Explore an innovative method for detecting vulnerabilities in closed-source network devices through a Black Hat conference talk. Learn about a formal black-box approach that uncovers protocol implementation deviations without accessing binary or source code. Discover how this automated, model-based testing method was applied to routers to check OSPF implementations, revealing logical vulnerabilities in Cisco and Quagga devices. Delve into topics such as symbolic execution, test case generation, and the path explosion problem. Gain insights into the OSPF analysis, including the fight-back mechanism, attacker model, and specific results from Cisco and Quagga testbeds.
Automated Detection of Vulnerabilities in Black-Box Routers and Other Network Devices
Overview
Syllabus
Intro
INTRODUCTION-GABI NAKIBLY
OUTLINE
RESEARCH GOAL
OURMETHOD IN A GLANCE
CREATE A MODEL OF A PROTOCOL
SYMBOLIC EXECUTION 101
GENERATE TEST CASES
EXECUTE TESTS
FIND DEVIATIONS
PATH EXPLOSION PROBLEM
OUR MAIN OPTIMIZATION
OSPF ANALYSIS
THE FIGHT-BACK MECHANISM
THE ATTACKER
OSPF MODEL
CISCO TESTBED
CISCO RESULTS
QUAGGA
IN SUMMARY
Taught by
Black Hat
