As the essential component responsible for communication, network services are security-critical, and it is vital to find v u lnerabilities i n t h em. F u zzing i s c u rrently o n e o f the most popular software vulnerability discovery techniques, widely adopted due to its high efficiency and low false positives. However, existing coverage-guided fuzzers mainly aim at stateless local applications, leaving stateful network services underexplored. Recently, some fuzzers targeting network services have been proposed but have certain limitations, e.g., insufficient o r inaccurate state representation and low testing efficiency.In this paper, we propose a new fuzzing solution NSFuzz for stateful network services. Specifically, w e s t udied t y pical implementations of network service programs and figured o u t how they represent states and interact with clients, and accordingly propose (1) a program variable-based state representation scheme and (2) an efficient i n teraction s y nchronization m e chanism to improve efficiency. We have implemented a prototype of NSFuzz, which uses static analysis to identify network event loops and extract state variables, then achieves fast I/O synchronization and efficient s t ate-aware f u zzing v i a l i ghtweight compile-time instrumentation. The preliminary evaluation results show that, compared with state-of-the-art network service fuzzers AFLNET and STATEAFL, our solution NSFuzz could infer a more accurate state model during fuzzing and improve the testing throughput by up to 50x and the coverage by up to 20%.
We provide artifacts to reproduce the evaluation results of our paper NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing. The provided artifacts can be downloaded from https://zenodo.org/record/7134490. It includes 14 docker containers, several scripts for execution and analysis, one additional proof for the crash results, and six related documents for the running of experiments. We claim for all three badges, i.e., Available, Functional, and Reusable. This report gives instructions on how to reproduce the answers which mainly involve basic operations on the Ubuntu operating system.
As an essential component responsible for communication, network services are security-critical, and it is vital to find vulnerabilities in them. Fuzzing is currently one of the most popular software vulnerability discovery techniques, widely adopted due to its high efficiency and low false positives. However, existing coverage-guided fuzzers mainly aim at stateless local applications, leaving stateful network services underexplored. Recently, some fuzzers targeting network services have been proposed but have certain limitations, e.g., insufficient or inaccurate state representation and low testing efficiency. In this paper, we propose a new fuzzing solution NSFuzz for stateful network services. Specifically, we studied typical implementations of network service programs and figured out how they represent states and interact with clients. Accordingly we propose (1) a program variable-based state representation scheme and (2) an efficient interaction synchronization mechanism to improve fuzzing efficiency. We have implemented a prototype of NSFuzz, which uses static analysis and annotation APIs to identify synchronization points and state variables within the services, then achieves fast I/O synchronization and accurate service state tracing to carry out efficient state-aware fuzzing via lightweight compile-time instrumentation. The evaluation results show that compared with other network service fuzzers, including AFL net and S tate AFL, our solution NSFuzz could infer a more accurate state model during fuzzing and improve the fuzzing throughput by up to 200x. Besides, NSFuzz could improve the code coverage by up to 25% and trigger more crashes in less time. Furthermore, we performed a fuzzing campaign to find new bugs in the latest version of the target services, and 8 zero-day vulnerabilities have been found by NSFuzz.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.