Proceedings of the Institute for System Programming of the RAS
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Proceedings of the Institute for System Programming of the RAS, 2022, Volume 34, Issue 5, Pages 43–62
DOI: https://doi.org/10.15514/ISPRAS-2022-34(5)-3
(Mi tisp720)
 

Protocol automata recovery method using binary code

I. V. Sharkov

Ivannikov Institute for System Programming of the RAS
Abstract: Security analysis of network programs includes set of reverse engineering tasks of network protocols. Data formats restoring and implemented protocol automaton are the previous task issues. Unlike quite researched problem of formats restoring where there are lots of scientist’s papers, finding out the protocol's automaton program implementation looks like terra incognita and the cornerstone is a protocol state description currently undefined. There are two general ways to retrieve the implemented protocol automaton: an analysis of the network traces and looking into binary trace of the target application. This article offers a second one method. The first aim of the paper is the way to describe a mathematical model of a protocol automaton and a method for projecting it onto an executing application binary code. The second is concept of the protocol state definition and a principle to detect the states transitions based on some "global" binary trace objects, are described. Thirdly, there is suggested a protocol automaton precising manner by in-memory fuzzing based on a "floating" fork-server to manage states transitions. Finally, developed toolset's scheme and experiments on its using with a real VPN client, are shown.
Keywords: network protocol, protocol automata, state, binary code, fuzzing
Document Type: Article
Language: Russian
Citation: I. V. Sharkov, “Protocol automata recovery method using binary code”, Proceedings of ISP RAS, 34:5 (2022), 43–62
Citation in format AMSBIB
\Bibitem{Sha22}
\by I.~V.~Sharkov
\paper Protocol automata recovery method using binary code
\jour Proceedings of ISP RAS
\yr 2022
\vol 34
\issue 5
\pages 43--62
\mathnet{http://mi.mathnet.ru/tisp720}
\crossref{https://doi.org/10.15514/ISPRAS-2022-34(5)-3}
Linking options:
  • https://www.mathnet.ru/eng/tisp720
  • https://www.mathnet.ru/eng/tisp/v34/i5/p43
  • Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Proceedings of the Institute for System Programming of the RAS
    Statistics & downloads:
    Abstract page:26
    Full-text PDF :12
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024