-
Notifications
You must be signed in to change notification settings - Fork 2
Home
The implementations of network protocols are often "bloated" due to various users' needs and complex environment for deployment. The continual expansion of program features contribute to not only growing complexity but also increased the attack surface, making the maintenance of network protocol security very challenging.
In this project, we have proposed several approaches for automated customization and vulnerability detection of network protocols: CustomPro, DamGate and yFuzz.
In CustomPro, We adopt whole system emulation, dynamic tainting and symbolic execution to identify desired code from the original program binaries, then leverage binary rewriting techniques to create a customized program binary that only contains the desired functionalities.
In order to manage the program features after the debloating, we propose another binary customization framework, DamGate, to guard the program feature execution on the fly.
Also, we have designed a stateful protocol fuzzer that aims to efficiently locate the vulnerabilities residing deep in the stateful protocols.
Publications and presentation slides related to the above-mentioned projects are here.
Yurong Chen
Tian Lan
Guru Venkataramani
Project homepage for protocol customization, SEAS, GWU