SLIME: State Learning in the Middle of Everything for Tool-Assisted Vulnerability Detection

Behavioural state machine models of software systems are a valuable tool for validating behaviour, but creating state machine models of existing implementations manually is highly undesirable. Fortunately, automata learning frameworks exist that completely automate the critical aspect of automata learning. However, some manual setup is usually required outside of the critical learning algorithm to create a test harness into which the system under test (SUT) and learning algorithm can function. In this paper we present a new architecture for automata learning that uses existing learning algorithms and a generic man-in-the-middle (MITM). Our architecture significantly reduces this manual setup effort. The learned state machine can be used to help uncover potential flaws in the implementation of client, server, their overall interaction and even the client-server protocol itself. These flaws can potentially be exploited by a malicious client, an impostor server, or a man-in-the-middle. Two sets of rules to automatically assist with identifying flaws in the state machine are presented, and are used to visually annotate the potential flaws in the learned model. Additionally, flaws can be detected via regression testing by comparing the learned state machine models to ones previously learned. Automatically generated and annotated state machine models of systems can be used as evidence in security, safety, and reliability assurance.