Similar articles

Abstract: network protocol software is usually characterized by complicated functions and a vast state space. In this type of program, a massive number of stateful variables that are used to represent the evolution of the states and store some information about the sessions are prone to potential flaws caused by violations of protocol specification requirements and program logic. Discovering such variables is significant in discovering and exploiting vulnerabilities in protocol software, and still needs massive manual verifications. In this paper, we propose a novel method, that could automatically discover the use of stateful variables in network protocol software. The core idea is that a stateful variable features information of the communication entities and the software states, so it will generate and exist in the form of a global or static variable during program execution. Based on recording and replaying a protocol program’s execution, varieties of variables in the life cycle can be tracked with the technique of dynamic instrument. We draw up some rules from multiple dimensions by taking full advantage of the existing vulnerabilities knowledge to determine whether the data stored in critical memory areas have stateful characteristics. We also implemented a prototype system that can discover stateful variables automatically, then we performed it on nine programs in ProFuzzBench and two complex real-world software programs. With the help of available open-source code, the evaluation results show that the average TPR can reach 82% and the precision can be approximately up to 96%.