Abstract
AbstractFuzzing network servers is a technical challenge, since the behavior of the target server depends on its state over a sequence of multiple messages. Existing solutions are costly and difficult to use, as they rely on manually-customized artifacts such as protocol models, protocol parsers, and learning frameworks. The aim of this work is to develop a greybox fuzzer (StateAFL) for network servers that only relies on lightweight analysis of the target program, with no manual customization, in a similar way to what the AFL fuzzer achieved for stateless programs. The proposed fuzzer instruments the target server at compile-time, to insert probes on memory allocations and network I/O operations. At run-time, it infers the current protocol state of the target server by taking snapshots of long-lived memory areas, and by applying a fuzzy hashing algorithm (Locality-Sensitive Hashing) to map memory contents to a unique state identifier. The fuzzer incrementally builds a protocol state machine for guiding fuzzing. We implemented and released StateAFL as open-source software. As a basis for reproducible experimentation, we integrated StateAFL with a large set of network servers for popular protocols, with no manual customization to accomodate for the protocol. The experimental results show that the fuzzer can be applied with no manual customization on a large set of network servers for popular protocols, and that it can achieve comparable, or even better code coverage and bug detection than customized fuzzing. Moreover, our qualitative analysis shows that states inferred from memory better reflect the server behavior than only using response codes from messages.
Funder
Università degli Studi di Napoli Federico II
Publisher
Springer Science and Business Media LLC
Reference47 articles.
1. AFLplusplus Project (2021) Pull request #1200—rename. https://github.com/AFLplusplus/AFLplusplus/pull/1200/commits
2. Ali M, Hagen J, Oliver J (2020) Scalable malware clustering using multi-stage tree parallelization. In: 2020 IEEE International conference on intelligence and security informatics (ISI). IEEE, pp 1–6
3. Alrahem T, Chen A, DiGiuseppe N, Gee J, Hsiao S P, Mattox S, Park T et al (2007) Interstate: a stateful protocol fuzzer for SIP. Defcon 15:1–5
4. Andronidis A, Cadar C (2022) SnapFuzz: an efficient fuzzing framework for network applications. arXiv:220104048
5. Antunes J, Neves N (2011) Automatically complementing protocol specifications from network traces. In: Proceedings of the 13th European workshop on dependable computing, pp 87–92
Cited by
10 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. An enhanced state-aware model learning approach for security analysis in lightweight protocol implementations;Journal of Cloud Computing;2024-01-30
2. Battling against Protocol Fuzzing: Protecting Networked Embedded Devices from Dynamic Fuzzers;ACM Transactions on Software Engineering and Methodology;2024-01-22
3. Greybox Fuzzing of Distributed Systems;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15
4. Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks;2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE);2023-09-11
5. A Blackbox Fuzzing Based on Automated State Machine Extraction;2023 8th International Conference on Data Science in Cyberspace (DSC);2023-08-18