Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-01-21
2002-01-29
Heckler, Thomas M. (Department: 2182)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06343362
ABSTRACT:
REFERENCE TO MICROFICHE APPENDIX
A microfiche appendix is part of the specification, which includes one microfiche of 27 frames.
COPYRIGHT NOTICE
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
BACKGROUND OF THE INVENTION
The present invention relates generally to computer networks and, more particularly, to system and methods for facilitating the task of simulating attacks against computer networks.
The first personal computers were largely stand-alone units with no direct connection to other computers or computer networks. Data exchanges between computers were mainly accomplished by exchanging magnetic or optical media such as floppy disks. Over time, more and more computers were connected to each other using Local Area Networks or “LANs.” In both cases, maintaining security and controlling what information a user of a personal computer can access was relatively simple because the overall computing environment was limited and clearly defined.
With the ever-increasing popularity of the Internet, particularly the World Wide Web (“Web”) portion of the Internet, however, more and more personal computers are connected to larger networks. Providing access to vast stores of information, the Internet is typically accessed by users through Web “browsers” (e.g., Microsoft Internet Explorer or Netscape Navigator) or other “Internet applications.” Browsers and other Internet applications include the ability to access a URL (Universal Resource Locator) or “Web” site. The explosive growth of the Internet had a dramatic effect on the LANs of many businesses and other organizations. More and more employees need direct access through their corporate LAN to the Internet in order to facilitate research, competitive analysis, communication between branch offices, and send e-mail, to name just a few.
As a result, corporate IS (Information Systems) departments now face unprecedented challenges. Specifically, such departments, which have to date operated largely in a clearly defined and friendly environment, are now confronted with a far more complicated and hostile situation. As more and more computers are now connected to the Internet, either directly (e.g., over a dial-up connection with an Internet Service Provider or “ISP”) or through a gateway between a LAN and the Internet, a whole new set of challenges face LAN administrators and individual users alike: these previously-closed computing environments are now opened to a worldwide network of computer systems. In particular, systems today are vulnerable to attacks by practically any perpetrators (hackers) having access to the Internet.
Many security holes are conceptually simple and are, therefore, easily explained. Consider, for example, the following scenario: “send two IP packet fragments, one of which overlaps the other.” This corresponds to the notorious “teardrop” bug, which crashes Linux and Windows NT. Although the foregoing is easy to describe in English, the programming task of actually sending two IP fragments that overlap each other can be extraordinarily tricky using commonly-available programming languages (e.g., the “C” programming language), and virtually impossible to implement in high-level languages like Perl.
Some security issues may not be “bugs”, per se, but rather techniques used by attackers to gain information about or subvert the security of networked hosts. For instance, a popular trick used by hackers to almost-undetectably see what programs are running on a machine is the “stealth port scan”: several TCP protocol tricks allow attackers to see if a connection can be made to a port, without actually opening a connection. The actual programs required to perform such a feat tend to be long, complex, and OS-specific. As a result, security professionals are forced to spend valuable time fishing through hacker-exploit code to find poorly-written Linux programs that do not even compile. This time could be better spent quickly writing the equivalent in portable, simple CASL code, which will not only run on the machines they need to run on, but also work exactly how they need to work.
Attempting to write these programs using existing programming languages, such as the “C” programming language, is not practical. While security tools may certainly run a bit faster if hand-coded in “C”, the runtime speed benefits are probably not outweighed by the development speed costs. A “C” programmer needs to worry about memory allocation, portable network I/O, and several other issues ranging from error handling to byte ordering.
What is needed is a system that allows the system administrator or the programmer to focus on network security programs—what is happening on the network—and not worry about issues attendant to conventional programming environments, such as C. Such a system should facilitate the task of testing network security by providing methodology that allows a user (administrator) to develop test programs without having to build network packets (i.e., communication-protocol packets) or otherwise write raw network code. The present invention fulfills this and other needs.
SUMMARY OF THE INVENTION
A development system providing a Custom Attack Simulation Language (CASL) for testing networks is described. In particular, the development system implements methodology for facilitating development of network attack simulations. The system includes an editor or authoring system for creating a source code description or Scripts (i.e., CASL-syntax Script) of the simulation program under development. The Scripts, in turn, are “compiled” by a CASL compiler into a compiled CASL program, that may then be used to simulate attacks against a network.
CASL makes it easier for users, particularly network and system administrators, to experiment with and learn about the way their networks operate. Since networks work by exchanging packets (i.e., communication-protocol packets) of information, CASL focuses on allowing users to read and write packets directly to and from the network. CASL functions as a scripting language—a high level programming language, like Perl, Python, or Tcl. Unlike general-purpose scripting languages, CASL is designed specifically to make it easy to construct, read, and write raw network packets. CASL is intended primarily for security auditing applications; that is to say, CASL is intended to simulate attacks against hosts in order to see if those hosts are vulnerable to attacks of a given nature. CASL is particularly oriented towards low-level network attacks which require packet forgery.
The major difficulty in writing raw network code is not the actual act of sending a packet across the network, but rather the complexity of building the packets themselves. To address that problem, CASL includes facilities specifically designed to make it easy to build packets for arbitrary protocols (not just IP, UDP, and TCP). By making it easy to write programs that deal with raw IP packets, CASL allows users to easily simulate protocol-level bugs, including allowing them to test their machines for potential vulnerability to such bugs.
A method of the present invention for creating programs that simulate attacks against a computer network, embodied in a computer system, includes the following method steps. At the outset, a language specification providing native support for custom attack simulations is specified; the language specification provides primitives facilitating simulation of an attack against a computer network. A run-time library (stand-alone or embedded, as desired) is provided that includes built-in routines facilitating simulation of an attack against a computer network, where the built-in routines are capable of being invoked through the primitives. Next, a program script is created that specifies progr
Friedrichs Oliver
Newsham Timothy Nakula
Ptacek Thomas Henry
Hamaty Christopher C.
Heckler Thomas M.
Inouye Patrick J. S.
Networks Associates Inc.
Smart John A.
LandOfFree
System and method providing custom attack simulation... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method providing custom attack simulation..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method providing custom attack simulation... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2869909