Team for Research in
Ubiquitous Secure Technology

Towards Automatic Discovery of Deviations in Binary Implementations
Cody Hartwig

Citation
Cody Hartwig. "Towards Automatic Discovery of Deviations in Binary Implementations". Talk or presentation, 11, October, 2007.

Abstract
Different implementations of the same protocol specification usually contain deviations, i.e., differences in how they check and process some of their inputs. Deviations are commonly introduced as implementation errors or as different interpretations of the same specification. Automatic discovery of these deviations is important for several applications. In this paper, we focus on automatic discovery of deviations for two particular applications: error detection and fingerprint generation. We propose a novel approach for automatically detecting deviations in the way different implementations of the same specification check and process their input. Our approach has several advantages: (1) by automatically building symbolic formulas from the implementation, our approach is precisely faithful to the implementation; (2) by solving formulas created from two different implementations of the same specification, our approach significantly reduces the number of inputs needed to find deviations; (3) our approach works on binaries directly, without access to the source code. We have built a prototype implementation of our approach and have evaluated it using multiple implementations of two different protocols: HTTP and NTP. Our results show that our approach successfully finds deviations between different implementations, including errors in input checking, and differences in the interpretation of the specification, which can be used as fingerprints.

Electronic downloads


Internal. This publication has been marked by the author for TRUST-only distribution, so electronic downloads are not available without logging in.
Citation formats  
  • HTML
    Cody Hartwig. <a
    href="http://www.truststc.org/pubs/300.html"
    ><i>Towards Automatic Discovery of Deviations in
    Binary Implementations</i></a>, Talk or
    presentation,  11, October, 2007.
  • Plain text
    Cody Hartwig. "Towards Automatic Discovery of
    Deviations in Binary Implementations". Talk or
    presentation,  11, October, 2007.
  • BibTeX
    @presentation{Hartwig07_TowardsAutomaticDiscoveryOfDeviationsInBinaryImplementations,
        author = {Cody Hartwig},
        title = {Towards Automatic Discovery of Deviations in
                  Binary Implementations},
        day = {11},
        month = {October},
        year = {2007},
        abstract = {Different implementations of the same protocol
                  specification usually contain deviations, i.e.,
                  differences in how they check and process some of
                  their inputs. Deviations are commonly introduced
                  as implementation errors or as different
                  interpretations of the same specification.
                  Automatic discovery of these deviations is
                  important for several applications. In this paper,
                  we focus on automatic discovery of deviations for
                  two particular applications: error detection and
                  fingerprint generation. We propose a novel
                  approach for automatically detecting deviations in
                  the way different implementations of the same
                  specification check and process their input. Our
                  approach has several advantages: (1) by
                  automatically building symbolic formulas from the
                  implementation, our approach is precisely faithful
                  to the implementation; (2) by solving formulas
                  created from two different implementations of the
                  same specification, our approach significantly
                  reduces the number of inputs needed to find
                  deviations; (3) our approach works on binaries
                  directly, without access to the source code. We
                  have built a prototype implementation of our
                  approach and have evaluated it using multiple
                  implementations of two different protocols: HTTP
                  and NTP. Our results show that our approach
                  successfully finds deviations between different
                  implementations, including errors in input
                  checking, and differences in the interpretation of
                  the specification, which can be used as
                  fingerprints.},
        URL = {http://www.truststc.org/pubs/300.html}
    }
    

Posted by Larry Rohrbough on 16 Oct 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.