kneecap
play

Kneecap model-based generation of network traf fj c - PowerPoint PPT Presentation

Aug 26, 2023 •351 likes •609 views

Kneecap model-based generation of network traf fj c http://github.com/niksu/kneecap Nik Sultana SMT2016, 2nd July Why craft packets To evaluate: Behaviour (and security) Performance of software, hardware, and their configuration

  1. Kneecap model-based generation of network traf fj c http://github.com/niksu/kneecap Nik Sultana 
 SMT2016, 2nd July

  2. Why craft packets To evaluate: • Behaviour (and security) • Performance of software, hardware, and their configuration

  3. TCP Header Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Control Bits: 6 bits (from left to right): | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ URG: Urgent Pointer field significant | Data | |U|A|P|R|S|F| | ACK: Acknowledgment field significant | Offset| Reserved |R|C|S|S|Y|I| Window | PSH: Push Function | | |G|K|H|T|N|N| | RST: Reset the connection +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ SYN: Synchronize sequence numbers | Checksum | Urgent Pointer | FIN: No more data from sender +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ from https://tools.ietf.org/html/rfc793

  4. https://en.wikipedia.org/wiki/File:Tcp_state_diagram_fixed_new.svg

  5. For example https://thepacketgeek.com/scapy-p-08-making-a-christmas-tree-packet/ https://en.wikipedia.org/wiki/Christmas_tree_packet

  6. Imperative style: Imperative style: assignment • use “For” loops for parameter • sweeping.

  7. Example goal spec <@ tcp.URG && tcp.PSH && tcp.FIN @>

  8. Goal Declarative style: use formulas Imperative style: • assignment • use “For” loops for parameter sweeping.

  9. Why make it declarative ? • Improved readability, convenience . • Better compositionality of specs. • Explore opportunity for better automated support . • Explore use of tools to provide such support.

  10. Packets as formulas 01 01 00 00 00 20 64 00 19 50 10 04 55 48 02 07 08 00 00 00 60 00 80 00 01 50 20 00 02 00 00 29 00 60 00 80 80 04 20 23 00 11 00 0d 85 42 00 10 24 00 41 02 04 00 08 44 02 42 00 02 50 40 00 04 = V 1 . V 2 . V 3 . V 4 . V 5 … V n 08 00 64 10 0c 81 20 40 01 04 00 20 00 20 c4 04 08 30 05 80 04 02 04 02 21 40 00 40 04 00 20 11 00 10 80 00 0a 00 02 00 00 00 10 24 00 00 00 80 & V 1 = 01 01 00 00 00 20 34 08 10 84 a2 a2 04 00 d0 01 00 86 38 40 02 80 00 01 47 00 00 10 08 00 00 40 15 04 41 00 10 02 & V 2 = 64 00 19 50 10 04 & V 3 = 55 48 02 07 … where |V 1 | = 48 |V 2 | = 48 |V 3 | = 32 …

  11. Packet formats as formulas 01 01 00 00 00 20 64 00 19 50 10 04 55 48 02 07 08 00 00 00 60 00 80 00 01 50 20 00 02 00 00 29 00 60 00 80 80 04 20 23 00 11 00 0d 85 42 00 10 24 00 41 02 04 00 08 44 02 42 00 02 50 40 00 04 ∈ V 1 . V 2 . V 3 . V 4 . V 5 … V n 08 00 64 10 0c 81 20 40 01 04 00 20 00 20 c4 04 08 30 05 80 04 02 04 02 21 40 00 40 04 00 20 11 00 10 80 00 0a 00 02 00 00 00 10 24 00 00 00 80 & V 1 ∈ P 1 34 08 10 84 a2 a2 04 00 d0 01 00 86 38 40 02 80 00 01 47 00 00 10 08 00 00 40 15 04 41 00 10 02 … & V n ∈ P n

