=Paper=
{{Paper
|id=Vol-3611/paper10
|storemode=property
|title=Detecting applications vulnerabilities using remote procedure calls
|pdfUrl=https://ceur-ws.org/Vol-3611/paper10.pdf
|volume=Vol-3611
|authors=Lukas Jokubauskas,Jevgenijus Toldinas,Borisas Lozinskis
|dblpUrl=https://dblp.org/rec/conf/ivus/JokubauskasTL22
}}
==Detecting applications vulnerabilities using remote procedure calls==
https://ceur-ws.org/Vol-3611/paper10.pdf
Detecting applications vulnerabilities using remote procedure
calls
Lukas Jokubauskas 1, Jevgenijus Toldinas 1 and Borisas Lozinskis 1
1
Kaunas University of Technology, StudenflJ street 50, LT-51368 Kaunas, Lithuania
Abstract
Computer software often comprises multiple components, such as a fi:ontend application and a
backend database, which need to exchange infmmation. Many modem desktop applications
also follow the design of web software and have separate fi:ontend and backend processes. Inter
process communication mechanisms or third-paity frameworks provided by the operating
system are used for communication between processes. Improperly implemented remote
procedure calls can lead to code vulnerabilities that can be exploited for malicious purposes. In
this paper, we present a novel method for detecting application vulnerabilities using the remote
procedure call approach, namely Detecting Applications Vulnerabilities using Google
Remote Procedure Call (DAVuGRPC) that aims to utilize statically created taint and its
dynamic fuzzification during the execution of the application.
Keywords
Vulnerability detection, dynamic analysis, taint dataset, RPC, gRPC
1. Introduction The techniques for finding application
vulnerabilities are classified into two main
categmies: static analysis and dynamic analysis
A softwai·e vulnerability can be defined as a
[5]. Static application analysis entails methods for
defect, weakness, or simply an enor in an
inspecting source code or compiled binaiy
application that can be exploited by an attacker to
without nmning it. Dynainic analysis is studying
change the system’s regular behavior [I]. Because
an application while it is running, with the use of
the quantity of softwai·e systems and applications
a debugger or other techniques, such as [ 1]:
is growing, so is the number of vulnerabilities.
• Fault injection is a testing approach that
There ai·e various application vulnerabilities:
inti·oduces problems to an application to
injection, cross-site sc1ipting, broken
test its behavior. To generate the possible
authentication and session management, fmmat
faults, some knowledge of the application
stiing, insecure direct object reference, and many
is required.
others [2]. In the softwai·e industiy, vulnerability
• Fuzzing testing involves feeding the
identification and remediation have been a core
and vital operation. Hackers can take advantage of application with random data to see if it
undetected flaws and wreak significant damage to can handle it correctly.
people [3]. While program analysis tools exist, • Dynainic taint dming the execution of the
they often only discover a small subset of application, the tainted data is monitored
probable enors based on predefined rules. With to dete1mine its approp1iate validation
the widespread availability of open-source before accessing sensitive functions.
repositories, data-driven methodologies for • Sanitization is a method of avoiding
discove1ing vulnerability trends have become vulnerabilities caused by using user
possible [4]. supplied data by implementing newly
included functions or custom routines
IVUS 2022: 27th International Conference on Information
Technology, May 12, 2022, Kaunas, Lithuania
@ 2022 CqJyri,gbt for this paper by its au1taors. Use permitted IIMH
Creative Comm.om License Anribation 4.0 Iutematiom.l (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
CEUR
ceur-ws.org
Workshop ISSN 1613-0073
Proceedings
� w h os e m ai n o bj e cti v e is t o e v al u at e or cl assifi e d i nt o t hr e e gr o u ps b as e d o n t h e r ol e:
s a niti z e a n y i n p ut fr o m us ers b ef or e usi n g s a m pl e g e n er ati o n t e c h ni q u es, d y n a mi c a n al ysis
it i nsi d e a n a p pli c ati o n. a p pr o a c h es, a n d st ati c a n al ysis t e c h ni q u es [ 1 1].
M ost of t h e ti m e, c y b er s e c urit y s p e ci alists d o R a n d o m m ut ati o n, gr a m m ati c al r e pr es e nt ati o n,
n ot h a v e a c c ess t o t h e s o ur c e c o d e of t h e a n d s c h e d uli n g al g orit h ms ar e t hr e e t y p es of
a p pli c ati o ns t h e y ar e t esti n g. As a r es ult, c y b er s a m pl e g e n er ati o n a p pr o a c h t h at ar e us e d t o
s e c urit y s p e ci alists ai m t o a ut o m at e s o m e t as ks c h o os e a n d m ut at e s e e ds as w ell as r estri c t a n d
usi n g d y n a mi c m et h o d ol o gi es. T h e p o w er of t h es e g e n er at e n e w s a m pl es. T o assist i n t h e g e n er ati o n
str at egi es r esi d es i n t h e f a ct t h at t h e n u m b er of of t h e n e w s a m pl e, d y n a mi c a n al ysis t e c h ni q u es
f als e p ositi v es is l o w, a n d t h e pr e cisi o n is ar e e m pl o y e d t o a c q uir e d y n a mi c i nf or m ati o n o n
e xtr e m el y hi g h [ 6]. t h e r u n ni n g a p pli c ati o n. S y m b oli c e x pr essi o ns,
T h e m et h o ds off er e d b y o p er ati n g s yst e ms t h at t h e e x e c ut e d p at h, t ai nt i nf or m ati o n o n t h e
all o w pr o c ess es t o h a n dl e s h ar e d d at a or i nt er a ct s a m pl e, a n d c o d es ar e all i n cl u d e d i n t his d at a.
ar e r ef err e d t o as i nt er -pr o c ess c o m m u ni c ati o n C o ntr ol fl o w a n al ysis a n d d at a fl o w sli c es ar e
(I P C) [ 7]. I P C is a s et of m et h o ds f or e x a m pl es of st ati c a n al ysis. Alt h o u g h st ati c
c o m m u ni c ati n g wit h t w o pr o c ess es t h a t m a y or a n al ysis fr e q u e ntl y yi el ds f als e -p ositi v e r es ults, it
m a y n ot b e o n t h e s a m e m a c hi n e. R e m ot e c a n b e us e d i n c o nj u n cti o n wit h ot h er m et h o ds t o
pr o c e d ur e c all ( R P C ) m et h o ds ar e wi d el y us e d i n g et us ef ul pr etr e at m e nt d at a.
