The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning

Chris McMahon Stone, Sam L. Thomas, Mathy Vanhoef, James Henderson, Nicolas Bailluet, Tom Chothia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

137 Downloads (Pure)

Abstract

We propose a new approach to infer state machine models from protocol implementations. Our new tool, StateInspector, learns protocol states by using novel program analyses to combine observations of run-time memory and I/O. It requires no access to source code and only lightweight execution monitoring of the implementation under test. We demonstrate and evaluate StateInspector's effectiveness on numerous TLS and WPA/2 implementations. In the process, we show StateInspector enables deeper state discovery, increased learning efficiency, and more insight compared to existing approaches. Our method led us to discover several concerning deviations from the standards and vulnerabilities in IWD and WolfSSL, both of which were assigned CVEs.

Original languageEnglish
Title of host publicationCCS '22
Subtitle of host publicationProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Place of PublicationNew York
PublisherAssociation for Computing Machinery
Pages2265-2278
Number of pages14
ISBN (Print)9781450394505
DOIs
Publication statusPublished - 7 Nov 2022
Event28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 - Los Angeles, United States
Duration: 7 Nov 202211 Nov 2022

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022
Country/TerritoryUnited States
CityLos Angeles
Period7/11/2211/11/22

Bibliographical note

Funding Information:
This research is partially funded by the Engineering and Physical Sciences Research Council (EPSRC) under grants EP/R012598/1, EP/R008000/1, and EP/V000454/1, the Research Fund KU Leuven, and by the Flemish Research Programme Cybersecurity.

Publisher Copyright:
© 2022 ACM.

Keywords

  • protocol security
  • reverse engineering
  • state machine learning

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning'. Together they form a unique fingerprint.

Cite this