| | |
| | |
Stat |
Members: 3645 Articles: 2'506'133 Articles rated: 2609
26 April 2024 |
|
| | | |
|
Article overview
| |
|
Server-side verification of client behavior in cryptographic protocols | Andrew Chi
; Robert Cochran
; Marie Nesfield
; Michael K. Reiter
; Cynthia Sturton
; | Date: |
13 Mar 2016 | Abstract: | Numerous exploits of client-server protocols and applications involve
modifying clients to behave in ways that untampered clients would not, such as
crafting malicious packets. In this paper, we demonstrate practical
verification of a cryptographic protocol client’s messaging behavior as being
consistent with the client program it is believed to be running. Moreover, we
accomplish this without modifying the client in any way, and without knowing
all of the client-side inputs driving its behavior. Our toolchain for verifying
a client’s messages explores multiple candidate execution paths in the client
concurrently, an innovation that we show is both specifically useful for
cryptographic protocol clients and more generally useful for client
applications of other types, as well. In addition, our toolchain includes a
novel approach to symbolically executing the client software in multiple passes
that defers expensive functions until their inputs can be inferred and
concretized. We demonstrate client verification on OpenSSL to show that, e.g.,
Heartbleed exploits can be detected without Heartbleed-specific filtering and
within seconds of the first malicious packet, and that verification of
legitimate clients can keep pace with, e.g., Gmail workloads. | Source: | arXiv, 1603.4085 | Services: | Forum | Review | PDF | Favorites |
|
|
No review found.
Did you like this article?
Note: answers to reviews or questions about the article must be posted in the forum section.
Authors are not allowed to review their own article. They can use the forum section.
browser Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
|
| |
|
|
|
| News, job offers and information for researchers and scientists:
| |