s yst e ms b e c a us e t h e y l o w er s yst e m c o m pl e xit y I n [ 1 2] pr o p os e d a s yst e m t h at c o m bi n es
a n d d e v el o p m e nt c osts. T h e pri m ar y p ur p os e of a n m a c hi n e l e ar ni n g a n d b a n dit -b as e d o pti mi z ati o n
R P C is t o m a k e r e m ot e pr o c e d ur e c alls wit h st at e -of -t h e-art gr e y -b o x f u z zi n g a p pr o a c h es.
tr a ns p ar e nt t o us ers, all o wi n g t h e m t o m a k e A ut h ors s h o w si g nifi c a n t i m pr o v e m e nts o v er
r e m ot e pr o c e d ur e c alls i n t h e s a m e w a y t h at t h e y n u m er o us st at e -of -t h e-art gr e y -b o x f uzz ers, s u c h
w o ul d m a k e l o c al pr o c e d ur e c alls [ 9]. as A F L , Fi d g et y A F L , a n d t h e r e c e ntl y r el e as e d
I n t his p a p er, w e pr es e nt a n o v el m et h o d f or F air F uzz . T h o m ps o n S a m pli n g w as us e d t o l e ar n
d et e cti n g a p pli c ati o n v ul n er a biliti es usi n g t h e a d a pti v e distri b uti o ns o v er m ut ati o n o p er at ors.
r e m ot e pr o c e d ur e c all a p pr o a c h, n a mel y T h e first c o n c oli c e x e c uti o n -b as e d s m art f u z zi n g
D et e cti n g A p pli c ati o ns V ul n er a biliti es usi n g m et h o d f or d et e cti n g h e a p -b as e d b uff er o v erfl o w
G o o gl e R e m ot e Pr o c e d ur e C all ( D A V u G R P C ) i n e x e c ut a bl es w as pr o vi d e d i n [ 1 3]. T h e
t h at ai ms t o utili z e st ati c all y cr e at e d t ai nt a n d its s u g g est e d f uzz er r u ns t h e bi n ar y pr o gr a m a n d
d y n a mi c us e d uri n g t h e e x e c uti o n of t h e d et er mi n es t h e p at h a n d v ul n er a bilit y r estri cti o ns
a p pli c ati o n. F or t h at p ur p os e, w e e m pl o y t h e f or t h e e x e c ut e d p at h s y m b oli c all y. It c o m bi n es
f u z zifi c ati o n t e c h ni q u e f or t h e t ai nte d d at as et. t h e c o nstr ai nts t o g e n er at e t est d at a t h at tr a v ers es
T h e r est of t h e p a p er is or g a ni z e d as f oll o ws. t h e e x e c uti o n p at h a n d d et e cts a n y fl a ws. T h e
T h e s e c o n d s e cti o n dis c uss es t h e r el at e d w or ks. f uzz er r e m o v es e a c h p at h c o nstr ai nt o n e at a ti m e
T h e t hir d s e cti o n o v er vi e ws a p pli c ati o n a n d s ol v es t h e r es ulti n g c o nstr ai nts t o g e n er at e
pr o gr a m mi n g i nt erf a c es. T h e f o urt h s e cti o n t est d at a t h at f oll o ws n o v el e x e c uti o n p at hs. T h e
d es cri b es t h e g R P C p a yl o a d. T h e fift h s e cti o n s u g g est e d a p pr o a c h pr o p a g at es t h e t ai nt e d d at a
pr es e nts t h e pr o p os e d a p pli c ati o n’s v ul n er a biliti es t hr o u g h dir e ct assi g n m e nt a n d arit h m eti c
d et e cti o n m et h o d usi n g g R P C . T h e e v al u ati o n o p er ati o ns.
fr a m e w or k a n d e x p eri m e nt al s et u p ar e pr es e nt e d I n [ 7] a ut h ors pr o p os e d a n e w f u z zi n g s ol uti o n
i n s e cti o n si x. T h e s e v e nt h s e cti o n pr es e nts t o dis c o v er i nt er-pr o c ess c o m m u ni c ati o n b u gs
e x p eri m e nt al r es ults. T h e l ast s e cti o n c o n cl u d es wit h o ut s o ur c e c o d e, b y c o m bi ni n g st ati c a n al ysis
t h e p a p er wit h a dis c ussi o n of f ut ur e w or k. a n d d y n a mi c a n al ysis. St ati c a n al ysis is us e d t o
r e c o g ni z e f or m at c h e c ks a n d h el p c o nstr u ct i nt er-
2. R el at e d w or k pr o c ess c o m m u ni c ati o n m ess a g es of v ali d
f or m ats. D y n a mi c a n al ysis is us e d t o i nf er t h e
c o nstr ai nts b et w e e n i nt er -pr o c ess c o m m u ni c ati o n
F u z zi n g is a p o p ul ar a n d s u c c essf ul m et h o d f or
m ess a g es a n d m o d el t h e st at ef ul l o gi c wit h a
d et e cti n g s e c urit y fl a ws i n t h e s oft w ar e w h e n a
pr o b a bilit y m atri x. T his l ets t o g e n er at e hi g h -
s yst e m is t est e d b y pr o c essi n g t est c as es g e n er at e d q u alit y i nt er -pr o c ess c o m m u ni c ati o n m ess a g es t o
b y a n ot h er pr o gr a m i n a c o nti n u o us l o o p.
t est s er vi c es a n d dis c o v er d e e p a n d c o m pl e x b u gs.
Si m ult a n e o usl y, t h e s yst e m m o nit or e d f or a n y
I n [ 8] a ut h ors pr es e nt e d t h e first gr e y b o x
err ors t h at m a y h a v e b e e n dis cl os e d as a r es ult of
f uzz er f or pr ot o c ol i m pl e m e nt ati o ns. Unli k e t h e
pr o c essi n g t his d at a. F uzzi n g str at e gi es ar e
e xisti n g pr ot o c ol f uzz ers, t h e s ol uti o n t a k es a
�m ut ati o n al a p pr o a c h a n d us es st at e f e e d b a c k t o c o m m u ni c ati o ns f or m at w h e n usi n g R E S T A PIs .
g ui d e t h e f u z zi n g pr o c ess. It a cts as a cli e nt a n d T h e H T T P pr ot o c ol is c o m m o nl y us e d i n t his
r e pl a ys v ari ati o ns of t h e ori gi n al s e q u e n c e of ar c hit e ct ur al st yl e.
