SnapFuzz: high-throughput fuzzing of network applications

Andronidis, Anastasios; Cadar, Cristian

doi:10.1145/3533767.3534376

Cited by 15 publications

(4 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Automatic testing of network services has been subject to several other related works [2,8,11,14,16,17,19,20,27,29,32,34]. However, we are the first to create an advanced fuzzer for DNS resolvers.…”

Section: Related Workmentioning

confidence: 99%

“…Fuzzing uses a forkserver, which allows for fast restarts and parallelization. SnapFuzz [2] is an iteration of AFLnet with increased performance, achieved with new binary rewriting. The rewriting replaces file system accesses with a custom in-memory implementation, replaces the TCP and UDP socket calls with UNIX domain sockets, and optimizes the forkserver.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

ResolFuzz: Differential Fuzzing of DNS Resolvers

Bushart,

Rossow

2024

Computer Security – ESORICS 2023

View full text Add to dashboard Cite

This paper identifies and analyzes vulnerabilities in the DNS infrastructure, with particular focus on recursive DNS resolvers. We aim to identify semantic bugs that could lead to incorrect resolver responses, introducing risks to the internet's critical infrastructure. To achieve this, we introduce ResolFuzz, a mutation-based fuzzer to search for semantic differences across DNS resolver implementations. ResolFuzz combines differential analysis with a rule-based mechanism to distinguish between benign differences and potential threats. We evaluate our prototype on seven resolvers and uncover multiple security vulnerabilities, including inaccuracies in resolver responses and possible amplification issues in PowerDNS Recursor's handling of DNAME Resource Records (RRs). Moreover, we demonstrate the potential for self-sustaining DoS attacks in resolved and trust-dns, further underlining the necessity of comprehensive DNS security. Through these contributions, our research underscores the potential of differential fuzzing in uncovering DNS vulnerabilities.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

ResolFuzz: Differential Fuzzing of DNS Resolvers

Bushart,

Rossow

2024

Computer Security – ESORICS 2023

View full text Add to dashboard Cite

show abstract

“…For OpenSSH, the lower throughput was caused by an additional delay between request messages, which was configured to make the analysis of in-memory states more deterministic. A potential extennsion to avoid the need for such delays, and in general for improving the fuzzing throughput, is represented by ongoing research on snapshot-based fuzzing, which saves and restores the state of the entire server process at selected times (Li et al 2022;Andronidis and Cadar 2022). Please note that snapshot-based fuzzing is complementary area of research to STATEAFL, which infers states from a fine-grained analysis of process memory, and would guide the snapshot-based process by identifying unique application-level states.…”

Section: Performancementioning

confidence: 99%

StateAFL: Greybox fuzzing for stateful network servers

Natella

2022

Empir Software Eng

View full text Add to dashboard Cite

Fuzzing network servers is a technical challenge, since the behavior of the target server depends on its state over a sequence of multiple messages. Existing solutions are costly and difficult to use, as they rely on manually-customized artifacts such as protocol models, protocol parsers, and learning frameworks. The aim of this work is to develop a greybox fuzzer (StateAFL) for network servers that only relies on lightweight analysis of the target program, with no manual customization, in a similar way to what the AFL fuzzer achieved for stateless programs. The proposed fuzzer instruments the target server at compile-time, to insert probes on memory allocations and network I/O operations. At run-time, it infers the current protocol state of the target server by taking snapshots of long-lived memory areas, and by applying a fuzzy hashing algorithm (Locality-Sensitive Hashing) to map memory contents to a unique state identifier. The fuzzer incrementally builds a protocol state machine for guiding fuzzing. We implemented and released StateAFL as open-source software. As a basis for reproducible experimentation, we integrated StateAFL with a large set of network servers for popular protocols, with no manual customization to accomodate for the protocol. The experimental results show that the fuzzer can be applied with no manual customization on a large set of network servers for popular protocols, and that it can achieve comparable, or even better code coverage and bug detection than customized fuzzing. Moreover, our qualitative analysis shows that states inferred from memory better reflect the server behavior than only using response codes from messages.

show abstract

“…However, previous works have not studied how to detect violations of consistency models well when they actually occur. One line of previous works either leverages random testing approaches like fuzzing methods [8][9][10][11][12][13]. However, fuzzing cannot systematically explore the state space of SUTs; therefore, it may miss some bugs.…”

Section: Introductionmentioning

confidence: 99%

VConMC: Enabling Consistency Verification for Distributed Systems Using Implementation-Level Model Checkers and Consistency Oracles

Kim

2024

Electronics

View full text Add to dashboard Cite

Many cloud services are relying on distributed key-value stores such as ZooKeeper, Cassandra, HBase, etc. However, distributed key-value stores are notoriously difficult to design and implement without any mistakes. Because data consistency is the contract for clients that defines what the correct values to read are for a given history of operations under a specific consistency model, consistency violations can confuse client applications by showing invalid values. As a result, serious consequences such as data loss, data corruption, and unexpected behavior of client applications can occur. Software bugs are one of main reasons why consistency violations may occur. Formal verification techniques may be used to make designs correct and minimize the risks of having bugs in the implementation. However, formal verification is not a panacea due to limitations such as the cost of verification, inability to verify existing implementations, and human errors involved. Implementation-level model checking has been heavily explored by researchers for the past decades to formally verify whether the underlying implementation of distributed systems have bugs or not. Nevertheless, previous proposals are limited because their invariant checking is not versatile enough to check for the wide spectrum of consistency models, from eventual consistency to strong consistency. In this work, consistency oracles are employed for consistency invariant checking that can be used by implementation-level model checkers to formally verify data consistency model implementations of distributed key-value stores. To integrate consistency oracles with implementation-level distributed system model checkers, the partial-order information obtained via API is leveraged to avoid the exhaustive search during consistency invariant checking. Our evaluation results show that, by using the proposed method for consistency invariant checking, our prototype model checker, VConMC, can detect consistency violations caused by several real-world software bugs in a well-known distributed key-value store, ZooKeeper.

show abstract

SnapFuzz: high-throughput fuzzing of network applications

Cited by 15 publications

References 28 publications

ResolFuzz: Differential Fuzzing of DNS Resolvers

ResolFuzz: Differential Fuzzing of DNS Resolvers

StateAFL: Greybox fuzzing for stateful network servers

VConMC: Enabling Consistency Verification for Distributed Systems Using Implementation-Level Model Checkers and Consistency Oracles

Contact Info

Product

Resources

About