Catégorie: Conférence avec actes
Auteurs: Olivier Levillain, Aina Toky Rasoamanana et Yohan Pipereau
Date: juin 2026

Network protocol implementations (``stacks'') are pervasive in our modern systems. Indeed, we rely on various protocols on a daily basis, the most proeminent thereof being TLS. One of the problem with network stacks is that they can exhibit wrong transitions in their state machines, which can lead to security issues. This is especially true when protocols are specified using natural language, which encourages ambiguities and discrepancies between implementations.

In this paper, we present a black-box approach to study real-world implementation and their internal state machines. Our methodology relies on Active Automata Learning to infer the behavior of a given stack. Using this approach, we were able to reproduce existing bugs and uncover new vulnerabilities, including authentication bypasses in TLS and SSH.

Publié dans les actes Symposium sur la Sécurité des Technologies de l'Information et de la Communication (pages 1 à 1)

Présenté lors de la conférence SSTIC à Rennes, France en juin 2026

BibTeX