  12. (Symbolic) Packet Packet Format ( ) ( ) pckt = V 1 . V 2 . V 3 . V 4 . V 5 … V n pckt = V 1 . V 2 . V 3 . V 4 . V 5 … V n & V 1 = 01 01 00 00 00 20 & P 1 (V 1 ) & V 2 = 64 00 19 50 10 04 & … & V 3 = 55 48 02 07 & P n (V n ) …

  13. Encapsulation

  14. Architecture Front-end tool Solver Packet Stack Model

  15. Translation

  16. Translation

  17. Interpreted constant Distinguished constant Literal

  18. Interpreted to literal

  19. Custom map to expr+constraint

  21. As bitvector formulas: ethernet (let ((a!1 (concat (concat (concat (concat range0 #x34) #x56) #x78) #x90))) (let ((a!2 (=> (not (= src_mac (concat a!1 wild1))) false))) (and (=> (= src_mac (concat a!1 wild1)) (= ethertype #x0800)) a!2 (or (= range0 #x0a) (= range0 #x01) (= range0 #x02) (= range0 #x03) (= range0 #x04) (= range0 #x05)))))

  22. Help How to influence the distribution of models?

  23. From earlier

  24. Feedback and pull-requests welcome. http://github.com/ niksu/kneecap

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Second Wednesdays | 1:00 2:15 pm ET www.fs.fed.us/research/urban-webinars This meeting is

Second Wednesdays | 1:00 2:15 pm ET www.fs.fed.us/research/urban-webinars This meeting is

Second Wednesdays | 1:00 2:15 pm ET www.fs.fed.us/research/urban-webinars This meeting is being recorded. If you do not wish to be recorded, please disconnect now. USDA is an equal opportunity provider and employer. NUCFAC H IGHLIGHTS : C

639 views • 17 slides
Why study computer networks? They are engineering marvels! Scalability, layered protocols,

Why study computer networks? They are engineering marvels! Scalability, layered protocols,

Why study computer networks? They are engineering marvels! Scalability, layered protocols, lots of 1: subtleties- worthy of study Introduction They are all around us! Understanding the nuts and bolts behind a technology you use

224 views • 9 slides
ICOS big data camp June 5-9, 2017 Co-sponsored by ICOS and MIDAS Who is everybody?

ICOS big data camp June 5-9, 2017 Co-sponsored by ICOS and MIDAS Who is everybody?

ICOS big data camp June 5-9, 2017 Co-sponsored by ICOS and MIDAS Who is everybody? Executive producer: ~ Teddy DeWitt Producers: ~ Jerry Davis, Cliff Lampe, Brian Noble, Jason Owen- Smith Code Concierges (CoCons): ~ Nivi Karki,

568 views • 56 slides
Sponsors and Benefactors Abbott Society Officers Exhibitors Educational Grants John Costouros,

Sponsors and Benefactors Abbott Society Officers Exhibitors Educational Grants John Costouros,

Jesse B. Jupiter, M.D. Department of Orthopaedic Surgery LeRoy C. Abbott Professor University of California, San Francisco The State of the Department orthosurg.ucsf.edu David R. Mauerhan, M.D. Thomas Parker Vail, M.D. Verne T.

348 views • 11 slides
#DevOpSec - Killing the buzz? Hello! im a security consultant at NCC Group. you can find

#DevOpSec - Killing the buzz? Hello! im a security consultant at NCC Group. you can find

#DevOpSec - Killing the buzz? Hello! im a security consultant at NCC Group. you can find me: on twitter as @rossja pretty much everywhere else as algorythm A special note about this presentation! anytime i include a

595 views • 46 slides
Objectives Objectives Review the magnitude of slips, trips &amp; falls within ASIT facilities

Objectives Objectives Review the magnitude of slips, trips &amp; falls within ASIT facilities

The Arkansas Self-Insurance Trust and Mike Johnson &amp; Associates present Preventing Slips, Trips &amp; Falls Todays Presenter: Darrell G. Toenjes, ARM, CHSP, CWCP Darrell G. Toenjes, ARM, CHSP, CWCP Healthcare Risk Management Consultant

