBook Packages: Computer ScienceComputer Science (R0)