m ess a g es s e nt t o t h e s er v er a n d r et ai ns t h os e T h e a cr o n y m g R P C [ 2 0] st a n ds f or G o o gl e
v ari ati o ns t h at w er e eff e cti v e at i n cr e asi n g t h e R e m ot e Pr o c e d ur e C all, a n d it is a n R P C -b as e d
c o v er a g e of t h e c o d e or st at e s p a c e. A si g nifi c a nt v ari ati o n. T his t e c h n ol o g y is b as e d o n a n H T T P
p erf or m a n c e b o ost w as d e m o nstr at e d o v er t h e 2. 0 R P C A PI i m pl e m e nt ati o n, b ut H T T P is n ot
st at e-of -t h e-art. pr es e nt e d t o t h e A PI d e v el o p er or t h e s er v er. As a
A n ot h er si mil ar s ol uti o n [ 1 1] w as s u g g est e d t o r es ult, t h er e's n o n e e d t o w orr y a b o ut h o w R P C
p erf or m a st at ef ul c o m m u ni c ati o n pr ot o c ol pri n ci pl es ar e m a p p e d t o H T T P , w hi c h si m plifi es
f u z zi n g. T h e a p pr o a c h c o nt ai ns a st at e s wit c hi n g t hi n gs. T h e g o al of g R P C is t o s p e e d u p d at a
e n gi n e wit h a m ulti -st at e f or k s er v er t o tr a ns missi o n b et w e e n mi cr o s er vi c es . It is b as e d
c o nsist e ntl y a n d fl e xi bl y f u z z diff er e nt st at es of a o n t h e c o n c e pt of s el e cti n g a s er vi c e, t h e n
c o m pil er -i nstr u m e nt e d pr ot o c ol pr o gr a m. T h e est a blis hi n g m et h o ds a n d p ar a m et ers t o all o w f or
s ol uti o n w as i m pl e m e nt e d b y usi n g a st at e-of -t h e- r e m ot e c alli n g a n d r et ur n t y p es. It als o d es cri b es
art gr e y -b o x A F L f uzz er. E x p eri m e nt al r es ults t h e R P C A PI p ar a di g m i n a n i nt erf a c e d es cri pti o n
s h o w e d t h at t h e s ol uti o n a c hi e v e d t w o ti m es m or e l a n g u a g e (I D L), w hi c h m a k es d et er mi ni n g r e m ot e
u ni q u e cr as h es w h e n c o m p ar e d t o o nl y f u z zi n g o p er ati o ns e asi er. Pr ot o c ol B uff ers ( Pr ot o b uf ) ar e
t h e first p a c k et d uri n g t h e pr ot o c ol us e d b y d ef a ult i n t h e I D L t o d es cri b e t h e s er vi c e
c o m m u ni c ati o n. i nt erf a c e as w ell as t h e str u ct ur e of p a yl o a d
I nt er-Pr o c ess C o m m u ni c ati o n ( I P C) r ef ers t o a m ess a g es. g R P C c a n h a n dl e f o ur t y p es of
v ari et y of a p pr o a c h es f or o n e -w a y or t w o -w a y i nt er a cti o ns:
d at a tr a ns missi o n b et w e e n t hr e a ds i n o n e or m or e • U n ar y – w h e n t h e cli e nt m a k es a si n gl e
pr o c ess es t h at c a n r u n o n a si n gl e c o m p ut er or r e q u est a n d g ets a si n gl e a ns w er.
m ulti pl e c o m p ut ers c o n n e ct e d b y a n et w or k [ 1 4], • S er v er str e a mi n g – i n r es p o ns e t o a
[ 1 5]. M ess a g e p assi n g, s y n c hr o ni z ati o n, s h ar e d cli e nt's r e q u est, t h e s er v er s e n ds a str e a m
m e m or y, a n d r e m ot e pr o c e d ur e c alls ( R P C ) ar e of m ess a g es. W h e n all of t h e d at a h as
s o m e of t h e I P C a p pr o a c h es t h at c a n b e di vi d e d b e e n tr a ns mitt e d, t h e s er v er s e n ds a st at us
i nt o gr o u ps b as e d o n h o w t h e y c o m m u ni c at e m ess a g e t o c o n cl u d e t h e o p er ati o n.
s h ar e d m e m or y a n d m ess a g e p assi n g [ 1 6]. T h e • Cli e nt str e a mi n g – t h e cli e nt d eli v ers a
a ut h ors i n [ 1 7] i ntr o d u c e d dir e ct I P C (d I P C) t o str e a m of m ess a g e s t o t h e s er v er, w hi c h
m arr y t h e is ol ati o n of pr o c ess es wit h t h e r es p o n ds wit h a si n gl e m ess a g e.
p erf or m a n c e of s y n c hr o n o us f u n cti o n c alls • Bi dir e cti o n al str e a mi n g – t h e cli e nt a n d
b e c a us e I P C i m p os es o v er h e a ds o n a v ari et y of s er v er str e a ms ar e a ut o n o m o us, w hi c h
diff er e nt e n vir o n m e nts. T hr e a ds i n o n e pr o c ess m e a ns t h e y c a n s e n d m ess a g es i n a n y
c a n c all a f u n cti o n o n a n ot h er pr o c ess, off eri n g t h e s e q u e n c e. Bi dir e cti o n al str e a mi n g is
s a m e p erf or m a n c e as if t h e t w o pr o c ess es w er e a st art e d a n d st o p p e d b y t h e cli e nt.
si n gl e c o m p osit e a p pli c ati o n, b ut wit h o ut g R P C is a gr e at c h oi c e f or m ulti-l a n g u a g e
j e o p ar di zi n g t h eir is ol ati o n. s yst e ms, r e al -ti m e str e a mi n g, a n d I o T s yst e ms
t h at r e q uir e li g ht-w ei g ht m ess a g e tr a nsf er, s u c h as
3. A p pli c ati o n pr o gr a m mi n g s eri ali z e d Pr ot o b uf m ess a g es. F urt h er m or e, g R P C
s h o ul d b e c o nsi d er e d f or m o bil e a p ps b e c a us e it
i nt erf a c e s d o es n ot r e q uir e t h e us e of a br o ws er a n d c a n
pr ofit fr o m f e w er m ess a g es, pr es er vi n g t h e s p e e d
A p pli c ati o n Pr o gr a m mi n g I nt erf a c es ( A PIs ) of m o bil e pr o c ess ors [ 1 9].
