The present invention relates to automated security analysis of hardware and software.
Computerized communication, whether it occurs at the application level or at the network level, generally involves the exchange of data or messages in a known, structured format (a “protocol”). Software applications and hardware devices that rely on these formats can be vulnerable to various attacks that are generally known as “protocol abuse.” Protocol abuse consists of sending messages that are invalid or malformed with respect to a particular protocol (“protocol anomalies”) or sending messages that are well-formed but inappropriate based on a system's state. Messages whose purpose is to attack a system are commonly known as malicious network traffic.
Various systems have been developed that identify or detect attacks when they occur. These systems, which are known as intrusion detection systems (IDSs), can be either passive or active. A passive IDS will merely detect an attack, while an active IDS will attempt to thwart the attack. Note that an IDS reacts to an actual attack. While an IDS might be able to detect an attack, it does not change the fact that an attack has occurred and might have damaged the underlying system.
An alternative, proactive solution to the attack problem is to analyze a system ahead of time to discover or identify any vulnerabilities. This way, the vulnerabilities can be addressed before the system is deployed or released to customers. This process, which is known as “security analysis,” can be performed using various methodologies. One methodology is to treat the device-under-analysis (DUA) as a black box. Under this methodology, the DUA is analyzed via the interfaces that it presents to the outside world (for example, by sending messages to the DUA). As a result, it is not necessary to access the source code or object code comprising the DUA.
Security analysis requires specific expertise and, thus, is usually performed manually. Also, since the task is vaguely defined, the analysis is usually performed in a haphazard way.