Security protocol code analysis method combining  model learning and symbolic execution

ZHANG Xieli, ZHU Yuefei, GU Chunxiang, CHEN Xi

doi:10.11959/j.issn.2096-109x.2021067

网络与信息安全学报 (Oct 2021)

Security protocol code analysis method combining model learning and symbolic execution

ZHANG Xieli, ZHU Yuefei, GU Chunxiang, CHEN Xi

Affiliations

ZHANG Xieli, ZHU Yuefei, GU Chunxiang, CHEN Xi: State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China;Henan Key Laboratory of Network Cryptography Technology, Zhengzhou 450002, China

DOI: https://doi.org/10.11959/j.issn.2096-109x.2021067
Journal volume & issue: Vol. 7, no. 5
pp. 93 – 104

Abstract

Read online

Symbolic execution can comprehensively analyze program execution space in theory, but it is not feasible in practice for large programs like security protocols, due to the explosion of path space and the limitation of difficulty in solving path constraints. According to the characteristics of security protocol program, a method to guide the symbolic execution of security protocol code by using protocol state machine information obtained from model learning was proposed. At the same time, by separating cryptographic logic from protocol interaction logic, the problem that path constraints cannot be solved caused by the complexity of cryptographic logic is avoided. The feasibility of the method is demonstrated by the practice on the SSH open source project Dropbear. Compared with Dropbear's test suite, the proposed method has advantages in code coverage and error point discovery.

Published in 网络与信息安全学报

ISSN: 2096-109X (Print)
Publisher: POSTS&TELECOM PRESS Co., LTD
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://www.infocomm-journal.com/cjnis/CN/2096-109X/home.shtml

About the journal

Abstract

Keywords