an initial investigation of protocol customization
play

An Initial Investigation of Protocol Customization David Ke Hong , - PowerPoint PPT Presentation

Dec 30, 2023 •258 likes •420 views

An Initial Investigation of Protocol Customization David Ke Hong , Qi Alfred Chen, Z. Morley Mao University of Michigan Todays protocols are feature-rich Widely-used protocols contain a rich set of features and extensions Around

  1. An Initial Investigation of Protocol Customization David Ke Hong , Qi Alfred Chen, Z. Morley Mao University of Michigan

  2. Today’s protocols are feature-rich • Widely-used protocols contain a rich set of features and extensions – Around 15 extensions for the functionality provided by the TLS protocol message formats – Different usage scenarios • TCP extensions – Performance consideration • Various HTTP/2 features – Implemented as a one-size-fits-all library 2

  3. Vulnerabilities caused by unnecessary features • Not all features are desirable in a particular deployment scenario, and unused features enlarge attack surface – HeartBleed attack caused by an implementation flaw in TLS/DTLS heartbeat extension • Optional in many deployment scenarios – FREAK attack exploiting weak RSA_EXPORT cipher suites • Stronger cipher suites already available 3

  4. Protocol Customization • Modify and specialize a standard protocol to enable only desirable features • Compile-time disabling – 97 OpenSSL_NO* compiler flags • Runtime disabling or parameter tuning – mod_* parameters for module disabling 4

  5. Existing customization practices • Existing customization practices are ad-hoc – Often relying on configurations offered by the protocol implementation • Case study – Per-feature disabling on HTTP/2 features is not supported in Apache HTTP server – HPACK bomb vulnerability (CVE-2016-1544, CVE-2016-6581) • Developer failed to cover this customization option 5

  6. Systematic way of protocol customization is needed • Call for a systematic approach to overcome existing limitations – Minimizing human efforts and errors – Covering customization on important features – Supporting customization of fine-grained features • Question: can we systematically customize a standard protocol to reduce its attack surface with sufficient automation? 6

  7. Solution direction • Protocol feature access control – A systematic framework to unify common protocol customization practices – Access control resource: protocol feature – Two types of access control policy • Feature disabling policy • Feature tuning policy – Validation : 17 out of 20 CVE patches can be expressed by feature disabling or tuning policy 7

  8. Access control example: HeartBeat • To prevent HeartBleed vulnerability OpenSSL protocol entry Feature access control policy configuration Feature 1 Execution permitted Feature 1 Access policy: allowed T Execution permitted when Feature 2 len(RequestEchoBytes) < 1500 Feature 2 Access policy: tuning Tuning policy: Length of requested echo bytes < 1500 X Feature 3 Execution denied Feature 3 Access policy: disabling 8

  9. Research challenges • How to systematically identify features and locate its code-level implementation – Bridging the gap between user-level and code- level features • Natural language processing • Deep neural networks – Systematically locating code-level feature- related implementation • Control and data flow analysis 9

  10. Research challenges • How to effectively support diverse types of protocol customization with minimized manual efforts – Enforcing policies without assuming that the code base structure is ready for customization by design • Control and data flow analysis – Supporting feature disabling and tuning policy • Control and data flow analysis • Symbolic execution 10

  11. Preliminary system design Input: features to be customized, protocol software 11

  12. Preliminary system design Input: features to be customized, protocol software 12

  13. Limitation • Protocol customization alone is insufficient in addressing some vulnerability cases – Vulnerability related to core functionality that requires significant change to the details of a protocol feature • TLS vulnerability caused by the weakness in key generation 13

  14. Summary Perform an initial investigation of protocol customization for reducing attack surface of a standard protocol – Identify key research challenges for systematic and sufficiently automated protocol customization – Propose an access control mechanism to unify existing protocol customization practices Future work – Feature identification using NLP techniques – Feature access control: more detailed design and impl. 14

  15. Thank you! • Questions? 15

Recommend

AEATF-II Mop Study: Supplemental Slides 1 Initial Protocol Review Milestones Jan 08 GPL

AEATF-II Mop Study: Supplemental Slides 1 Initial Protocol Review Milestones Jan 08 GPL

