EBugDec: Detecting Inconsistency Bugs caused by RFC Evolution in Protocol Implementations
Authors: 
Jingting Chen, Feng Li, Qingfang Chen, Ping Li, Lili Xu, Wei HuoAuthors Info & Claims
Pages 412 - 425
Abstract
The implementation of network protocol must comply with respective Request for Comments (RFC) and updated as RFCs evolve. However, due to the richness of RFCs and the complex relationships between them, systematically discovering the evolution of RFC requirements is non-trivial, which consequently brings in inconsistency bugs when modifying code to support new RFC documents. This can lead to inconsistency bugs when modifying code to support new RFC documents, known as RFC-evolutionary bugs or ebugs. Recent approaches have used natural language processing techniques to extract RFC rules and employed differential testing or static analysis to discover inconsistency bugs in protocol implementations. However, they seldom consider the evolution of RFC requirements nor their related bugs.
In this paper, we present EBugDec. Given a protocol implementation and the RFCs it claims to support, our approach identifies evolutionary relationships between RFC documents and their corresponding requirement changes. From this, we derive two major types of evolutionary rules: primitive rules that dictate requirements for newly-introduced packet items, and derivative rules that describe the influence the new items made on requirements stipulated in earlier RFCs. Both of them are represented in formal expressions that dictate packet-related operations should be guarded by specific conditions under special cases (if necessary). Then we use clues found in code annotations and release notes to locate rule-related code in the implementation, and leverage a predominator-based algorithm to discover rule violations in the implementation. We also uncover incomplete error handling logic when the rule-specified conditions fail. We implemented a prototype of EBugDec and demonstrated its efficiency by applying it on 12 implementations of protocol services, along with 178 RFC documents their historical releases claim to support. On average, EBugDec consumed 37.29 seconds to finish its analysis, and detected 17 new ebugs, 5 of which can only be triggered under harsh prerequisites.
References
[1]
2009. The LLVM Compiler Infrastructure. https://llvm.org/.
[2]
2009. Natural Language Processing with Python. http://www.nltk.org/.
[3]
2020. beSTORM Black Box Testing. https://beyondsecurity.com/solutions/bestorm.html.
[4]
2020. boofuzz: Network Protocol Fuzzing for Humans. https://boofuzz.readthedocs.io/en/latest/.
[5]
2020. PEACH FUZZER. https://www.peach.tech/.
[6]
2020. The Z3 Theorem Prover. https://github.com/Z3Prover/z3.
[7]
2021. The BIRD Internet Routing Daemon. https://bird.network.cz/.
[8]
2021. BusyBox. https://www.busybox.net/.
[9]
2021. DHCPCD. https://roy.marples.name/projects/dhcpcd/.
[10]
2021. The FRRouting Protocol Suite. https://frrouting.org/.
[11]
2021. Internet Systems Consortium(ISC) DHCP. https://www.isc.org/dhcp/.
[12]
2021. The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system.http://www.openbsd.org/.
[13]
2022. freebsd. https://www.freebsd.org/.
[14]
2022. ntp. https://github.com/ntp-project/ntp.
[15]
2022. NTPSec. https://www.ntpsec.org/.
[16]
2022. wolfssl. https://www.wolfssl.com/.
[17]
S. Bradner. 1997. Key words for use in RFCs to Indicate Requirement Levels. https://www.rfc-editor.org/rfc/rfc2119/.
[18]
Chu Chen, Cong Tian, Zhenhua Duan, and Liang Zhao. 2018. RFC-Directed Differential Testing of Certificate Validation in SSL/TLS Implementations. In Proceedings of the 40th International Conference on Software Engineering(ICSE ’18). Association for Computing Machinery, 859–870. https://doi.org/10.1145/3180155.3180226
[19]
E. Chen. 2019. Support for Long-lived BGP Graceful Restart. https://datatracker.ietf.org/doc/draft-uttaro-idr-bgp-persistence/.
