Skip to main content
Springer Nature Link
Log in

Comparative Evaluation of Security Fuzzing Approaches

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2019)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11699))

Included in the following conference series:

  • 3019 Accesses

Abstract

This article compares security fuzzing approaches with respect to different characteristics commenting on their pro and cons concerning both their potential for exposing vulnerabilities and the expected effort required to do so. These preliminary considerations based on abstract reasoning and engineering judgement are subsequently confronted with experimental evaluations based on the application of three different fuzzing tools characterized by diverse data generation strategies on examples known to contain exploitable buffer overflows. Finally, an example inspired by a real-world application illustrates the importance of combining different fuzzing concepts in order to generate data in case fuzzing requires the generation of a plausible sequence of meaningful messages to be sent over a network to a software-based controller as well as the exploitation of a hidden vulnerability by its execution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Al Sardy, L., Saglietti, F., Tang, T., Sonnenberg, H.: Constraint-based testing for buffer overflows. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 99–111. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_10

    Chapter  Google Scholar 

  2. Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI 2008). USENIX Association (2008)

    Google Scholar 

  3. Cisco: Most Common CWE Vulnerabilities, annual cybersecurity report (2018)

    Google Scholar 

  4. Cisco: CWE threat category activity, midyear security report (2015)

    Google Scholar 

  5. Eddington, M.: Peach Fuzzer (2019). http://peachfuzzer.com/

  6. Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Softw. 19, 42–51 (2002). https://doi.org/10.1109/52.976940

    Article  Google Scholar 

  7. Makarov, A., Billowie, O.: Steuerung einer Destillationsanlage, interner Bericht. Hochschule Magdeburg-Stendal, Fachbereich IWID, Institut für Elektrotechnik (2008)

    Google Scholar 

  8. MITRE Corporation: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number, Common Vulnerabilities and Exposures Database (CVE), CVE-2019-3568 (2019)

    Google Scholar 

  9. MITRE Corporation: Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2, Common Vulnerabilities and Exposures Database (CVE), CVE-2004-0185 (2004)

    Google Scholar 

  10. MITRE Corporation: Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2, Common Vulnerabilities and Exposures Database (CVE), CVE-2003-1327 (2003)

    Google Scholar 

  11. MITRE Corporation: Off-by-one Error in fb_realpath(), Common Vulnerabilities and Exposures Database (CVE), CVE-2003-0466 (2003)

    Google Scholar 

  12. Oulu University Secure Programming Group (OUSPG): Radamsa (2010). https://www.ee.oulu.fi/roles/ouspg/Radamsa

  13. Saglietti, F., Meitner, M., von Wardenburg, L., Richthammer, V.: Analysis of informed attacks and appropriate countermeasures for cyber-physical systems. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 222–233. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45480-1_18

    Chapter  Google Scholar 

  14. Schneider Electric Software Security Response Center: InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability, Security Bulletin LFSEC00000125 (2018)

    Google Scholar 

  15. Shahriar, H., Zulkernine, M.: Classification of static analysis-based buffer overflow detectors. In: 4th International Conference on Secure Software Integration and Reliability Improvement Companion (SSIRI-C). IEEE (2010). https://doi.org/10.1109/ssiri-c.2010.28

  16. Shoshitaishvili, Y., Wang, R., et al.: (State of) the art of war: offensive techniques in binary analysis. In: IEEE Symposium on Security and Privacy. IEEE (2016)

    Google Scholar 

  17. Swiecki, R.: Hongfuzz (2018). www.github.com/google/hongfuzz

  18. Zalewski, M.: American Fuzzy Lop (AFL) (2017). http://lcamtuf.coredump.cx/afl/

Download references

Acknowledgment

The authors gratefully acknowledge that part of the work presented was supported by the German Federal Ministry for Economic Affairs and Energy (BMWi), project SMARTEST.

Author information

Authors and Affiliations

  1. Software Engineering (Informatik 11), University of Erlangen-Nuremberg, Martensstr. 3, 91058, Erlangen, Germany

    Loui Al Sardy, Andreas Neubaum, Francesca Saglietti & Daniel Rudrich

Authors
  1. Loui Al Sardy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Neubaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francesca Saglietti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Rudrich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Loui Al Sardy , Andreas Neubaum or Francesca Saglietti .

Editor information

Editors and Affiliations

  1. Newcastle University, Newcastle-upon-Tyne, UK

    Alexander Romanovsky

  2. Ã…bo Akademi University, Turku, Finland

    Elena Troubitsyna

  3. City, University of London, London, UK

    Ilir Gashi

  4. AIT Austrian Institute of Technology, Vienna, Austria

    Erwin Schoitsch

  5. Thales Deutschland GmbH, Berlin, Germany

    Friedemann Bitsch

Appendix

Appendix

figure a

Code of example 5 (Turing machine)

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Al Sardy, L., Neubaum, A., Saglietti, F., Rudrich, D. (2019). Comparative Evaluation of Security Fuzzing Approaches. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science(), vol 11699. Springer, Cham. https://doi.org/10.1007/978-3-030-26250-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-26250-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-26249-5

  • Online ISBN: 978-3-030-26250-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics