The present invention relates to a security analyzer that attacks a device by sending messages to it.
Computerized communication, whether it occurs at the application level or at the network level, generally involves the exchange of data or messages in a known, structured format (a “protocol”). Software applications and hardware devices that rely on these formats can be vulnerable to various attacks that are generally known as “protocol abuse.” Protocol abuse consists of sending messages that are invalid or malformed with respect to a particular protocol (“protocol anomalies”) or sending messages that are well-formed but inappropriate based on a system's state. Messages whose purpose is to attack a system are commonly known as malicious network traffic.
A proactive solution to the attack problem is to analyze a system ahead of time to discover or identify any vulnerabilities. This way, the vulnerabilities can be addressed before the system is deployed or released to customers. This process, which is known as “security analysis,” can be performed using various methodologies. One methodology for analyzing the security of a device-under-analysis (DUA) is to treat the DUA as a black box. Under this methodology, the DUA is analyzed via the interfaces that it presents to the outside world. For example, a security analyzer sends one or more messages (test messages) to the DUA, and the DUA's response is observed. A response can include, for example, registering an error or generating a message (response message). The DUA can then send the generated message to the security analyzer. Depending on the analysis being performed, the security analyzer might send another message to the DUA upon receiving the message from the DUA.
If the security analyzer discovers a vulnerability in the DUA, the vulnerability can be addressed by the DUA's development team. The development team will likely want to observe the vulnerability first-hand by recreating the attack on the DUA. One solution is to use the security analyzer to recreate the attack. However, since the security analyzer has many capabilities beyond generating merely one attack, using the security analyzer for this task would be a poor use of resources. In addition, the development team may not have access to the security analyzer, for example if the analysis team is at a different location than the development team, and purchasing a separate security analyzer for the development team may not be a good use of resources. Another solution is to recreate the attack manually, by creating the messages and sending them to the DUA. However, this is a tedious and error-prone process. What is needed is a way to recreate the attack easily but without using the security analyzer.