Petri net modeling and vulnerability analysis of the Heartbleed

Abstract

In recent years, a variety of network attacks emerge in an endless stream, and network attacks gradually show the characteristics of higher secrecy and greater harm. At present, the analysis of system vulnerabilities is generally focused on the characteristics analysis and impact hazard level, and lack of formal modeling and vulnerability analysis methods. In this paper, we model the OpenSSL service’s Heartbleed vulnerability based on Petri net. We build a formal model combined with the source code and system state, analyze the vulnerability of the system running state, and propose an automatic vulnerability repair scheme. Experiments show that this model can carry out fine-grained formal analysis and simulation of the Heartbleed, which is of great significance to explore the system vulnerability modeling method.