ar e s oft w ar e i nt er m e di ari es t h at d efi n e c ert ai n
r ul es a n d d et er mi n ati o ns f or a p pli c ati o ns t o
i nt er a ct a n d c o m m u ni c at e wit h o n e a n ot h er. A n 4. g R P C p a yl o a d d at a str u ct ur e
A PI is i n c h ar g e of d eli v eri n g a us er's r es p o ns e t o
a s yst e m, w hi c h is t h e n r et ur n e d t o t h e us er b y t h e B y d ef a ult, g R P C s eri ali z es p a yl o a d d a t a usi n g
s yst e m. R e pr es e nt ati o n al St at e Tr a nsf er (R E S T ), Pr ot o b uf . Pr ot o c ol b uff ers ar e a l a n g u a g e-
R P C , a n d q u er y l a n g u a g e f or A PIs (Gr a p h Q L ) ar e i n d e p e n d e nt, pl atf or m-i n d e p e n d e nt, a n d fl e xi bl e
t h e t hr e e b asi c m o d els f or cr e ati n g A PIs [ 1 8]. T h e fr a m e w or k f or s eri ali zi n g str u ct ur e d d at a i n a
r es p o ns e fr o m t h e b a c k-e n d d at a is d eli v er e d t o f or w ar d a n d b a c k w ar d c o m p ati bl e m a n n er. It's
t h e cli e nts ( or us ers) t hr o u g h t h e J S O N or X M L si mil ar t o J S O N b ut s m all er a n d f ast er, pl us it
�cr e at es n ati v e l a n g u a g e bi n di n gs. Pr ot o c ol b uff ers alt eri n g t h e v al u es i n t h e m ess a g e usi n g f u z z y
ar e m a d e u p of t h e d efi niti o n l a n g u a g e (i n . pr ot o l o gi c.
fil es), t h e c o d e g e n er at e d b y t h e pr ot o c o m pil er t o
i nt er a ct wit h d at a, l a n g u a g e-s p e cifi c r u nti m e
li br ari es, a n d t h e s eri ali z ati o n f or m at f or d at a
writt e n t o a fil e ( or s e n t a cr oss a n et w or k
c o n n e cti o n) [ 2 1].
Pr ot o c ol b uff er m ess a g es a n d s er vi c es ar e
d es cri b e d b y e n gi n e er -a ut h or e d . pr ot o fil es . Y o u
c a n d efi n e w h et h er a fi el d is o pti o n al, r e p e at e d
(pr ot o 2 a n d pr ot o 3 ), or si n gl e w h e n d efi ni n g
. pr ot o fil es (pr ot o 3 ). S etti n g a fi el d t o r e q uir e d is
n ot a n o pti o n i n pr ot o 3, a n d it is str o n gl y
dis c o ur a g e d i n pr ot o 2 [ 2 2].
5. D et e cti n g a p pli c a ti o n Fi g ur e 2 : A g e n er al fr a m e w or k f or d et e cti n g
a p pli c ati o n v ul n er a biliti es usi n g g R P C
v ul n er a biliti es usi n g g R P C
T h e r a n g e of s u bstit ut e d v al u es f or n u m eri c
T h e st a g es of pr o c essi n g a n d i nt er pr eti n g fi el ds is di vi d e d i nt o v al u e t y p es a n d r a n g es (s e e
n et w or k tr affi c p a c k ets ar e d e pi ct e d i n Fi g ur e 1 . A T a bl e 1 ).
g e n er al fr a m e w or k f or d et e cti n g a p pli c ati o n
v ul n er a biliti es usi n g g R P C is s h o w n i n Fi g ur e 2 . T a bl e 1
T h er e ar e t w o b asi c m ess a gi n g str at e gi es: T h e r a n g e of s u bstit ut e d v al u es f or n u m eri c fi el ds
c h a n gi n g t h e v al u es of o n e fi el d or all fi el ds i n o n e
V al u e V al u e r a n g e
l o o p. T h er e is als o t h e sit u ati o n w h er e a m ess a g e
ty pe T h e s m all est T h e l ar g est
fi el d's v al u e is fi x e d a n d c a n n ot b e m o difi e d.
p ossi bl e v al u e p ossi bl e v al u e
b o ol 0 1
stri n g mi n l e n gt h = m a x l e n gt h = 2 3 2
n ull
i nt 3 2, -2 1 4 7 4 8 3 6 4 8 2147483647
si nt3 2,
sfi x e d3 2
ui nt 3 2, 0 4294967295
fi x e d 3 2
i nt 6 4, -9 2 2 3 3 7 2 92233720
si nt 6 4, 036854775808 36854775807
sfi x e d 6 4
ui nt 6 4, 0 184467440
fi x e d 6 4 73709551615
fl o at 1. 1 7 5 4 9 4 3 5 1 E 3. 4 0 2 8 2 3 4 6 6 E +
Fi g ur e 1 : T h e st a g es of pr o c essi n g and
-38 38
i nt er pr eti n g n et w or k tr affi c p a c k ets
d o u bl e 2. 2 2 5 0 7 3 1. 7 9 7 6 9
B ot h pr e c e di n g s ol uti o ns c a n b e us e d i n t his 8585072014 E 31348623158 E
s c e n ari o, b ut o nl y if t h e r e q uir e d fi el ds ar e l eft -308 + 308
i nt a ct (s e e Fi g ur e 2 ). I n t h e s etti n gs, y o u c a n
d efi n e t h e m ess a gi n g t e c h ni q u e y o u w a nt t o T h e m et h o d f or d et e cti n g v ul n er a biliti es i n
e m pl o y. a p pli c ati o ns usi n g g R P C st arts wit h s c a n ni n g t h e
T h e pr e mis e r e m ai ns t h e s a m e f or b ot h c h a n g e i niti al r e m ot e pr o c e d ur e m ess a g es (s e e Fi g ur e 3 ).
t e c h ni q u es w h e n it c o m es t o fi el ds m o difi c ati o ns. T h e p r o p os e d m et h o d will a c c e pt d at a t h at c a n b e
T h e n u m eri c m ess a g e fi el ds ar e m o difi e d b y r etri e v e d usi n g t h e T c p d u m p or Wir es h ar k
n et w or k p a c k et a n al y z er fr o m . p c a p or . p c a p n g
fil es. T h e pr o p os e d m et h o d a c c e pt s Pr ot o b uf fil es
�. pr ot o, w hi c h ar e us e d t o filt er o ut u n n e c ess ar y a n d t h e a p pli c ati o n u n d er t est ar e b ot h st art e d. T h e
m ess a g es a n d s e n d m ess a g es t o t h e a p pli c ati o n g R P C m ess a g e cr e at or usi n g f uzz y l o gi c c h a n g es
u n d er t est. B e c a us e pr ot o b uf m ess a g es ar e utili z e d t h e v al u es of t h e m ess a g e d at a a c c or di n gl y t o t h e
i n t h e g R P C r e m ot e pr o c e d ur e c all fr a m e w or k, t y p es a n d p ossi bl e v al u es gi v e n i n T a bl e 1 .
