Leveraging Textual Specifications for Automated Attack Discovery in Network Protocols
Speaker:
Cristina Nita-Rotaru
Data dell'evento:
Martedì, 28 May, 2024 - 12:00
Luogo:
Aula B2
Contatto:
Daniele Cono D'Elia
Abstract
Automated attack discovery techniques, such as attacker synthesis or model-based fuzzing, provide powerful ways to ensure network protocols operate correctly and securely. Such techniques, in general, require a formal representation of the protocol, often in the form of a finite state machine (FSM). Unfortunately, many protocols are only described in English prose.
We show how to extract protocol specification in the form of FSM from RFCs. Unlike other works that rely on rule-based approaches or use off-the-shelf NLP tools directly, we suggest a data-driven approach for extracting FSMs from RFC documents. Specifically, we use a hybrid approach consisting of three key steps: (1) large-scale word-representation learning for technical language, (2) focused zero-shot learning for mapping protocol text to a protocol-independent information language, and (3) rule-based mapping from protocol-independent information to a specific protocol FSM. We show the generalizability of our FSM extraction by using the RFCs for six different protocols: BGPv4, DCCP, LTP, PPTP, SCTP and TCP. We demonstrate how automated extraction of an FSM from an RFC can be applied to the synthesis of attacks, with TCP and DCCP as case-studies.
This work appeared in IEEE Security and Privacy 2022 as``Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents.'' Maria Leonor Pacheco, Max von Hippel, Ben Weintraub Dan Goldwasser Cristina Nita-Rotaru. IEEE S&P 2022.Code available at: https://github.com/RFCNLP
Bio: Cristina Nita-Rotaru is a Professor of Computer Science in the Khoury College of Computer Sciences at Northeastern University (since 2015) where she leads the Network and Distributed Systems Security Laboratory (NDS2). Prior to joining Northeastern she was a faculty in the Department of Computer Science at Purdue University (2003 - 2015). She served as Associate Dean of Faculty at Northeastern University (2017 - 2020) and as an Assistant Director for CERIAS at Purdue University (2011 - 2013). Her research lies at the intersection of security, distributed systems, and computer networks. The overarching goal of her work is designing and building secure and resilient distributed systems and network protocols, with assurance that the deployed implementations provide their security, resilience, and performance goals. Her work received several best paper awards in NETYS 2023, ACM SACMAT 2022, IEEE SafeThings 2019, NDSS 2018, ISSRE 2017, DSN 2015, two IETF/IRTF Applied Networking Research Prize in 2018 and 2016, and Test-of-Time award in ACM SACMAT 2022. She is a recipient of the NSF Career Award in 2006. Cristina Nita-Rotaru has served on the program committee of numerous conferences in networking, distributed systems and security such as IEEE S&P, USENIX Security, ACM CCS, NDSS, ACM Wisec, USENIX OSDI, USENIX ATC, ACM SOCC, ACM SIGCOMM, ACM CoNEXT, IEEE INFOCOM, IEEE ICNP, WWW, IEEE ICDCS, IEEE/IFIP DSN, Eurosys, and Euro S&P. She was an Associate Editor for IEEE Transactions on Computers, ACM Transactions on Information Systems Security, Computer Networks, IEEE Transactions on Mobile Computing and IEEE Transactions on Dependable and Secure Systems. She was a chair for ACM Wisec 2010, IEEE CNS 2013, ACM GameSec 2013, IEEE DSN 2016, and IEEE ICNP 2018 and chair of the NDSS Steering Group 2023 - 2024. She currently serves as TPC co-Chair for IEEE S&P 2025 and 2026.