[20]
Jingting Chen, Feng Li, Mingjie Xu, Jianhua Zhou, and Wei Huo. 2022. RIBDetector: an RFC-guided Inconsistency Bug Detecting Approach for Protocol Implementations. In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). 641–651. https://doi.org/10.1109/SANER53432.2022.00081
[21]
Yi Chen, Di Tang, Yepeng Yao, Mingming Zha, XiaoFeng Wang, Xiaozhong Liu, Haixu Tang, and Dongfang Zhao. 2022. Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 17–34. https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yi
[22]
M. Cotton. 2017. Guidelines for Writing an IANA Considerations Section in RFCs. https://www.rfc-editor.org/rfc/rfc8126.
[23]
J.Martin D. Mills, U. Delaware. 2010. Network Time Protocol Version 4: Protocol and Algorithms Specification. https://www.rfc-editor.org/rfc/rfc5905.
[24]
L. Daniel, E. Poll, and J. de Ruiter. 2018. Inferring OpenVPN State Machines Using Protocol State Fuzzing. In 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS PW ’18). 11–19. https://doi.org/10.1109/EuroSPW.2018.00009
[25]
Joeri de Ruiter and Erik Poll. 2015. Protocol State Fuzzing of TLS Implementations. In 24th USENIX Security Symposium (USENIX Security ’15). USENIX Association, Washington, D.C., 193–206. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/de-ruiter
[26]
Joeri de Ruiter and Erik Poll. 2015. Protocol State Fuzzing of TLS Implementations. In 24th USENIX Security Symposium (USENIX Security ’15). USENIX Association, 193–206. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/de-ruiter
[27]
R. Droms. 1997. Dynamic Host Configuration Protocol. https://www.rfc-editor.org/rfc/rfc2131/.
[28]
Mozilla E. Rescorla. 2018. Network Time Protocol Version 4: Protocol and Algorithms Specification. https://www.rfc-editor.org/rfc/rfc8446.
[29]
Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. 2020. Analysis of DTLS Implementations Using Protocol State Fuzzing. In 29th USENIX Security Symposium (USENIX Security ’20). USENIX Association, 2523–2540. https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
[30]
R. Raszuk B. Decraene S. Zhuang G. Dawra, K. Talaulikar. 2022. BGP Overlay Services Based on Segment Routing over IPv6 (SRv6). https://www.rfc-editor.org/rfc/rfc9252.html.
[31]
Siva Kesava Reddy Kakarla, Ryan Beckett, Todd D. Millstein, and George Varghese. 2022. SCALE: Automatically Finding RFC Compliance Bugs in DNS Nameservers. In 19th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2022, Renton, WA, USA, April 4-6, 2022, Amar Phanishayee and Vyas Sekar (Eds.). USENIX Association, 307–323. https://www.usenix.org/conference/nsdi22/presentation/kakarla
[32]
Eunsoo Kim, D. Kim, CheolJun Park, Insu Yun, and Y. Kim. 2021. BASESPEC: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols. In Network and Distributed System Security Symposium(NDSS ’21).
[33]
Sunghun Kim, E. James Whitehead, and Yi Zhang. 2008. Classifying Software Changes: Clean or Buggy?IEEE Transactions on Software Engineering 34, 2 (2008), 181–196. https://doi.org/10.1109/TSE.2007.70773
[34]
Sunghun Kim, Thomas Zimmermann, Kai Pan, and E. James Jr. Whitehead. 2006. Automatic Identification of Bug-Introducing Changes. In 21st IEEE/ACM International Conference on Automated Software Engineering (ASE’06). 81–90. https://doi.org/10.1109/ASE.2006.23
[35]
Manishankar Mondal, Chanchal K. Roy, and Kevin A. Schneider. 2020. A Fine-Grained Analysis on the Inconsistent Changes in Code Clones. In 2020 IEEE International Conference on Software Maintenance and Evolution (ICSME). 220–231. https://doi.org/10.1109/ICSME46990.2020.00030
[36]
V. T. Pham, M. Böhme, and A. Roychoudhury. 2020. AFLNET: A Greybox Fuzzer for Network Protocols. In 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST ’20). 460–465. https://doi.org/10.1109/ICST46399.2020.00062
[37]
J. Postel. 1997. Instructions to RFC Authors. https://www.rfc-editor.org/rfc/rfc2223.
[38]
Van-Thuan Pham Roberto Natella. 2021. ProFuzzBench: A Benchmark for Stateful Protocol Fuzzing. https://arxiv.org/abs/2101.05102
[39]
E. Rosen. 2017. Capabilities Advertisement with BGP-4. https://www.rfc-editor.org/rfc/rfc8277/.
[40]
R. Droms S. Alexander. 1997. DHCP Options and BOOTP Vendor Extensions. https://www.rfc-editor.org/rfc/rfc2131/.
[41]
A. Lindem A. Sreekantiah H. Gredler S. Previdi, C. Filsfils. 2019. Segment Routing Prefix Segment Identifier Extensions for BGP. https://www.rfc-editor.org/rfc/rfc8669.html.