396 views • 13 slides
MU MUSTANG ANGS MHS Administrative Staff Dr. Donna Richardson, Principal Ms. Janetta

MU MUSTANG ANGS MHS Administrative Staff Dr. Donna Richardson, Principal Ms. Janetta

WELCOMES NEW &amp; RETURNING MU MUSTANG ANGS MHS Administrative Staff Dr. Donna Richardson, Principal Ms. Janetta Lucas, AP of Curriculum, AP Cambridge House Mrs. Mary Flynn, AP Harvard House Mr. Brian Holloway, AP Princeton

322 views • 20 slides
Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

T Labs Usability Colloquium June 25, 2007 Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland C.A.S.P.I.A.N. Consumers against supermarket privacy invasions and

451 views • 25 slides
Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc Langheinrich Institut fr Pervasive Computing ETH Zrich Februar 11. 2006 ZiF-Workshop: Privacy and 1 Surveillance Technologies Privacy in Ubiquitous

573 views • 32 slides
Privacy, Data Protection Law, and RFID Irreconcilable Differences? Marc Langheinrich Institute

Privacy, Data Protection Law, and RFID Irreconcilable Differences? Marc Langheinrich Institute

Privacy, Data Protection Law, and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland 17.07.2006 RFIDSec 2006, Graz 1 Public Concern (as seen on TV) 17.07.2006 RFIDSec 2006, Graz 2

828 views • 58 slides
Running Training with HRV Listen to your Heart! Marcel van der Kuil Portland, Quantified

Running Training with HRV Listen to your Heart! Marcel van der Kuil Portland, Quantified

Running Training with HRV Listen to your Heart! Marcel van der Kuil Portland, Quantified Self, Sep 22 2018 Context About me Married with 3 children. Computer/Data Scientist Independent Sports&amp; Health Tech

541 views • 37 slides
Clouded Thoughts Air Quality &amp; Cognitive Performance Arthur Amorim January 23, 2019 Arthur

Clouded Thoughts Air Quality &amp; Cognitive Performance Arthur Amorim January 23, 2019 Arthur

Clouded Thoughts Air Quality &amp; Cognitive Performance Arthur Amorim January 23, 2019 Arthur Amorim Clouded Thoughts Question : How does air quality affect the decision-making of individuals performing high level of inductive reasoning?

887 views • 77 slides
But when the seventy years are fulfilled, I will punish the king of Babylon and his nation, the

But when the seventy years are fulfilled, I will punish the king of Babylon and his nation, the

But when the seventy years are fulfilled, I will punish the king of Babylon and his nation, the land of the Babylonians, for their guilt, declares the Lord, and will make it desolate forever. Jeremiah 25:12 1 King Belshazzar gave a great

739 views • 48 slides
Heaven: A Sneak Preview LESSON 7 Your Response to the Lesson What was most interesting in the

Heaven: A Sneak Preview LESSON 7 Your Response to the Lesson What was most interesting in the

Heaven: A Sneak Preview LESSON 7 Your Response to the Lesson What was most interesting in the Bible story? What activity was most enjoyable? What new things did you learn? Activity A Heavenly Plans Make plans for your life in heaven. What

362 views • 22 slides
nobles and drank wine with them. 2 While Belshazzar was drinking his wine, he gave orders to bring

nobles and drank wine with them. 2 While Belshazzar was drinking his wine, he gave orders to bring

King Belshazzar gave a great banquet for a thousand of his nobles and drank wine with them. 2 While Belshazzar was drinking his wine, he gave orders to bring in the gold and silver goblets that Nebuchadnezzar his father had taken from the

380 views • 15 slides
The Handwriting of God Daniel 5 Here is some test text Here is some test text Here is some test

The Handwriting of God Daniel 5 Here is some test text Here is some test text Here is some test

Here is some test text Here is some test text Here is some test text The Handwriting of God Daniel 5 Here is some test text Here is some test text Here is some test text 1. God warns us not to trust the security of earthly kingdoms Here is

