an initial investigation of protocol customization
play

An Initial Investigation of Protocol Customization David Ke Hong , - PowerPoint PPT Presentation

Dec 30, 2023 •258 likes •420 views

An Initial Investigation of Protocol Customization David Ke Hong , Qi Alfred Chen, Z. Morley Mao University of Michigan Todays protocols are feature-rich Widely-used protocols contain a rich set of features and extensions Around

  1. An Initial Investigation of Protocol Customization David Ke Hong , Qi Alfred Chen, Z. Morley Mao University of Michigan

  2. Today’s protocols are feature-rich • Widely-used protocols contain a rich set of features and extensions – Around 15 extensions for the functionality provided by the TLS protocol message formats – Different usage scenarios • TCP extensions – Performance consideration • Various HTTP/2 features – Implemented as a one-size-fits-all library 2

  3. Vulnerabilities caused by unnecessary features • Not all features are desirable in a particular deployment scenario, and unused features enlarge attack surface – HeartBleed attack caused by an implementation flaw in TLS/DTLS heartbeat extension • Optional in many deployment scenarios – FREAK attack exploiting weak RSA_EXPORT cipher suites • Stronger cipher suites already available 3

  4. Protocol Customization • Modify and specialize a standard protocol to enable only desirable features • Compile-time disabling – 97 OpenSSL_NO* compiler flags • Runtime disabling or parameter tuning – mod_* parameters for module disabling 4

  5. Existing customization practices • Existing customization practices are ad-hoc – Often relying on configurations offered by the protocol implementation • Case study – Per-feature disabling on HTTP/2 features is not supported in Apache HTTP server – HPACK bomb vulnerability (CVE-2016-1544, CVE-2016-6581) • Developer failed to cover this customization option 5

  6. Systematic way of protocol customization is needed • Call for a systematic approach to overcome existing limitations – Minimizing human efforts and errors – Covering customization on important features – Supporting customization of fine-grained features • Question: can we systematically customize a standard protocol to reduce its attack surface with sufficient automation? 6

  7. Solution direction • Protocol feature access control – A systematic framework to unify common protocol customization practices – Access control resource: protocol feature – Two types of access control policy • Feature disabling policy • Feature tuning policy – Validation : 17 out of 20 CVE patches can be expressed by feature disabling or tuning policy 7

  8. Access control example: HeartBeat • To prevent HeartBleed vulnerability OpenSSL protocol entry Feature access control policy configuration Feature 1 Execution permitted Feature 1 Access policy: allowed T Execution permitted when Feature 2 len(RequestEchoBytes) < 1500 Feature 2 Access policy: tuning Tuning policy: Length of requested echo bytes < 1500 X Feature 3 Execution denied Feature 3 Access policy: disabling 8

  9. Research challenges • How to systematically identify features and locate its code-level implementation – Bridging the gap between user-level and code- level features • Natural language processing • Deep neural networks – Systematically locating code-level feature- related implementation • Control and data flow analysis 9

  10. Research challenges • How to effectively support diverse types of protocol customization with minimized manual efforts – Enforcing policies without assuming that the code base structure is ready for customization by design • Control and data flow analysis – Supporting feature disabling and tuning policy • Control and data flow analysis • Symbolic execution 10

  11. Preliminary system design Input: features to be customized, protocol software 11

  12. Preliminary system design Input: features to be customized, protocol software 12

  13. Limitation • Protocol customization alone is insufficient in addressing some vulnerability cases – Vulnerability related to core functionality that requires significant change to the details of a protocol feature • TLS vulnerability caused by the weakness in key generation 13

  14. Summary Perform an initial investigation of protocol customization for reducing attack surface of a standard protocol – Identify key research challenges for systematic and sufficiently automated protocol customization – Propose an access control mechanism to unify existing protocol customization practices Future work – Feature identification using NLP techniques – Feature access control: more detailed design and impl. 14

  15. Thank you! • Questions? 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AEATF-II Mop Study: Supplemental Slides 1 Initial Protocol Review Milestones Jan 08 GPL

AEATF-II Mop Study: Supplemental Slides 1 Initial Protocol Review Milestones Jan 08 GPL