[42]
J. Scudder. 2009. Capabilities Advertisement with BGP-4. https://www.rfc-editor.org/rfc/rfc5492/.
[43]
Kaiwen Shen, Jianyu Lu, Yaru Yang, Jianjun Chen, Mingming Zhang, Haixin Duan, Jia Zhang, and Xiaofeng Zheng. 2022. HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations. In 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 1–13. https://doi.org/10.1109/DSN53405.2022.00014
[44]
Suphannee Sivakorn, George Argyros, Kexin Pei, Angelos D Keromytis, and Suman Jana. 2017. HVLearn: Automated black-box analysis of hostname verification in SSL/TLS implementations. In 2017 IEEE Symposium on Security and Privacy (SP ’17). IEEE, 521–538.
[45]
Juraj Somorovsky. 2016. Systematic Fuzzing and Testing of TLS Libraries. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security(CCS ’16). Association for Computing Machinery, 1492–1504. https://doi.org/10.1145/2976749.2978411
[46]
M. Tappler, B. K. Aichernig, and R. Bloem. 2017. Model-Based Testing IoT Communication via Active Automata Learning. In 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST ’17). 276–287. https://doi.org/10.1109/ICST.2017.32
[47]
T. Li Y. Rekhter and S. Hares. 2006. A Border Gateway Protocol 4 (BGP-4). https://www.rfc-editor.org/rfc/rfc4271/.
[48]
Jane Yen, Tamás Lévai, Qinyuan Ye, Xiang Ren, Ramesh Govindan, and Barath Raghavan. 2021. Semi-Automated Protocol Disambiguation and Code Generation. In Proceedings of the 2021 ACM SIGCOMM 2021 Conference (Virtual Event, USA) (SIGCOMM ’21). Association for Computing Machinery, New York, NY, USA, 272–286. https://doi.org/10.1145/3452296.3472910
[49]
H. Zhao, Z. Li, H. Wei, J. Shi, and Y. Huang. 2019. SeqFuzzer: An Industrial Protocol Fuzzing Framework from a Deep Learning Perspective. In 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST ’19). 59–67. https://doi.org/10.1109/ICST.2019.00016
[50]
Yong-Hao Zou, Jia-Ju Bai, Jielong Zhou, Jianfeng Tan, Chenggang Qin, and Shi-Min Hu. 2021. TCP-Fuzz: Detecting Memory and Semantic Bugs in TCP Stacks with Fuzzing. In 2021 USENIX Annual Technical Conference, USENIX ATC 2021, July 14-16, 2021, Irina Calciu and Geoff Kuenning (Eds.). USENIX Association, 489–502. https://www.usenix.org/conference/atc21/presentation/zou
Index Terms
- EBugDec: Detecting Inconsistency Bugs caused by RFC Evolution in Protocol Implementations
Index terms have been assigned to the content through auto-classification.
Recommendations
Packet Spacing: An Enabling Mechanism for Delivering Multimedia Content in Computational Grids
Streaming multimedia with UDP has become increasingly popular over distributed systems like the Internet. Scientific applications that stream multimedia include remote computational steering of visualization data and video-on-demand teleconferencing ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2023
769 pages
ISBN:9798400707650
DOI:10.1145/3607199
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 October 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
RAID 2023
RAID 2023: The 26th International Symposium on Research in Attacks, Intrusions and Defenses
October 16 - 18, 2023
Hong Kong, China
Acceptance Rates
Overall Acceptance Rate 43 of 173 submissions, 25%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 351Total Downloads
- Downloads (Last 12 months)320
- Downloads (Last 6 weeks)39
Reflects downloads up to 22 Nov 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in