707 views • 39 slides
Sunday Morning in the Word October 13, 2019 Ephesians 3:20-21 PRAYING the Psalms Confession,

Sunday Morning in the Word October 13, 2019 Ephesians 3:20-21 PRAYING the Psalms Confession,

Sunday Morning in the Word October 13, 2019 Ephesians 3:20-21 PRAYING the Psalms Confession, Lament, Praise and Thanksgiving Sunday mornings beginning Nov. 10th November 10th ! ! Sermon #1 Psalm 51, (Psalm of Confession) November 11th ! ! Week

839 views • 56 slides
MAIL CARRIER APP STAGE 2: IDEA AND INTERACTION FRAMEWORK IAT 334 - D102 BRENDAN

MAIL CARRIER APP STAGE 2: IDEA AND INTERACTION FRAMEWORK IAT 334 - D102 BRENDAN

MAIL CARRIER APP STAGE 2: IDEA AND INTERACTION FRAMEWORK IAT 334 - D102 BRENDAN LANE PATRICK MAGDUA CHRISTIE WONG LEVONA YIM MAIL DELIVERY AGENTS CANADA POST DELIVERY AGENTS - PEOPLE WHO DELIVER MAIL AND

355 views • 10 slides
1 John Series Lesson #013 March 18, 2001 Dean Bible Ministries www.deanbibleministries.org Dr.

1 John Series Lesson #013 March 18, 2001 Dean Bible Ministries www.deanbibleministries.org Dr.

1 John Series Lesson #013 March 18, 2001 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. 1 John 1:8, If we say that we have no sin, we are deceiving ourselves, and the truth is not in us. 1 John 1:9, If we

559 views • 43 slides
Trainer Tips: Start on time so that you can stay in the time lines Start on time so that you can

Trainer Tips: Start on time so that you can stay in the time lines Start on time so that you can

Train the Trainer Manual Module 1 - Personal and Organizational Beliefs and Values Trainer Tips: Start on time so that you can stay in the time lines Start on time so that you can stay in the time lines Have the handouts including the pre/post

663 views • 39 slides
inequalities in transport accessibility to healthcare facilities Charlotte Kelly Institute for

inequalities in transport accessibility to healthcare facilities Charlotte Kelly Institute for

Institute for Transport Studies FACULTY OF ENVIRONMENT Using health data to explore inequalities in transport accessibility to healthcare facilities Charlotte Kelly Institute for Transport Studies &amp; Academic Unit Health Economics

398 views • 12 slides
SLIDES &amp; Accessories - high quality furniture fittings - high quality furniture fittings

SLIDES &amp; Accessories - high quality furniture fittings - high quality furniture fittings

Ta b l e SLIDES &amp; Accessories - high quality furniture fittings - high quality furniture fittings SISO A/S MILEPARKEN 11 DK - 2740 SKOVLUNDE (COPENHAGEN) DENMARK PHONE: (+45) 45 830 900 FAX: (+45) 45 830 444 - high quality furniture

789 views • 52 slides
that ye be not judged. 2 For with what judgment ye judge, ye shall be judged: and with what

that ye be not judged. 2 For with what judgment ye judge, ye shall be judged: and with what

Matthew 7:1-2 1 Judge not, that ye be not judged. 2 For with what judgment ye judge, ye shall be judged: and with what measure ye mete, it shall be measured to you again. Matthew 7:1-2 1 Judge not, that ye be not judged. 2 For with what

671 views • 36 slides
An Introduction to Knockout.js with Daniel Doezema dan.doezema.com Knockout.js Standalone

An Introduction to Knockout.js with Daniel Doezema dan.doezema.com Knockout.js Standalone

An Introduction to Knockout.js with Daniel Doezema dan.doezema.com Knockout.js Standalone / Pure JavaScript Open Source (MIT license) Wide Browser Support ( IE 6+ / FF 2+ / Chrome / Opera / Safari - Mobile) Framework

294 views • 17 slides

More recommend