w hi c h is b as e d o n t h e H T T P/ 2 pr ot o c ol [ 2 3],
pr ot o b uf m ess a g es m ust b e r e q u est e d i n all
H T T P/ 2 pr ot o c ol r e q u ests. Aft er r e vi e wi n g t h e
c o nt e nts of t h e H T T P/ 2 r e q u est, it is d et er mi n e d
w h et h er t his m ess a g e is i nt e n d e d f or at l e ast o n e
of t h e s er vi c es d es cri b e d i n t h e . pr ot o fil es of t h e
t est e d s oft w ar e. T h e d at a is s a v e d if t h e m ess a g e
h as a s er vi c e m at c h. If n o m at c h is d et e ct e d, t h e
al g orit h m r e p e ats t h e pr o c ess wit h a n e w H T T P/ 2
r e q u est. Pr ot o b uf m ess a g es i n bi n ar y f or m at ar e
e xtr a ct e d fr o m t h es e q u eri es, w hi c h w er e
c o nstr u ct e d usi n g t h e pr ot o c ol b uff er's i nt e rf a c e
d es cri pti o n l a n g u a g e [ 2 2].
Fi g ur e 4 : T h e pr o c ess of pr o p os e d m et h o d f or
d et e cti n g a p pli c ati o n v ul n er a biliti es usi n g g R P C
T h e m ess a g e wit h t h e hi g h est e x p e ct e d
n u m b er of m ess a g e c h a n g e c y cl es is c h os e n i n t h e
first it er ati o n a n d c h a n g e d v al u es of t h e m ess a g e
d at a ar e c o nstr u ct e d b as e d o n it. T h e m ess a g es ar e
cr e at e d i n s u bs e q u e nt c y cl es d e p e n di n g o n t h e
e x e c uti o n pr o gr ess a n d t h e t est e d a p pli c ati o n
r e pli es t o t h e g R P C s e nt m ess a g es. T h e r e c ei v e d
Fi g ur e 3 : P a c k et s c a n ni n g pr o c ess f or e xtr a cti n g r es p o ns e is s e nt f or f urt h er a n aly sis. T h e
r e m ot e pr o c e d ur e m ess a g es a p pli c ati o n is b ei n g t est e d if it is still r u n ni n g or if
n o r e pl y is r e c ei v e d. V erifi c ati o n of t h e t est e d
Aft er all r e m ot e pr o c e d ur e c alls, m ess a g e a p pli c ati o n pr o gr ess is s e nt t o t h e r e p ort
str u ct ur es, a n d d at a t y p es ar e s a v e d t o t h e g e n er ati n g pr o c e d ur e. A n e w t est it er ati o n is
d at a b as e, t h e pr o c ess of d et e cti n g a p pli c ati o n st art e d aft er t h e g R P C m ess a g e g e n er ati n g
v ul n er a biliti es usi n g g R P C st arts. T h e pr o c ess of pr o c ess r e c ei v es t h e e x e c uti o n st at us a n d r es p o ns e
t h e pr o p os e d m et h o d is d e pi ct e d i n Fi g ur e 4 . d at a fr o m t h e a p pli c ati o n u n d er t est. T h e
St arti n g v ul n er a bilit y d et e cti o n, . pr ot o fil e, a p pli c ati o n a cti vit y m o nit ori n g pr o c ess d et e cts t h e
m ess a g es str u ct ur e, a n d d at a t y p es u pl o a d e d fr o m t est e d a p pli c ati o n f a ult ( n o r es p o ns e) t h e cr as h
t h e d at a b as e. T h e e x e c uti o n m o nit ori n g pr o c e d ur e
�r e p ort pr o c ess c oll e cts all r el e v a nt f a ult d at a a n d T h e us er c a n s e e t h e t er mi n al i nt erf a c e aft er
s a v es t h e a p pli c ati o n cr a s h r e p ort. c o nfi g uri n g a n d r u n ni n g t h e D A V u G R P C t o ol,
w hi c h dis pl a ys t hr e e m ai n bl o c ks: i nf or m ati o n o n
6. E v al u ati o n fr a m e w or k and t h e ti m e a n d d ur ati o n of t h e t est pr o c ess, t h e
o v er a ll r es ults of t he t est pr o c ess , a n d t h e c urr e nt
e x p eri m e nt al s et u p pr o gr es s of t h e t est pr o c ess .
A g e n er al fr a m e w or k f or e v al u ati o n of t h e
pr o p os e d m et h o d f or d et e cti n g a p pli c ati o n
v ul n er a biliti es usi n g g R P C is d e pi ct e d i n Fi g ur e
5.
Fi g ur e 6 : T h e str u ct ur e of D A V u G R P C t o ol
Fi g ur e 5 : A g e n er al fr a m e w or k f or e v al u ati o n of 7. E x p eri m e nt al r es ults
t h e pr o p os e d m et h o d
O ur e x p eri m e nts ar e p erf or m e d usi n g A M D
T h e Fri d a d y n a mi c a n al ysis li br ar y is us e d t o R y z e n 5 2 6 0 0 pr o c ess or wit h si x p h ysi c al a n d
tr a c k t h e a p pli c ati o n u n d er t est e x e c uti o n. T o us e t w el v e l o gi c al c or es @ 3. 4 0 G H z; 1 6 G B R A M;
t h e li br ar y pr o gr a m mi n g i nt erf a c e i n t h e G o Wi n d o ws 1 0 Pr o 6 4 bits O S.