AEATF-II Mop Study: Supplemental Slides 1 Initial Protocol Review Milestones Jan 08 GPL submits protocol packages to IIRB and CDPR 22 Jan 08 IIRB approves protocol, consent form, recruiting flyer, and recruiting scripts 25 Feb 08 Approved

436 views • 9 slides
Dasha Maliauskaya, Rakan AlZagha, and Wendy Salto Initial Research on Marco Investigation of

Dasha Maliauskaya, Rakan AlZagha, and Wendy Salto Initial Research on Marco Investigation of

Dasha Maliauskaya, Rakan AlZagha, and Wendy Salto Initial Research on Marco Investigation of Mirco Investigation on Creating infographics using the Connecticut and Connecticut School selected schools in most important information and

3.74k views • 35 slides
Initial Investigation into the Psychoacoustic Properties of Small Unmanned Aerial System Noise

Initial Investigation into the Psychoacoustic Properties of Small Unmanned Aerial System Noise

Initial Investigation into the Psychoacoustic Properties of Small Unmanned Aerial System Noise Andrew Christian and Randolph Cabell Structural Acoustics Branch NASA Langley Research Center Presented at DATAWorks 2018 The D efense and A

773 views • 32 slides
Network slicing: industrialization of network customization? Christian Destr, Orange Labs

Network slicing: industrialization of network customization? Christian Destr, Orange Labs

Network slicing: industrialization of network customization? Christian Destr, Orange Labs Networks 2 Interne Orange To enable mass customization Few possible versions Options to be added after factory production Very few customization at

551 views • 25 slides
OUTBREAK INVESTIGATION FORM STEPS OF AN INVESTIGATION 1. Verify the diagnosis; identify the

OUTBREAK INVESTIGATION FORM STEPS OF AN INVESTIGATION 1. Verify the diagnosis; identify the

OUTBREAK INVESTIGATION FORM STEPS OF AN INVESTIGATION 1. Verify the diagnosis; identify the agent. Describe the initial magnitude of the problem and what symptoms got the facility's attention. What diagnosis has been established? What agent

225 views • 4 slides
Initial Investigation of Petroleum Systems of the Permian Basin, USA Ronald J. Hill 1 , Dan Jarvie

Initial Investigation of Petroleum Systems of the Permian Basin, USA Ronald J. Hill 1 , Dan Jarvie

Initial Investigation of Petroleum Systems of the Permian Basin, USA Ronald J. Hill 1 , Dan Jarvie 2 , Brenda Claxton 2 , Jack Burgess 2 and Jack Williams 3 1 United States Geological Survey Box 25046, MS 977 Denver, CO 80225 2 Humble Geochemical

573 views • 19 slides
Pimp Your Linux (System Customization) Mark Repka RITLug, Week 8 Customization! What can we do?

Pimp Your Linux (System Customization) Mark Repka RITLug, Week 8 Customization! What can we do?

Pimp Your Linux (System Customization) Mark Repka RITLug, Week 8 Customization! What can we do? One of the biggest selling points of Linux Change your desktop environment! Change the wallpaper (duh) Change the theme!

543 views • 21 slides
Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message

Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message

Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message Body Session information describing the media to be exchanged between the parties SDP, RFC 2327 (initial publication) A number of

671 views • 21 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
Case Investigation of Avian in Southeast Asia Influenza Overview Initiating an investigation

Case Investigation of Avian in Southeast Asia Influenza Overview Initiating an investigation

Rapid Response Team Training 1 Case Investigation of Avian in Southeast Asia Influenza Overview Initiating an investigation Pre-investigation activities Investigation Recordkeeping and reporting Post-investigation activities

1.24k views • 86 slides
Bell Schedule 2020-21 Initial Data Initial Data Initial Data Initial

Bell Schedule 2020-21 Initial Data Initial Data Initial Data Initial

Bell Schedule 2020-21 Initial Data Initial Data Initial Data Initial Data Process SPACE Framework Problem Unhealthy Students Goal Action Plan

467 views • 31 slides
Lecture 4 Approach Langtons Investigation Investigate 1D CAs with: random transition

Lecture 4 Approach Langtons Investigation Investigate 1D CAs with: random transition

