Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks
Embedded Network Stacks (ENS) enable low-resource devices to communicate with the outside world, facilitating the development of the Internet of Things and Cyber-Physical Systems. Some defects in ENS are thus high-severity cybersecurity vulnerabilities: they are remotely triggerable and can impact t...
Gespeichert in:
| Hauptverfasser: | , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Amusuo, Paschal C Méndez, Ricardo Andrés Calvo Xu, Zhongwei Machiry, Aravind Davis, James C |
| description | Embedded Network Stacks (ENS) enable low-resource devices to communicate with
the outside world, facilitating the development of the Internet of Things and
Cyber-Physical Systems. Some defects in ENS are thus high-severity
cybersecurity vulnerabilities: they are remotely triggerable and can impact the
physical world. While prior research has shed light on the characteristics of
defects in many classes of software systems, no study has described the
properties of ENS defects nor identified a systematic technique to expose them.
The most common automated approach to detecting ENS defects is feedback-driven
randomized dynamic analysis ("fuzzing"), a costly and unpredictable technique.
This paper provides the first systematic characterization of cybersecurity
vulnerabilities in ENS. We analyzed 61 vulnerabilities across 6 open-source
ENS. Most of these ENS defects are concentrated in the transport and network
layers of the network stack, require reaching different states in the network
protocol, and can be triggered by only 1-2 modifications to a single packet. We
therefore propose a novel systematic testing framework that focuses on the
transport and network layers, uses seeds that cover a network protocol's
states, and systematically modifies packet fields. We evaluated this framework
on 4 ENS and replicated 12 of the 14 reported IP/TCP/UDP vulnerabilities. On
recent versions of these ENSs, it discovered 7 novel defects (6 assigned CVES)
during a bounded systematic test that covered all protocol states and made up
to 3 modifications per packet. We found defects in 3 of the 4 ENS we tested
that had not been found by prior fuzzing research. Our results suggest that
fuzzing should be deferred until after systematic testing is employed. |
| doi_str_mv | 10.48550/arxiv.2308.10965 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2308_10965</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2308_10965</sourcerecordid><originalsourceid>FETCH-LOGICAL-a675-aebb7fde0bcb9ddae1a2e753d9752f3e4fee3883356e31ac12328b577905b9aa3</originalsourceid><addsrcrecordid>eNotz8tOwzAUBFBvWKDCB7DCP5DgRx3bS1TKQ6oKUku30bV9g6w6KXLMI39PKaxmMZqRDiFXnNVzoxS7gfwdP2shmak5s406J6-baSzYQ4keUproHRb0JQ5v9AX8HgvdQYrhWB8GuvtIA2ZwMcUScaRxoMveYQgY6BrL1yHv6aYcZ-MFOesgjXj5nzOyvV9uF4_V6vnhaXG7qqDRqgJ0TncBmfPOhgDIQaBWMlitRCdx3iFKY6RUDUoOngspjFNaW6acBZAzcv13e3K17zn2kKf219eefPIH70hNCw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks</title><source>arXiv.org</source><creator>Amusuo, Paschal C ; Méndez, Ricardo Andrés Calvo ; Xu, Zhongwei ; Machiry, Aravind ; Davis, James C</creator><creatorcontrib>Amusuo, Paschal C ; Méndez, Ricardo Andrés Calvo ; Xu, Zhongwei ; Machiry, Aravind ; Davis, James C</creatorcontrib><description>Embedded Network Stacks (ENS) enable low-resource devices to communicate with
the outside world, facilitating the development of the Internet of Things and
Cyber-Physical Systems. Some defects in ENS are thus high-severity
cybersecurity vulnerabilities: they are remotely triggerable and can impact the
physical world. While prior research has shed light on the characteristics of
defects in many classes of software systems, no study has described the
properties of ENS defects nor identified a systematic technique to expose them.
The most common automated approach to detecting ENS defects is feedback-driven
randomized dynamic analysis ("fuzzing"), a costly and unpredictable technique.
This paper provides the first systematic characterization of cybersecurity
vulnerabilities in ENS. We analyzed 61 vulnerabilities across 6 open-source
ENS. Most of these ENS defects are concentrated in the transport and network
layers of the network stack, require reaching different states in the network
protocol, and can be triggered by only 1-2 modifications to a single packet. We
therefore propose a novel systematic testing framework that focuses on the
transport and network layers, uses seeds that cover a network protocol's
states, and systematically modifies packet fields. We evaluated this framework
on 4 ENS and replicated 12 of the 14 reported IP/TCP/UDP vulnerabilities. On
recent versions of these ENSs, it discovered 7 novel defects (6 assigned CVES)
during a bounded systematic test that covered all protocol states and made up
to 3 modifications per packet. We found defects in 3 of the 4 ENS we tested
that had not been found by prior fuzzing research. Our results suggest that
fuzzing should be deferred until after systematic testing is employed.</description><identifier>DOI: 10.48550/arxiv.2308.10965</identifier><language>eng</language><subject>Computer Science - Software Engineering</subject><creationdate>2023-08</creationdate><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2308.10965$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2308.10965$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Amusuo, Paschal C</creatorcontrib><creatorcontrib>Méndez, Ricardo Andrés Calvo</creatorcontrib><creatorcontrib>Xu, Zhongwei</creatorcontrib><creatorcontrib>Machiry, Aravind</creatorcontrib><creatorcontrib>Davis, James C</creatorcontrib><title>Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks</title><description>Embedded Network Stacks (ENS) enable low-resource devices to communicate with
the outside world, facilitating the development of the Internet of Things and
Cyber-Physical Systems. Some defects in ENS are thus high-severity
cybersecurity vulnerabilities: they are remotely triggerable and can impact the
physical world. While prior research has shed light on the characteristics of
defects in many classes of software systems, no study has described the
properties of ENS defects nor identified a systematic technique to expose them.
