Green-Fuzz: Efficient Fuzzing for Network Protocol Implementations

被引:0
|
作者
Andarzian, Seyed Behnam [1 ]
Daniele, Cristian [1 ]
Poll, Erik [1 ]
机构
[1] Radboud Univ Nijmegen, Nijmegen, Netherlands
来源
FOUNDATIONS AND PRACTICE OF SECURITY, PT I, FPS 2023 | 2024年 / 14551卷
关键词
Testing; Fuzzing; Software Security; Network Protocol Fuzzing;
D O I
10.1007/978-3-031-57537-2_16
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Recent techniques have significantly improved fuzzing, discovering many vulnerabilities in various software systems. However, certain types of systems, such as network protocols, are still challenging to fuzz. This article presents two enhancements that allow efficient fuzzing of network protocols. The first is Desock+, which simulates a network socket and supports different POSIX options to make Desock+ suitable for faster network protocol fuzzing. The second is Green-Fuzz, which sends input messages in one go and reduces the system-call overhead while fuzzing network protocols. We applied this modification to AFLNet, but it could be applied to any fuzzer for stateful systems. This is the maximum overhead we can avoid, when doing out-process fuzzing on stateful systems. Our evaluation shows that these enhancements make AFLNet up to four times faster.
引用
收藏
页码:253 / 268
页数:16
相关论文
共 50 条
  • [31] HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols implementations
    Liu, Xinyao
    Cui, Baojiang
    Fu, Junsong
    Ma, Jinxin
    FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2020, 108 : 390 - 400
  • [32] Verifying network protocol implementations by symbolic refinement checking
    Alur, R
    Wang, BY
    COMPUTER AIDED VERIFICATION, PROCEEDINGS, 2001, 2102 : 169 - 181
  • [33] IPSpex: Enabling Efficient Fuzzing via Specification Extraction on ICS Protocol
    Sun, Yue
    Lv, Shichao
    You, Jianzhou
    Sun, Yuyan
    Chen, Xin
    Zheng, Yaowen
    Sun, Limin
    APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, ACNS 2022, 2022, 13269 : 356 - 375
  • [34] GANFuzz: A GAN-based industrial network protocol fuzzing framework
    Hu, Zhicheng
    Shi, Jianqi
    Huang, YanHong
    Xiong, Jiawen
    Bu, Xiangxing
    2018 ACM INTERNATIONAL CONFERENCE ON COMPUTING FRONTIERS, 2018, : 138 - 145
  • [35] A Mutation-based Fuzz Testing Approach for Network Protocol Vulnerability Detection
    Han, Xing
    Wen, Qiaoyan
    Zhang, Zhao
    PROCEEDINGS OF 2012 2ND INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT 2012), 2012, : 1018 - 1022
  • [36] Robustness Evaluation of Cyber Physical Systems through Network Protocol Fuzzing
    Ananda, Tulasi K.
    Simran, Gitanjali T.
    Sukumara, T.
    Sasikala, D.
    Kumar, Ramakanth P.
    PROCEEDINGS OF THE 2019 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING & COMMUNICATION ENGINEERING (ICACCE-2019), 2019,
  • [37] Semi-valid Fuzz Testing Case Generation for Stateful Network Protocol
    Rui Ma
    Shuaimin Ren
    Ke Ma
    Changzhen Hu
    Jingfeng Xue
    Tsinghua Science and Technology, 2017, 22 (05) : 458 - 468
  • [38] Semi-valid Fuzz Testing Case Generation for Stateful Network Protocol
    Ma, Rui
    Ren, Shuaimin
    Ma, Ke
    Hu, Changzhen
    Xue, Jingfeng
    TSINGHUA SCIENCE AND TECHNOLOGY, 2017, 22 (05) : 458 - 468
  • [39] State Selection Algorithms and Their Impact on The Performance of Stateful Network Protocol Fuzzing
    Liu, Dongge
    Pham, Van-Thuan
    Ernst, Gidon
    Murray, Toby
    Rubinstein, Benjamin I. P.
    2022 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING (SANER 2022), 2022, : 720 - 730
  • [40] Vulnerability mining method for industrial control network protocol based on fuzz testing
    Lai Y.
    Yang K.
    Liu J.
    Liu Z.
    Jisuanji Jicheng Zhizao Xitong/Computer Integrated Manufacturing Systems, CIMS, 2019, 25 (09): : 2265 - 2279
12345