Part 2: Cellular Automata 8/27/04 Lecture 4 Approach Langtons Investigation Investigate 1D CAs with: random transition rules Under what conditions can we expect a starting in random initial states complex dynamics of

162 views • 12 slides
MACAW : A Media Access Based on MACA, a Multiple Access Collision Protocol for Wireless

MACAW : A Media Access Based on MACA, a Multiple Access Collision Protocol for Wireless

Introduction MACAW : A Media Access Based on MACA, a Multiple Access Collision Protocol for Wireless LANs Avoidance protocol. Initial attempt to deal with WLAN challenges. Four key main observations: The relevant contention is

393 views • 5 slides
Re-ECN: Adding Accountability for Causing Congestion to TCP/IP Bob Briscoe , BT &amp; UCL Arnaud

Re-ECN: Adding Accountability for Causing Congestion to TCP/IP Bob Briscoe , BT &amp; UCL Arnaud

Re-ECN: Adding Accountability for Causing Congestion to TCP/IP Bob Briscoe , BT &amp; UCL Arnaud Jacquet, BT Alessandro Salvatori, BT IETF-64 tsvwg Nov 2005 context context context context initial draft protocol protocol protocol

298 views • 25 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator shall establish procedures for analyzing accidents and failures, including the selection of samples of the failed facility or equipment for

948 views • 55 slides
Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work

Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work

Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work with: Joint work with: Kasper Rasmussen, Benedikt Schmidt, Srdjan Capkun Kasper Rasmussen, Benedikt Schmidt, Srdjan Capkun Distance Bounding 2

370 views • 16 slides
Fair Exchange Protocols Steve Kremer and Mark Ryan Fair Exchnage Protocols p.1 Examples of

Fair Exchange Protocols Steve Kremer and Mark Ryan Fair Exchnage Protocols p.1 Examples of

Fair Exchange Protocols Steve Kremer and Mark Ryan Fair Exchnage Protocols p.1 Examples of fair exchange protocols Electronic purchase of goods exchange of an electronic item against an electronic payment Digital contract signing exchange

353 views • 20 slides
NFS-RODS: A Tool for Accessing iRODS via the NFS Protocol Presenter: Danilo Oliveira -

NFS-RODS: A Tool for Accessing iRODS via the NFS Protocol Presenter: Danilo Oliveira -

NFS-RODS: A Tool for Accessing iRODS via the NFS Protocol Presenter: Danilo Oliveira - dmo4@cin.ufpe.br D.Oliveira, I. F, A. Lobo Jr., F. Silva, G. Stephen Worth Jason Coposky Callou, V. Alves, P. Maciel EMC Corporation iRODS Consortium

645 views • 26 slides
ISDA IBOR Fallbacks July 2018 IBOR Fallbacks: Background Per the request of the FSB OSSG in

ISDA IBOR Fallbacks July 2018 IBOR Fallbacks: Background Per the request of the FSB OSSG in

ISDA IBOR Fallbacks July 2018 IBOR Fallbacks: Background Per the request of the FSB OSSG in 2016, ISDA will amend the 2006 ISDA Definitions to implement fallbacks for: LIBOR in USD, GBP, JPY, CHF and EUR; EURIBOR, JPY TIBOR, Euroyen TIBOR,

317 views • 6 slides
MLTI Advisory Board Meeting #6 June 12 th , 2020 Beth Lambert, Team Lead Deb Lajoie, Project

MLTI Advisory Board Meeting #6 June 12 th , 2020 Beth Lambert, Team Lead Deb Lajoie, Project

MLTI Advisory Board Meeting #6 June 12 th , 2020 Beth Lambert, Team Lead Deb Lajoie, Project Manager Jordan Dean, Office Specialist Brandi Cota, Management Analyst Jon Graham, Elementary Digital Learning Specialist Emma Banks, Secondary Digital

379 views • 15 slides
Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+ 1 May 2019 1 / 15 Zero Knowledge [GoldwasserMicaliRackoff85] Zero-knowledge (interactive) proof for language L : allows a prover P to

1.21k views • 89 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Authentication

799 views • 59 slides

More recommend