pr o gr a m mi n g l a n g u a g e, w e us e t h e fri d a -g o F or t h e e x p eri m e nt al i n v esti g ati o n, a t esti n g
li br ar y, w hi c h all o ws us t o us e t h e Fri d a li br ar y's pl atf or m w as cr e at e d wit h a p pli c ati o ns writt e n i n
n e e d e d f u n cti o ns. T h e Fri d a li br ar y i ns erts t h e C + + t h at us es g R P C . T h er e h a v e b e e n t w e nt y-
a d diti o n al c o d e d uri n g e x e c uti o n t h at p er mits t hr e e r e m ot e pr o c e d ur es i m pl e m e nt e d: t e n
J a v a S cri pt t o b e p erf or m e d aft er e n a bli n g t h e pr o c e d ur es ( Pr o c 0 – Pr o c 9) h a v e v ari o us t y p es of
a p pli c ati o n u n d er t est e x e c uti o n. T h es e s cri pts b uff er o v erfl o w a n d n ull -p oi nt er d er ef er e n c e
h a v e f ull a c c ess t o t h e a p pli c ati o n u n d er t est v ul n er a biliti es a n d t hirt e e n wit h o ut a n y
m e m or y a n d c a n als o c h a n g e h o w f u n cti o ns ar e v ul n er a bilit y. T h e pr o p os e d m et h o d w as
e x e c ut e d. c o m p ar e d wit h t h e pr ot o -f uzz er a n d Wi n A F L wit h
W h e n a m et h o d i n t h e a p pli c ati o n u n d er t est is li b pr ot o b uf-m ut at or li br ar y s ol uti o ns (T a bl e 2 ).
c all e d i n t h e D A V u G R P C t o ol, t h e s cri pt b e gi ns t o
c a pt ur e bl o c ks of e x e c ut e d m et h o d i nstr u cti o ns. T a bl e 2
T h e Fri d a Li br ar y's I nt er c e pt or a n d St al k er C o m p aris o n of t h e D A V u G R P C t o ol
d e v el o p m e nt A PI w er e us e d t o d o t his. T h e R es ults ( N o. of s e nt m ess a g es /
c o m pl et e d i nstr u cti o n bl o c ks ar e tr a ns mitt e d t o Pr o c e d ur D et e cti o n ti m e i n s e c)
t h e D A V u G R P C t o ol at t h e e n d of t h e a p pli c ati o n es D AVu GRPC pr ot o - Wi n A F L
u n d er t h e t est m et h o d. I n a d diti o n t o t his
f uzz er
i nf or m ati o n, t h e a p pli c ati o n of t h e u n d er t est
m et h o d's e x e c uti o n ti m e is r e c or d e d. D at a fr o m Pr o c 0 5/ 5 1 0/ 2 6 6 5 0 0 0/ -
t h e a p pli c ati o n u n d er t h e t est is s e nt usi n g t h e Pr o c 1 4/ 6 3/ 2 3 7 3 7/ 2 8
Fri d a li br ar y's P 2 P D b us c o m m u ni c ati o n Pr o c 2 2/ 4 7/ 3 1 3 5 7/ 5
c h a n n el, w hi c h all o ws d at a t o b e e x c h a n g e d Pr o c 3 3/ 5 8/ 2 5 0 4 3/ 7 8
b et w e e n t h e D A V u G R P C t o ol a n d t h e a p pli c ati o n Pr o c 4 5/ 4 4/ 2 4 9 8 3/ 1 1
u n d er t h e t est s cri pt c o d e. T his P 2 P D b us c h a n n el Pr o c 5 6/ 5 1 0/ 2 6 4 9 0 0 0/ -
is als o us e d w h e n J a v a S cri pt s cri pti n g m et h o ds Pr o c 6 7/ 5 2/ 2 9 6 2/ 3
ar e i n v o k e d. T h e str u ct ur e of D A V u G R P C t o ol is Pr o c 7 7/ 5 3 4/ 3 1 0 9 0 0/ 6 7
r e pr es e nt e d i n Fi g ur e 6 . Pr o c 8 1 6/ 6 -/- -/-
Pr o c 9 -/- -/- -/-
� B as e d o n t h e r es ults w e c a n e v al u at e t h at t h e 9. R ef er e n c es
pr o p os e d m et h o d d et e cts st a c k -b as e d, h e a p -
b as e d, a n d n ull -p oi nt er d er ef er e n c e v ul n er a biliti es
[ 1] W. Ji m e n e z , A. M a m m ar a n d A. C a v alli,
i n t h e s h ort ti m e s e n di n g a s m all n u m b er of g R P C
“ S oft w ar e V ul n er a biliti es, Pr e v e nti o n a n d
m ess a g es.
D et e cti o n M et h o ds: A R e vi e w ”, J ul y 2 0 1 0.
P e n T est M a g a zi n e [ O nli n e]. URL :
8. C o n cl usi o n htt p:// w w w -l or.i nt-e vr y.fr/ ~ a n n a/fil es/s e c -
m d a 0 9. p df
T h e g o al of g R P C is t o s p e e d u p d at a [ 2] S. G ar g, R. K. Si n g h a n d A. K. M o h a p atr a
tr a ns missi o n b et w e e n mi cr o s er vi c es . It als o “ A n al ysis of s oft w ar e v ul n er a bilit y
d es cri b es t h e R P C A PI p ar a di g m i n a n i nt erf a c e cl assifi c ati o n b as e d o n diff er e nt t e c h ni c al
d es cri pti o n l a n g u a g e ( I D L), w hi c h m a k es p ar a m et ers ” 2 0 1 9. I nf or m ati o n S e c urit y
d et er mi ni n g r e m ot e o p er ati o ns e asi er. T h e m ai n J o ur n al: A Gl o b al P ers p e cti v e, 2 8: 1 -2, p p. 1 -
r es ults of t his p a p er ar e as f oll o ws: 1 9. d oi: 1 0. 1 0 8 0/ 1 9 3 9 3 5 5 5. 2 0 1 9. 1 6 2 8 3 2 5
• g R P C c o ul d b e s u c c essf ull y us e d i n [ 3] J. F a n, Yi. Li, S. W a n g, a n d T. N. N g u y e n.
a p pli c ati o ns v ul n er a biliti es d et e cti o n. “ A C/ C + + C o d e V ul n er a bilit y D at as et wit h
• D y n a mi c a p pli c ati o n t esti n g o ut p erf or ms C o d e C h a n g es a n d C V E S u m m ari es ” 2 0 2 0.
st ati c m et h o ds b e c a us e of a l o w n u m b er Pr o c e e di n gs of t h e 1 7t h I nt er n ati o n al
of f als e p ositi v es a n d e xtr e m el y hi g h C o nf er e n c e on Mi ni n g S oft w ar e
pr e cisi o n. R e p osit ori es. Ass o ci ati o n f or C o m p uti n g
• F u z zi n g is t h e m ost a c c e pt a bl e m et h o d M a c hi n er y, N e w Y or k, N Y, U S A, p p. 5 0 8 –
si n c e it is t h e m ost u ni v ers al a n d 5 1 2. d oi: 1 0. 1 1 4 5/ 3 3 7 9 5 9 7. 3 3 8 7 5 0 1
c o m bi n es t h e b e st si d es of st ati c a n d [ 4] R. L. R uss ell, L. Y. Ki m, L. H. H a milt o n, T.
d y n a mi c t esti n g . L a z o vi c h, J. A. H ar er, O. O z d e mir, P. M.