The most common automated approach to detecting ENS defects is feedback-driven
randomized dynamic analysis ("fuzzing"), a costly and unpredictable technique.
This paper provides the first systematic characterization of cybersecurity
vulnerabilities in ENS. We analyzed 61 vulnerabilities across 6 open-source
ENS. Most of these ENS defects are concentrated in the transport and network
layers of the network stack, require reaching different states in the network
protocol, and can be triggered by only 1-2 modifications to a single packet. We
therefore propose a novel systematic testing framework that focuses on the
transport and network layers, uses seeds that cover a network protocol's
states, and systematically modifies packet fields. We evaluated this framework
on 4 ENS and replicated 12 of the 14 reported IP/TCP/UDP vulnerabilities. On
recent versions of these ENSs, it discovered 7 novel defects (6 assigned CVES)
during a bounded systematic test that covered all protocol states and made up
to 3 modifications per packet. We found defects in 3 of the 4 ENS we tested
that had not been found by prior fuzzing research. Our results suggest that
fuzzing should be deferred until after systematic testing is employed.</description><subject>Computer Science - Software Engineering</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz8tOwzAUBFBvWKDCB7DCP5DgRx3bS1TKQ6oKUku30bV9g6w6KXLMI39PKaxmMZqRDiFXnNVzoxS7gfwdP2shmak5s406J6-baSzYQ4keUproHRb0JQ5v9AX8HgvdQYrhWB8GuvtIA2ZwMcUScaRxoMveYQgY6BrL1yHv6aYcZ-MFOesgjXj5nzOyvV9uF4_V6vnhaXG7qqDRqgJ0TncBmfPOhgDIQaBWMlitRCdx3iFKY6RUDUoOngspjFNaW6acBZAzcv13e3K17zn2kKf219eefPIH70hNCw</recordid><startdate>20230821</startdate><enddate>20230821</enddate><creator>Amusuo, Paschal C</creator><creator>Méndez, Ricardo Andrés Calvo</creator><creator>Xu, Zhongwei</creator><creator>Machiry, Aravind</creator><creator>Davis, James C</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20230821</creationdate><title>Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks</title><author>Amusuo, Paschal C ; Méndez, Ricardo Andrés Calvo ; Xu, Zhongwei ; Machiry, Aravind ; Davis, James C</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a675-aebb7fde0bcb9ddae1a2e753d9752f3e4fee3883356e31ac12328b577905b9aa3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Software Engineering</topic><toplevel>online_resources</toplevel><creatorcontrib>Amusuo, Paschal C</creatorcontrib><creatorcontrib>Méndez, Ricardo Andrés Calvo</creatorcontrib><creatorcontrib>Xu, Zhongwei</creatorcontrib><creatorcontrib>Machiry, Aravind</creatorcontrib><creatorcontrib>Davis, James C</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Amusuo, Paschal C</au><au>Méndez, Ricardo Andrés Calvo</au><au>Xu, Zhongwei</au><au>Machiry, Aravind</au><au>Davis, James C</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks</atitle><date>2023-08-21</date><risdate>2023</risdate><abstract>Embedded Network Stacks (ENS) enable low-resource devices to communicate with
the outside world, facilitating the development of the Internet of Things and
Cyber-Physical Systems. Some defects in ENS are thus high-severity
cybersecurity vulnerabilities: they are remotely triggerable and can impact the
physical world. While prior research has shed light on the characteristics of
defects in many classes of software systems, no study has described the
properties of ENS defects nor identified a systematic technique to expose them.
The most common automated approach to detecting ENS defects is feedback-driven
randomized dynamic analysis ("fuzzing"), a costly and unpredictable technique.
This paper provides the first systematic characterization of cybersecurity
vulnerabilities in ENS. We analyzed 61 vulnerabilities across 6 open-source
ENS. Most of these ENS defects are concentrated in the transport and network
layers of the network stack, require reaching different states in the network
protocol, and can be triggered by only 1-2 modifications to a single packet. We
therefore propose a novel systematic testing framework that focuses on the
transport and network layers, uses seeds that cover a network protocol's
states, and systematically modifies packet fields. We evaluated this framework
on 4 ENS and replicated 12 of the 14 reported IP/TCP/UDP vulnerabilities. On
recent versions of these ENSs, it discovered 7 novel defects (6 assigned CVES)
during a bounded systematic test that covered all protocol states and made up
to 3 modifications per packet. We found defects in 3 of the 4 ENS we tested
that had not been found by prior fuzzing research. Our results suggest that
fuzzing should be deferred until after systematic testing is employed.</abstract><doi>10.48550/arxiv.2308.10965</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2308.10965 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2308_10965 |
| source | arXiv.org |
| subjects | Computer Science - Software Engineering |
| title | Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T02%3A13%3A27IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Systematically%20Detecting%20Packet%20Validation%20Vulnerabilities%20in%20Embedded%20Network%20Stacks&rft.au=Amusuo,%20Paschal%20C&rft.date=2023-08-21&rft_id=info:doi/10.48550/arxiv.2308.10965&rft_dat=%3Carxiv_GOX%3E2308_10965%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |