SGPFuzzer: A State-Driven Smart Graybox Protocol Fuzzer for Network Protocol Implementations

Yingchao Yu,Zuoning Chen,Shuitao Gan,Xiaofeng Wang

doi:10.1109/access.2020.3025037

Yingchao Yu, Zuoning Chen + Show 2 more

Open Access

https://doi.org/10.1109/access.2020.3025037

Copy DOI

Journal: IEEE Access	Publication Date: Jan 1, 2020
Citations: 30	License type: CC BY 4.0

Affiliation: Chinese Academy of Engineering, Jiangnan University

Abstract

As one of the most widely used technologies in software testing, fuzzing technology has been applied to network protocol vulnerability detection, and various network protocol fuzzers have been proposed. In this study, we first analyze and summarize some typical network protocol fuzzers to highlight the challenges when addressing stateful network protocol fuzzing. Then, a state-driven smart graybox protocol fuzzer (SGPFuzzer) is proposed to deal with these challenges. Finally, we evaluate SGPFuzzer on two widely used protocol implementations (LightFTP and tinyDTLS).The results show that SGPFuzzer outperforms Boofuzz and AFL in path coverage, unique crashes and the first time crash to crash, and it triggers a known bug which can’t be trigged by the other two tools, fully proving its effectiveness and practicability.

Highlights

In recent years, the vulnerabilities exposed by imperfect implementations of network protocols have become one of the most destructive types of security issues, leading to attacks such as HeartBleed [1] in OpenSSL and Remote Code Execution in Simple Network Management Protocol SNMP (SNMP) [2]
STATE-DRIVEN SMART GREYBOX PROTOCOL FUZZER—SGPFUZZER SYSTEM DESIGN Based on the challenges identified above, we introduce the design of SGPFuzzer, a state-driven smart graybox protocol fuzzer that targets stateful network protocol implementations
The analysis shows that the path coverage of SGPFuzzer is superior to that of the state-of-the-art blackbox fuzzer Boofuzz and the stateof-the-art graybox fuzzer AFL

Summary

Introduction

The vulnerabilities exposed by imperfect implementations of network protocols have become one of the most destructive types of security issues, leading to attacks such as HeartBleed [1] in OpenSSL and Remote Code Execution in Simple Network Management Protocol SNMP (SNMP) [2]. Exploiting these vulnerabilities can result in hundreds of thousands of network devices facing catastrophic threats—and the attackers do not even need access to the physical machine.

Objectives

Results

Conclusion