TL;DR
Proteus is an automated testing framework that uses state machine mutation and property-guided techniques to find logical vulnerabilities in wireless protocols like LTE and BLE across multiple devices.
Contribution
It introduces a budget-aware, property-guided testing approach for protocol implementations, effectively discovering vulnerabilities in real-world wireless devices.
Findings
Discovered 25 unique issues in 23 devices
Identified 112 vulnerability instances
14 vulnerabilities acknowledged via CVEs
Abstract
This paper proposes Proteus, a protocol state machine, property-guided, and budget-aware automated testing approach for discovering logical vulnerabilities in wireless protocol implementations. Proteus maintains its budget awareness by generating test cases (i.e., each being a sequence of protocol messages) that are not only meaningful (i.e., the test case mostly follows the desirable protocol flow except for some controlled deviations) but also have a high probability of violating the desirable properties. To demonstrate its effectiveness, we evaluated Proteus in two different protocol implementations, namely 4G LTE and BLE, across 23 consumer devices (11 for 4G LTE and 12 for BLE). Proteus discovered 25 unique issues, including 112 instances. Affected vendors have positively acknowledged 14 vulnerabilities through 5 CVEs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