AEATF-II Mop Study: Supplemental Slides 1 Initial Protocol Review Milestones Jan 08 GPL submits protocol packages to IIRB and CDPR 22 Jan 08 IIRB approves protocol, consent form, recruiting flyer, and recruiting scripts 25 Feb 08 Approved

436 views • 9 slides
Dasha Maliauskaya, Rakan AlZagha, and Wendy Salto Initial Research on Marco Investigation of

Dasha Maliauskaya, Rakan AlZagha, and Wendy Salto Initial Research on Marco Investigation of

Dasha Maliauskaya, Rakan AlZagha, and Wendy Salto Initial Research on Marco Investigation of Mirco Investigation on Creating infographics using the Connecticut and Connecticut School selected schools in most important information and

3.74k views • 35 slides
Initial Investigation into the Psychoacoustic Properties of Small Unmanned Aerial System Noise

Initial Investigation into the Psychoacoustic Properties of Small Unmanned Aerial System Noise

Initial Investigation into the Psychoacoustic Properties of Small Unmanned Aerial System Noise Andrew Christian and Randolph Cabell Structural Acoustics Branch NASA Langley Research Center Presented at DATAWorks 2018 The D efense and A

773 views • 32 slides
Network slicing: industrialization of network customization? Christian Destr, Orange Labs

Network slicing: industrialization of network customization? Christian Destr, Orange Labs

Network slicing: industrialization of network customization? Christian Destr, Orange Labs Networks 2 Interne Orange To enable mass customization Few possible versions Options to be added after factory production Very few customization at

551 views • 25 slides
OUTBREAK INVESTIGATION FORM STEPS OF AN INVESTIGATION 1. Verify the diagnosis; identify the

OUTBREAK INVESTIGATION FORM STEPS OF AN INVESTIGATION 1. Verify the diagnosis; identify the

OUTBREAK INVESTIGATION FORM STEPS OF AN INVESTIGATION 1. Verify the diagnosis; identify the agent. Describe the initial magnitude of the problem and what symptoms got the facility's attention. What diagnosis has been established? What agent

225 views • 4 slides
Initial Investigation of Petroleum Systems of the Permian Basin, USA Ronald J. Hill 1 , Dan Jarvie

Initial Investigation of Petroleum Systems of the Permian Basin, USA Ronald J. Hill 1 , Dan Jarvie

Initial Investigation of Petroleum Systems of the Permian Basin, USA Ronald J. Hill 1 , Dan Jarvie 2 , Brenda Claxton 2 , Jack Burgess 2 and Jack Williams 3 1 United States Geological Survey Box 25046, MS 977 Denver, CO 80225 2 Humble Geochemical

573 views • 19 slides
Pimp Your Linux (System Customization) Mark Repka RITLug, Week 8 Customization! What can we do?

Pimp Your Linux (System Customization) Mark Repka RITLug, Week 8 Customization! What can we do?

Pimp Your Linux (System Customization) Mark Repka RITLug, Week 8 Customization! What can we do? One of the biggest selling points of Linux Change your desktop environment! Change the wallpaper (duh) Change the theme!

543 views • 21 slides
Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message

Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message

Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message Body Session information describing the media to be exchanged between the parties SDP, RFC 2327 (initial publication) A number of

671 views • 21 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
Case Investigation of Avian in Southeast Asia Influenza Overview Initiating an investigation

Case Investigation of Avian in Southeast Asia Influenza Overview Initiating an investigation

Rapid Response Team Training 1 Case Investigation of Avian in Southeast Asia Influenza Overview Initiating an investigation Pre-investigation activities Investigation Recordkeeping and reporting Post-investigation activities

1.24k views • 86 slides
Bell Schedule 2020-21 Initial Data Initial Data Initial Data Initial

Bell Schedule 2020-21 Initial Data Initial Data Initial Data Initial

Bell Schedule 2020-21 Initial Data Initial Data Initial Data Initial Data Process SPACE Framework Problem Unhealthy Students Goal Action Plan

467 views • 31 slides
Lecture 4 Approach Langtons Investigation Investigate 1D CAs with: random transition

Lecture 4 Approach Langtons Investigation Investigate 1D CAs with: random transition

