Publication | Open Access
Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach
23
Citations
0
References
2018
Year
Unknown Venue
Internet Traffic AnalysisEngineeringInformation SecuritySoftware AnalysisAttack DiscoveryFormal VerificationHardware SecurityState Machine ModelDenial-of-service AttackNetwork Traffic MeasurementNetwork FlowsDdos DetectionTcp ImplementationsModel-guided ApproachComputer EngineeringComputer ScienceTcp Congestion ControlProgram AnalysisNetwork Traffic ControlTransport LayerCongestion Control
In this work, we propose an automated method to find attacks against TCP congestion control implementations that combines the generality of implementation-agnostic fuzzing with the precision of runtime analysis. It uses a model-guided approach to generate abstract attack strategies by leveraging a state machine model of congestion control to find vulnerable state machine paths that an attacker could exploit to increase or decrease the throughput of a connection. These abstract strategies are then mapped to concrete attack strategies, which consist of sequences of actions such as injection or modification of acknowledgements. We design and implement a virtualized platform, TCPwn, that consists of a proxy-based attack injector to inject these concrete attack strategies. We evaluated 5 TCP implementations from 4 Linux distributions and Windows 8.1. Overall, we found 11 classes of attacks, of which 8 are new.