Communication Protocols Customization via Feature DIAgnosis, Lacing, Elimination, Cross-grafting, and Trimming
The implementations of network protocols are often "bloated" due to various users' needs and complex environment for deployment. The continual expansion of program features contribute to not only growing complexity but also increased the attack surface, making the maintenance of network protocol security very challenging. The goal of DIALECT is to create an automated tool that generates customized protocol binaries in large volume and in an unsupervised fashion.
In this project, we have proposed several approaches for automated customization and vulnerability detection of network protocols: CustomPro and yFuzz.
In CustomPro, We adopt whole system emulation, dynamic tainting and symbolic execution to identify desired code from the original program binaries, then leverage binary rewriting techniques to create a customized program binary that only contains the desired functionalities.
We have designed a stateful protocol fuzzer that aims to efficiently locate the vulnerabilities residing deep in the stateful protocols.
We have developed a reliable application-layer moving target defense tool via customized communication protocols and their dynamic management.
The VMs are ready to roll. Just open the VM using VMware and start to play. Password is space
- yFuzz vm - https://drive.google.com/drive/folders/1kh-tGILQoA4mvs4ohwqV5EoBvvaSmUeC?usp=sharing
- Source code- Yfuzz - https://github.com/yuroc0598/ProtocolCustomization/wiki/yFuzz
- Custom pro vm - https://drive.google.com/drive/folders/1ONDJuIAKVTVUEzBUYJX5CUWoPleox83U?usp=sharing
- Source code- CustomPro - https://github.com/yuroc0598/ProtocolCustomization/wiki/CustomPro
- Source code - MPD - https://github.com/ysmei97/MPD
- yFuzz: Digital Threats: Research and Practice (DTRAP)
- CustomPro: EAI International Conference on Security and Privacy in Communication Networks (Securecomm 2019)
- Hunting garbage collection: Proceedings of the 2020 Workshop on Forming an Ecosystem Around Software Transformation (FEAST '20)
- MPD: EAI International Conference on Security and Privacy in Communication Networks (Securecomm 2021)
- Verify-Pro: Proceedings of the IEEE Military Communications Conference (MILCOM 2022)
- DAMgate: Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation (FEAST '17)
- TOSS: Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST '18)
- yFuzz: https://github.com/yuroc0598/ProtocolCustomization/blob/master/Publications%26Slides/Publications/yfuzz.pdf
- CustomPro: https://www2.seas.gwu.edu/~tlan/papers/CP_SC_2019.pdf
- Hunting garbage collection: https://www2.seas.gwu.edu/~tlan/papers/GC_FEAST_2020.pdf
- MPD: https://arxiv.org/pdf/2110.03798.pdf
- Verify-Pro: https://arxiv.org/abs/2202.00500
- DAMgate: https://www2.seas.gwu.edu/~tlan/papers/DG_FEAST_2017.pdf
- TOSS: https://www2.seas.gwu.edu/~tlan/papers/TOSS_FEAST_2018.pdf
.
├── Papers # Papers submitted as part of the grant
├── Presentation_slides # Presentation slides for the papers
├── Report_PJR # Feedback (answered by the Dialect team)- Yfuzz & CustomPro
├── Yfuzz_CustomPro_PJR # Yfuzz & CustomPro reports given by PJR Corps
└── README.md # All the links for papers, presentations, SSSS (TPCP) Material
https://drive.google.com/drive/folders/1oetQ9ahzRyHvMzvNBzwJ-wDc7oF3Wme5?usp=sharing