Abstract: Network protocol software is usually characterized by complicated functions and a vast state space. In this type of program, a massive number of stateful variables that are used to represent the evolution of the states and store some information about the sessions are prone to potential flaws caused by violations of protocol specification requirements and program logic. Discovering such variables is significant in discovering and exploiting vulnerabilities in protocol software, and still needs massive manual verifications. In this paper, we propose a novel method that could automatically discover the use of stateful variables in network protocol software. The core idea is that a stateful variable features information of the communication entities and the software states, so it will exist in the form of a global or static variable during program execution. Based on recording and replaying a protocol program's execution, varieties of variables in the life cycle can be tracked with the technique of dynamic instrument. We draw up some rules from multiple dimensions by taking full advantage of the existing vulnerability knowledge to determine whether the data stored in critical memory areas have stateful characteristics. We also implement a prototype system that can discover stateful variables automatically and then perform it on nine programs in ProFuzzBench and two complex real-world software programs. With the help of available open-source code, the evaluation results show that the average true positive rate (TPR) can reach 82% and the average precision can be approximately up to 96%.

Key words: Stateful variables; Network protocol software; Program analysis technology; Network security

Please provide your name, email address and a comment

Your Name: Affili: E-Mail Address:

Comment (Please comment in English):


Verification Code(click to change a pic):