Securing Networks by Detecting Logical Flaws in Protocol Implementations

Dr. Endadul Hoque
Northeastern University


Abstract

Implementations of network protocols are integral components of various networked computing systems, spanning from Internet-of-Things (IoT) to enormous data centers. Research efforts to defend these implementations by introducing new designs for security and advocating best practices in secure programming are not always feasible, nor effective. Even rigorous analysis of the design of a protocol is not sufficient, as indicated by the frequent reports of bugs discovered in protocol implementations after deployment. Hence, it is crucial to develop automated techniques and tools to help programmers detect logical flaws in actual implementations of protocols. In this talk, I will first present an automated compliance checker to analyze operational behavior of a protocol implementation for detecting semantic bugs, which cause the implementation to violate its specifications. Next, I will present an automated testing tool to analyze robustness of a protocol implementation against malicious attacks impairing its runtime performance. Finally, I will conclude with several directions for future research to aid the development of secure systems.