Visible to the public EAGER: Improving Protocol Vulnerability Discovery via Semantic Interpretation of Textual SpecificationsConflict Detection Enabled

Project Details

Performance Period

Sep 01, 2016 - Aug 31, 2017

Institution(s)

Northeastern University

Award Number


Outcomes Report URL


Two methods used for vulnerability discovery in network protocols are testing and a semi-automated technique called model checking. Testing and model checking implementations of network protocols is a tedious and time-consuming task, where significant manual effort goes into designing test cases and protocol property specifications. Both approaches require detailed and structured information about the tested protocols, in the form of messages, state machine, invariants, etc. Most of the time this information is derived manually by people with different levels of expertise. The process can be made more effective and less expensive by leveraging documentation and specification about these protocols and available in text format. Automatically analyzing the information available in documentations in the form of textual specification will open new avenues not only for improving vulnerability finding for network protocols, but for software design in general.

This project combines expertise from natural language processing and network security to create and build a framework for vulnerability discovery in network protocols, by leveraging semantic interpretation of textual specification, automated attack generation and injection, and property model checking for software implementations. The framework consists of two phases, a knowledge building phase and a vulnerability finding phase. In the knowledge building phase, semantic interpretation natural language processing techniques is applied to structured text (protocol specifications and documentation) and unstructured text (blogs, forums, and bug reports) to learn structured information about protocols such as: message formats, protocol state machine, constraints, etc. In the second phase, the information learned in the knowledge phase is applied to two mechanisms for vulnerability finding, the first uses the structured protocol information to create and inject attacks, and the second uses the same information to derive protocol requirements and use them to model check finite state machines extracted from protocol implementations.