Part 2: Cellular Automata 8/27/04 Lecture 4 Approach Langtons Investigation Investigate 1D CAs with: random transition rules Under what conditions can we expect a starting in random initial states complex dynamics of

162 views • 12 slides
MACAW : A Media Access Based on MACA, a Multiple Access Collision Protocol for Wireless

MACAW : A Media Access Based on MACA, a Multiple Access Collision Protocol for Wireless

Introduction MACAW : A Media Access Based on MACA, a Multiple Access Collision Protocol for Wireless LANs Avoidance protocol. Initial attempt to deal with WLAN challenges. Four key main observations: The relevant contention is

393 views • 5 slides
Re-ECN: Adding Accountability for Causing Congestion to TCP/IP Bob Briscoe , BT &amp; UCL Arnaud

Re-ECN: Adding Accountability for Causing Congestion to TCP/IP Bob Briscoe , BT &amp; UCL Arnaud

Re-ECN: Adding Accountability for Causing Congestion to TCP/IP Bob Briscoe , BT &amp; UCL Arnaud Jacquet, BT Alessandro Salvatori, BT IETF-64 tsvwg Nov 2005 context context context context initial draft protocol protocol protocol

298 views • 25 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator shall establish procedures for analyzing accidents and failures, including the selection of samples of the failed facility or equipment for

948 views • 55 slides
LiveCD Customization Creating your own Linux distribution Background . Do you think that the

LiveCD Customization Creating your own Linux distribution Background . Do you think that the

LiveCD Customization Creating your own Linux distribution Background . Do you think that the Ubuntu/Arch/Debian/Fedora default programs and settings are wrong? You can take a base system and customize it to your liking! We know this

256 views • 24 slides
Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD.,

Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD.,

Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD., DTM&amp;H., MCTM. Surveillance and Investigation Section Bureau of Epidemiology, Department of Disease Control Ministry of Public Health, Thailand

1.27k views • 83 slides
Investigation into procurement of goods and services from CT Management Group Pty Ltd by

Investigation into procurement of goods and services from CT Management Group Pty Ltd by

Investigation into procurement of goods and services from CT Management Group Pty Ltd by Glenorchy City Council Report of the Auditor-General No. 1 of 2017-18 Todays presentation Basis of investigation Investigation approach

460 views • 29 slides
Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and Objectives Goals and Objectives CAR adopted the Forest Protocols in 2005 CAR Board directed staff in 2007 to: Initiate a stakeholder process

532 views • 25 slides
The Session Description Protocol The Most Common Message Body Be session information

The Session Description Protocol The Most Common Message Body Be session information

The Session Description Protocol The Most Common Message Body Be session information describing the media to be exchanged between the parties SDP, RFC 2327 (initial publication) SIP uses SDP in an answer/offer mode. An agreement

690 views • 49 slides
Laboratory Investigation of Laboratory Investigation of Laboratory Investigation of Laboratory

Laboratory Investigation of Laboratory Investigation of Laboratory Investigation of Laboratory

www.eng.chula.ac.th Laboratory Investigation of Laboratory Investigation of Laboratory Investigation of Laboratory Investigation of Laboratory Investigation of Vetiver Root Reinforcement for Slope Reinforcement for Slope Reinforcement for

513 views • 48 slides
Unintrusive Customization Techniques for Web Advertising Marc Langheinrich Atsuyoshi Nakamura

Unintrusive Customization Techniques for Web Advertising Marc Langheinrich Atsuyoshi Nakamura

Unintrusive Customization Techniques for Web Advertising Marc Langheinrich Atsuyoshi Nakamura Naoki Abe Tomonari Kamba Yoshiyuki Koseki NEC Corporation, C&amp;C Media Research Laboratories, Japan Overview Introduction Ad targeting

451 views • 33 slides
INVESTIGATION UNIT INVESTIGATION UNIT Human interaction with backhoes and excavators

INVESTIGATION UNIT INVESTIGATION UNIT Human interaction with backhoes and excavators

MINE SAFETY MINE SAFETY INVESTIGATION UNIT INVESTIGATION UNIT Human interaction with backhoes and excavators www.dpi.nsw.gov.au/investigation-unit Industry and Investment NSW data 73 reported incidents involving backhoe and excavator type

492 views • 14 slides

More recommend