Bio: Tomasz Nowak has been working for PSNC Security Team since 2007 as a developer and security systems analyst. He graduated from Poznań University of Technology in 2008. Tomasz participated in Polish Platform for Homeland Security project, implementing a system for integrating cyber-crime information. He is interested in software systems security, conducting security reviews of servers and applications, especially Linux-based. Tomasz is a certified Java developer (SCJP). As a member of „Together” team, he was ranked 3rd in Microsoft Imagine Cup 2008 world final (Paris, France) in the Software Design Interoperability Award contest.
Topic of Presentation: Discovery and visualization of network protocols with tools for biological sequence alignment
Abstract: From a number of software testing techniques, fuzzing is one of the most easily understood. Zero-knowledge fuzzing may be carried out even by a beginning tester to the point of isolating malicious input. On the other side, the probability of finding bugs in the processing software was reported to increase with the amount of knowledge applied to the fuzzing process. However, this involves some preparation and – in case of proprietary protocols – requires reverse engineering to be applied.
Reverse engineering of network protocols or file formats for improving fuzzing can be a tedious and difficult task without suitable tools. Many test cases need to be compared, but there are no general tools that allow “diffing” and visualizing multiple byte sequences.
Comparing and aligning multiple sequences is one of the basics tools in bioinformatics. Algorithms for multiple sequence alignment are already quite mature and optimized. Great tools for visualizations are also available.
We employ freely available bioinformatics software to help in reverse engineering work. In addition of aligning available sequences (byte streams) we also visualize dependencies between them, e.g. as phylogenetic trees. Practical uses include classification of unknown network packets (a plugin for a network analyzer – wireshark) and preparing file format descriptions for fuzzers (Peach Fuzzing Platform).