Abstract
The Shield project relied on application protocol analyzers to detect potential exploits of application vulnerabilities. We present the design of a second-generation generic application-level protocol analyzer (GAPA) that encompasses a domain-specific language and the associated run-time. We designed GAPA to satisfy three important goals: safety, real-time analysis and response, and rapid development of analyzers. We have found that these goals are relevant for many network monitors that implement protocol analysis. Therefore, we built GAPA to be readily integrated into tools such as Ethereal as well as Shield. GAPA preserves safety through the use of a memory-safe language for both message parsing and analysis, and through various techniques to reduce the amount of state maintained in order to avoid denial-of-service attacks. To support online analysis, the GAPA runtime uses a stream-processing model with incremental parsing. In order to speed protocol development, GAPA uses a syntax similar to many protocol RFCs and other specifications, and incorporates many common protocol analysis tasks as built-in abstractions. We have specified 10 commonly used protocols in the GAPA language and found it expressive and easy to use. We measured our GAPA prototype and found that it can handle an enterprise client HTTP workload at up to 60 Mbps, sufficient performance for many end-host firewall/IDS scenarios. At the same time, the trusted code base of GAPA is an order of magnitude smaller than Ethereal.
Original language | English (US) |
---|---|
State | Published - 2007 |
Externally published | Yes |
Event | 14th Symposium on Network and Distributed System Security, NDSS 2007 - San Diego, United States Duration: Feb 28 2007 → Mar 2 2007 |
Conference
Conference | 14th Symposium on Network and Distributed System Security, NDSS 2007 |
---|---|
Country/Territory | United States |
City | San Diego |
Period | 2/28/07 → 3/2/07 |
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications
- Control and Systems Engineering