SNPSFuzzer: A Fast Greybox Fuzzer for Stateful Network Protocols Using Snapshots
نویسندگان
چکیده
Greybox fuzzing has been widely used in stateless programs and achieved great success. However, most stateof- the-art greybox fuzzers have slow speed shallow state depth coverage stateful network protocol programs, which are able to remember store the details of interactions. The existing for first send a series well-defined prefix sequences input messages then mutated test target protocol. This process leads high time cost. In this paper, we propose SNPSFuzzer, fast fuzzer protocols using snapshots. SNPSFuzzer dumps context information when program is specific restores it needs be fuzzed. Furthermore, design message chain analysis algorithm explore more deeper states. Our evaluation shows that compared with state-of-the-art AFLNET, improves processing by 70.7% increases path 20.9% on average within 24 hours. Moreover, exposes previously unreported vulnerability Tinydtls.
منابع مشابه
SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr
Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzing has many advantages in terms of simplicity and effectiveness over more complex, expensive testing approaches. Unfortunately, current fuzzing tools suffer from a number of limitations, and, in particular, they provide little support for the fuzzing of stateful protocols. In this paper, we present SNOOZE, ...
متن کاملLZfuzz: a fast compression-based fuzzer for poorly documented protocols
Computers make very fast, very accurate mistakes. From a refrigerator magnet. Real-world infrastructure offers many scenarios where protocols (and other details) are not released due to being considered too sensitive or for other reasons. This situation makes it hard to apply fuzzing techniques to test their security and reliability, since their full documentation is only available to their dev...
متن کاملA Verification Framework for Stateful Security Protocols
A long-standing research problem is how to efficiently verify security protocols with tamper-resistant global states, especially when the global states evolve unboundedly. We propose a protocol specification framework, which facilitates explicit modeling of states and state transformations. On the basis of that, we develop an algorithm for verifying security properties of protocols with unbound...
متن کاملPulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols
The security of network services and their protocols critically depends on minimizing their attack surface. A single flaw in an implementation can suffice to compromise a service and expose sensitive data to an attacker. The discovery of vulnerabilities in protocol implementations, however, is a challenging task: While for standard protocols this process can be conducted with regular techniques...
متن کاملBehaviour Protocols for Interacting Stateful Components
We propose a formal foundation for behaviour protocols of interacting, concurrent components with data states. Formally, behaviour protocols are given by labelled transition systems which specify the order of operation invocations as well as the allowed changes of data states of components in terms of preand postconditions. We study the compatibility of protocols and we consider their compositi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Information Forensics and Security
سال: 2022
ISSN: ['1556-6013', '1556-6021']
DOI: https://doi.org/10.1109/tifs.2022.3192991