Battling against Protocol Fuzzing: Protecting Networked Embedded Devices from Dynamic Fuzzers-Reference-Cited by-同舟云学术

Battling against Protocol Fuzzing: Protecting Networked Embedded Devices from Dynamic Fuzzers

Published:2024-04-20 Issue:4 Volume:33 Page:1-26
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Liu Puzhuo¹^ORCID,Zheng Yaowen²^ORCID,Sun Chengnian³^ORCID,Li Hong⁴^ORCID,Li Zhi¹^ORCID,Sun Limin¹^ORCID

Affiliation:

1. Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

2. Nanyang Technological University, Singapore, Singapore

3. Cheriton School of Computer Science, University of Waterloo, Waterloo, Canada

4. Institute of Information Engineering, Chinese Academy of Sciences, Beijing; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

Abstract

N etworked E mbedded D evices (NEDs) are increasingly targeted by cyberattacks, mainly due to their widespread use in our daily lives. Vulnerabilities in NEDs are the root causes of these cyberattacks. Although deployed NEDs go through thorough code audits, there can still be considerable exploitable vulnerabilities. Existing mitigation measures like code encryption and obfuscation adopted by vendors can resist static analysis on deployed NEDs, but are ineffective against protocol fuzzing. Attackers can easily apply protocol fuzzing to discover vulnerabilities and compromise deployed NEDs. Unfortunately, prior anti-fuzzing techniques are impractical as they significantly slow down NEDs, hampering NED availability. To address this issue, we propose Armor—the first anti-fuzzing technique specifically designed for NEDs. First, we design three adversarial primitives–delay, fake coverage, and forged exception–to break the fundamental mechanisms on which fuzzing relies to effectively find vulnerabilities. Second, based on our observation that inputs from normal users consistent with the protocol specification and certain program paths are rarely executed with normal inputs, we design static and dynamic strategies to decide whether to activate the adversarial primitives. Extensive evaluations show that Armor incurs negligible time overhead and effectively reduces the code coverage (e.g., line coverage by 22%-61%) for fuzzing, significantly outperforming the state of the art.

Funder

National Key R&D Program of Ministry of Science and Technology

Natural Science Foundation of Beijing

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3641847

Reference74 articles.

1. AFL. 2020. Accessed 2022-10-20. https://github.com/google/AFL

2. AFL++. 2022. Accessed 2022-10-20. https://github.com/AFLplusplus/AFLplusplus

3. Ross Anderson and Tyler Moore. 2007. Information security economics–and beyond. In Annual International Cryptology Conference. Springer, 68–91.

4. Resurrecting anti-virtualization and anti-debugging: Unhooking your hooks;Apostolopoulos Theodoros;Future Generation Computer Systems,2021

5. Jinsheng Ba, Marcel Böhme, Zahra Mirzamomen, and Abhik Roychoudhury. 2022. Stateful greybox fuzzing. In 31st USENIX Security Symposium (USENIX Security’22). 3255–3272.