• T o i n cr e as e effi ci e n c y, t h e m et h o d us es Elli n g w o o d a n d M. W. M c C o nl e y.
c o d e -c o v er a g e f e e d b a c k t o pri oriti z e “ A ut o m at e d V ul n er a bilit y D et e cti o n i n
c o m pl e x r e m ot e pr o c e d ur e m ess a g es. S o ur c e C o d e Usi n g D e e p R e pr es e nt ati o n
T his is a c hi e v e d b y usi n g Fri d a d y n a mi c L e ar ni n g. ” 2 0 1 8. 1 7t h I E E E I nt er n ati o n al
a n al ysis li br ar y. C o nf er e n c e o n M a c hi n e L e ar ni n g a n d
• Pr o p os e d a p pli c ati o ns v ul n er a biliti es A p pli c ati o ns (I C M L A’ 2 0 1 8) p p. 7 5 7-7 6 2.
m et h o d u si n g r e m ot e pr o c e d ur e c alls a n d d oi: 1 0. 1 1 0 9/I C M L A. 2 0 1 8. 0 0 1 2 0
r e ali z e d D A V u G R P C t o ol s h o ws [ 5] J. F ell, “ A R e vi e w of F u z zi n g T o ols a n d
a c c e pt a bl e r es ults f or st a c k -b as e d, h e a p - M et h o ds ”, M ar c h 1 0, 2 0 1 7. P e n T est
b as e d b uff er o v erfl o w a n d n ull -p oi nt er M a g a zi n e [ O nli n e]. URL :
d er ef er e n c e v ul n er a biliti es wit h t h e s h ort htt ps:// w c v e nt ur e. git h u b.i o/ F u z zi n g P a p er/ P a
ti m e w h er e as t h e s m all n u m b er of g R P C p er/ 2 0 1 7 _r e vi e w. p df
m ess a g es h as b e e n s e nt. [ 6] O. Z a a z a a a n d H. E l B a k k ali, " D y n a mi c
v ul n er a bilit y d et e cti o n a p pr o a c h es a n d t o ols:
• T h e pr o p os e d m et h o d f o u n d 1 1 o ut of 1 2
St at e of t h e Art," 2 0 2 0 F o urt h I nt er n ati o n al
v ul n er a biliti es. T h e m et h o d h as l o w er
C o nf er e n c e O n I nt elli g e nt C o m p uti n g i n
p erf or m a n c e t h a n t h e pr ot o -f uzz er
D at a S ci e n c es (I C D S), 2 0 2 0, p p. 1 -6.
s ol uti o n; h o w e v er , it s e n ds f e w er
d oi: 1 0. 1 1 0 9/I C D S 5 0 5 6 8. 2 0 2 0. 9 2 6 8 6 8 6
m ess a g es o v er t h e t esti n g pr o c ess .
[ 7] K. Y a n g, H. Z h a o, C. Z h a n g, J. Z h u g e a n d H.
F ut ur e w or k will b e as f oll o ws:
D u a n, " F u z zi n g I P C wit h K n o wl e d g e
• A d d n est e d m ess a g es v al u e f u z zi n g.
I nf er e n c e," 2 0 1 9 3 8t h S y m p osi u m o n
• I m pl e m e nt c o m pl e x f u z zifi c ati o n l o gi c R eli a bl e Distri b ut e d S ys t e ms ( S R D S), 2 0 1 9,
wit h r e c o g niti o n d e p e n d e n ci es b et w e e n 1 1 -1 1 0 9.
t h e s a m e v al u es i n t h e m ess a g es. d oi: 1 0. 1 1 0 9/ S R D S 4 7 3 6 3. 2 0 1 9. 0 0 0 1 2
• A d d a d diti o n al d y n a mi c i nstr u m e nt ati o n [ 8] V. -T. P h a m, M. B o h m e, a n d A.
fr a m e w or k s u p p ort si n c e t h e c urr e nt Fri d a R o y c h o u d h ur y, “ A F L N E T: A Gr e y b o x
i m pl e m e nt ati o n is u nst a bl e. F uzz er f or N et w or k Pr ot o c ols,” i n 2 0 2 0
• A d d c o m pr ess e d gR P C m ess a g es I E E E 1 3t h I nt er n ati o n al C o nf er e n c e o n
s u p p ort. S oft w ar e T esti n g, V ali d ati o n and
V erifi c ati o n (I C S T), P ort o, P ort u g al, O ct.
� 2 0 2 0, p. 4 6 0 – 4 6 5. S o m e Mi d dl e w ar e T e c h n ol o gi es ” 2 0 2 0.
d oi: 1 0. 1 1 0 9/I C S T 4 6 3 9 9. 2 0 2 0. 0 0 0 6 2 I nt er n ati o n al J o ur n al of M o d er n E d u c ati o n &
[ 9] H. B a g ci, a n d A. K ar a, “ A Li g ht w ei g ht a n d C o m p ut er S ci e n c e. V ol. 1 2 Iss u e 2, p p. 3 6 -
Hi g h P erf or m a n c e R e m ot e Pr o c e d ur e C all 5 2. d oi: 1 0. 5 8 1 5/ij m e cs. 2 0 2 0. 0 2. 0 5
Fr a m e w or k f or Cr oss Pl atf or m [ 1 7] L. Vil a n o v a, M. J or d à, N. N a v arr o, Y. Etsi o n,
C o m m u ni c ati o n ”, 2 0 1 6. I n Pr o c e e di n gs of and M. V al er o. “ Dir e ct I nt er -Pr o c ess
t h e 1 1t h I nt er n ati o n al J oi nt C o nf er e n c e o n C o m m u ni c ati o n ( d I P C): R e p ur p osi n g t h e
S oft w ar e T e c h n ol o gi es - I C S O F T-E A, C O D O Ms Ar c hit e ct ur e t o A c c el er at e I P C”
(I C S O F T 2 0 16) I S B N 9 7 8 -9 8 9 -7 5 8 -1 9 4 -6, 2 0 1 7. I n Pr o c e e di n gs of t h e T w elft h
p. 1 1 7 -1 2 4. d oi: 1 0. 5 2 2 0/ 0 0 0 5 9 3 1 2 0 1 1 7 0 1 2 4 E ur o p e a n C o nf er e n c e o n C o m p ut er S yst e ms
[ 1 0] T. H uss ai n, S. S at y a v e er, a n d M. S et h, “ A ( E ur o S ys ' 1 7). Ass o ci ati o n f or C o m p uti n g
C o m p ar ati v e St u d y of S oft w ar e T esti n g M a c hi n er y, N e w Y or k, N Y, U S A, p p. 1 6 – 3 1.
