Security vulnerability is one of the root causes of cyber-security threats. To discover vulnerabilities and fix them in advance, researchers have proposed several techniques, among which fuzzing is the most widely used one. In recent years, fuzzing solutions, like AFL, have made great improvements in vulnerability discovery. This paper presents a summary of the recent advances, analyzes how they improve the fuzzing process, and sheds light on future work in fuzzing. Firstly, we discuss the reason why fuzzing is popular, by comparing different commonly used vulnerability discovery techniques. Then we present an overview of fuzzing solutions, and discuss in detail one of the most popular type of fuzzing, i.e., coverage-based fuzzing. Then we present other techniques that could make fuzzing process smarter and more efficient. Finally, we show some applications of fuzzing, and discuss new trends of fuzzing and potential future directions.
As the essential component responsible for communication, network services are security-critical, and it is vital to find v u lnerabilities i n t h em. F u zzing i s c u rrently o n e o f the most popular software vulnerability discovery techniques, widely adopted due to its high efficiency and low false positives. However, existing coverage-guided fuzzers mainly aim at stateless local applications, leaving stateful network services underexplored. Recently, some fuzzers targeting network services have been proposed but have certain limitations, e.g., insufficient o r inaccurate state representation and low testing efficiency.In this paper, we propose a new fuzzing solution NSFuzz for stateful network services. Specifically, w e s t udied t y pical implementations of network service programs and figured o u t how they represent states and interact with clients, and accordingly propose (1) a program variable-based state representation scheme and (2) an efficient i n teraction s y nchronization m e chanism to improve efficiency. We have implemented a prototype of NSFuzz, which uses static analysis to identify network event loops and extract state variables, then achieves fast I/O synchronization and efficient s t ate-aware f u zzing v i a l i ghtweight compile-time instrumentation. The preliminary evaluation results show that, compared with state-of-the-art network service fuzzers AFLNET and STATEAFL, our solution NSFuzz could infer a more accurate state model during fuzzing and improve the testing throughput by up to 50x and the coverage by up to 20%.
We provide artifacts to reproduce the evaluation results of our paper NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing. The provided artifacts can be downloaded from https://zenodo.org/record/7134490. It includes 14 docker containers, several scripts for execution and analysis, one additional proof for the crash results, and six related documents for the running of experiments. We claim for all three badges, i.e., Available, Functional, and Reusable. This report gives instructions on how to reproduce the answers which mainly involve basic operations on the Ubuntu operating system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.