Conferences

• IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2021); papers due April 26, 2021
• New Security Paradigms Workshop (NSPW 2021); papers due May 21, 2021

---

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

---

Other Links

• Cybersecurity Club
• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

---

Me

• This Quarter’s Classes
• Office Hours for This Quarter
• Contacting Me
• My Personal Blog
  (Last Entry September 4, 2020; “Don’t Vote Twice”)

---

Current Time in Davis, CA, USA

Protocol Vulnerability Analysis

Citation

• S. Whalen, M. Bishop, and S. Engle, “Protocol Vulnerability Analysis”, Technical Report CSE-2005-4, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (May 2005).

Paper

• PDF
  
• PS

Abstract

Network protocols continue to suffer from well documented vulnerabilities. Despite this, a practical methodology for classifying these vulnerabilities does not exist. In this paper, we present such a methodology.

We have developed a grammar for expressing network protocol exploits in terms of vulnerabilities and symptoms. Vulnerabilities are defined by characteristics, conditions which must hold for a vulnerability to exist. Symptoms are the violations of policy enabled by vulnerabilities. Exploits, then, are the pairing of vulnerabilities with their corresponding symptoms.

Using our grammar, we analyzed many protocols and present our classifications visually using syntax trees. We detail the classification process, and discuss future applications of this work towards a secure protocol design framework.

---

Last updated on Thursday, April 15, 2021 11:21:00 PM PDT