T e c h ni q u es Vi z. W hit e B o x T esti n g Bl a c k d oi: 1 0. 1 1 4 5/ 3 0 6 4 1 7 6. 3 0 6 4 1 9 7
B o x T esti n g a n d Gr e y B o x T esti n g. ” [ 1 8] N. K o utr o u m p o u c h os, G. L a v d a nis, E.
IJ A P R R I nt er n ati o n al P e er R e vi e w e d V er o ni, C. Nt a nt o gi a n, a n d C. X e n a kis.
R ef er e e d J o ur n al, V ol. II, Iss u e V, 2 0 1 5. “ O bj e ct M a p: d et e cti n g i ns e c ur e o bj e ct
[ 1 1] C. C h e n, C. B a oji a n g, M. Ji n xi n, W. R u n p u, d es eri ali z ati o n ” 2 0 1 9. I n Pr o c e e di n gs of t h e
G. Ji a n c h a o a n d L. W e n qi a n, " A s yst e m ati c 2 3r d P a n -H ell e ni c C o nf er e n c e on
r e vi e w of f u z zi n g t e c h ni q u es " 2 0 1 8 I nf or m ati cs ( P CI ' 1 9). Ass o ci ati o n f or
C o m p ut ers & S e c urit y, V ol u m e 7 5, p p. 1 1 8 - C o m p uti n g M a c hi n er y, N e w Y or k, N Y,
1 3 7, ISS N 0 1 6 7 -4 0 4 8. U S A, p p. 6 7 – 7 2.
d oi: 1 0. 1 0 1 6/j. c os e. 2 0 1 8. 0 2. 0 0 2 d oi: 1 0. 1 1 4 5/ 3 3 6 8 6 4 0. 3 3 6 8 6 8 0
[ 1 2] S. K ar a m c h eti, G. M a n n a n d D. R os e n b er g, [ 1 9] M. B er g a, A. S a nt os, “ g R P C vs R E S T:
“ A d a pti v e Gr e y -B o x F u z z -T esti n g wit h c o m p ari n g A PIs ar c hit e ct ur al st yl es ” J u n e
T h o m ps o n S a m pli n g ” 2 0 1 8 I n Pr o c e e di n gs 0 3, 2 0 2 1. I m a gi n ar y Cl o u d [ O n li n e]. U R L :
of t h e 1 1t h A C M W or ks h o p o n Artifi ci al htt ps:// w w w.i m a gi n ar y cl o u d. c o m/ bl o g/ g R P
I nt elli g e n c e a n d S e c urit y ( AI S e c ' 1 8). C -vs -r est/
Ass o ci ati o n f or C o m p uti n g M a c hi n er y, N e w [ 2 0] g R P C a hi g h p erf or m a n c e, o p e n s o ur c e
Y or k, N Y, U S A, p p. 3 7 – 4 7. u ni v ers al R P C fr a m e w or k. [ O nli n e]. U R L :
d oi: 1 0. 1 1 4 5/ 3 2 7 0 1 0 1. 3 2 7 0 1 0 8 htt ps:// g R P C .i o/
[ 1 3] M. M o u z ar a ni, B. S a d e g hi y a n a n d M. [ 2 1] Pr ot o c ol B uff ers O v er vi e w. [ O nli n e]. U R L :
Z olf a g h ari, " A S m art F u z zi n g M et h o d f or htt ps:// d e v el o p ers. g o o gl e. c o m/ pr ot o c ol -
D et e cti n g H e a p -B as e d B uff er O v erfl o w i n b uff ers/ d o cs/ o v er vi e w
E x e c ut a bl e C o d es, " 2 0 1 5 I E E E 2 1st P a cifi c [ 2 2] Pr ot o c ol B uff ers L a n g u a g e G ui d e. [ O nli n e].
Ri m I nt er n ati o n al S y m p osi u m on URL :
D e p e n d a bl e C o m p uti n g ( P R D C), 2 0 1 5, p p. htt ps:// d e v el o p ers. g o o gl e. c o m/ pr ot o c ol -
4 2 -4 9. d oi: 1 0. 1 1 0 9/ P R D C. 2 0 1 5. 1 0 b uff ers/ d o cs/ pr ot o #s p e cif yi n g -r ul es
[ 1 4] Z. S p as o v, D. B o g d a n o v a, a n d M. S k o pj e, [ 2 3] I nt er n et E n gi n e eri n g T as k F or c e, H y p ert e xt
“I nt er -Pr o c ess C o m m u ni c ati o n, A n al ysis, Tr a nsf er Pr ot o c ol V ersi o n 2 ( H T T P/ 2).
G ui d eli n es A n d Its I m p a ct O n C o m p ut er [ O nli n e]. URL :
S e c urit y ” 2 0 1 0 T h e 7t h I nt er n ati o n al htt ps:// d at atr a c k er.i etf. or g/ d o c/ ht ml/rf c 7 5 4 0
C o nf er e n c e f or I nf or m ati cs a n d I nf or m ati o n
T e c h n ol o g y ( CII T 2 0 1 0). I nstit ut e of
I nf or m ati cs. URL :
htt p:// ciit.fi n ki. u ki m. m k/ d at a/ p a p ers/ 7 Cii T/ 7
Cii T -1 1. p df
[ 1 5] N. C. Will, T. H ei nri c h, A. B. Vi es ci ns ki a n d
C. A. M a zi er o, " Tr ust e d I nt er -Pr o c ess
C o m m u ni c ati o n Usi n g H ar d w ar e E n cl a v es,"
2021 IEEE I nt er n ati o n al S yst e ms
C o nf er e n c e ( S ys C o n), 2 0 2 1, p p. 1 -7.
d oi: 1 0. 1 1 0 9/ S ys C o n 4 8 6 2 8. 2 0 2 1. 9 4 4 7 0 6 6
[ 1 6] D. H a m e d, “I nt er -Pr o c ess C o m m u ni c ati o n
(I P C) i n Distri b ut e d E n vir o n m e nts: A n
I n v esti g ati o n a n d P erf or m a n c e A n al ysis of
