Skip to main content
SpringerLink
Log in

Green-Fuzz: Efficient Fuzzing for Network Protocol Implementations

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14551))

Included in the following conference series:

  • 55 Accesses

Abstract

Recent techniques have significantly improved fuzzing, discovering many vulnerabilities in various software systems. However, certain types of systems, such as network protocols, are still challenging to fuzz. This article presents two enhancements that allow efficient fuzzing of network protocols. The first is Desock+, which simulates a network socket and supports different POSIX options to make Desock+ suitable for faster network protocol fuzzing. The second is Green-Fuzz, which sends input messages in one go and reduces the system-call overhead while fuzzing network protocols. We applied this modification to AFLNet, but it could be applied to any fuzzer for stateful systems. This is the maximum overhead we can avoid, when doing out-process fuzzing on stateful systems. Our evaluation shows that these enhancements make AFLNet up to four times faster.

E. Poll—This research is funded by NWO as part of the INTERSCT project (NWA.1160.18.301).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Continuous Integration/Continuous Deployment.

  2. 2.

    This is just an estimation based on our experience with out-process fuzzing using AFL fuzzer.

  3. 3.

    One round of fuzzing consists of sending one input to the SUT to test it, and refreshing the SUT for the next input.

  4. 4.

    A loopback address is a unique IP address, that is used to refer to the localhost.

References

  1. Libfuzzer: A library for coverage-guided fuzz testing (2023). https://llvm.org/docs/LibFuzzer.html. Retrieved 2 Feb 2023

  2. Zardus: preeny (2023). https://github.com/zardus/preeny. Retrieved 6 Jan 2023

  3. Google: ClusterFuzz Trophies (2022). https://google.github.io/clusterfuzz/#trophies. Retrieved 12 Feb 2023

  4. Tuveri, N.: Fuzzing open-SSL (2021). https://github.com/openssl/openssl/blob/master/fuzz/README.md. Retrieved 6 Feb 2023

  5. Low, W.C.Y.: Dissecting Microsoft IMAP Client Protocol (2022). https://www.fortinet.com/blog/threat-research/analyzing-microsoft-imap-client-protocol. Retrieved 6 Feb 2023

  6. Aschermann, C., Schumilo, S., Abbasi, A., Holz, T.: Ijon: exploring deep state spaces via fuzzing. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1597–1612. IEEE (2020)

    Google Scholar 

  7. Ba, J., Böhme, M., Mirzamomen, Z., Roychoudhury, A.: Stateful greybox fuzzing. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 3255–3272 (2022)

    Google Scholar 

  8. Cui, B., Wang, F., Hao, Y., Chen, X.: WhirlingFuzzwork: a taint-analysis-based API in-memory fuzzing framework. Soft. Comput. 21, 3401–3414 (2017)

    Article  Google Scholar 

  9. Daniele, C., Andarzian, S.B., Poll, E.: Fuzzers for stateful systems: survey and research directions (2023). arXiv preprint arXiv:2301.02490

  10. Isberner, M., Howar, F., Steffen, B.: The TTT algorithm: a redundancy-free approach to active automata learning. In: Bonakdarpour, B., Smolka, S.A. (eds.) RV 2014. LNCS, vol. 8734, pp. 307–322. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11164-3_26

    Chapter  Google Scholar 

  11. Maier, D., Bittner, O., Munier, M., Beier, J.: FitM: binary-only coverage-guided fuzzing for stateful network protocols. In: Workshop on Binary Analysis Research (BAR), vol. 2022 (2022)

    Google Scholar 

  12. Natella, R., Pham, V.-T.: Profuzzbench: a benchmark for stateful protocol fuzzing. In: Proceedings of the 30th ACM SIGSOFT international symposium on software testing and analysis, pp. 662–665 (2021)

    Google Scholar 

  13. Pham, V.-T., Böhme, M., Roychoudhury, A.: AFLNet: a greybox fuzzer for network protocols. In: 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), pp. 460–465. IEEE (2020)

    Google Scholar 

  14. Schumilo, S., Aschermann, C., Jemmett, A., Abbasi, A., Holz, T.: Nyx-net: network fuzzing with incremental snapshots. In: Proceedings of the Seventeenth European Conference on Computer Systems, pp. 166–180 (2022)

    Google Scholar 

  15. Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, London (2007)

    Google Scholar 

  16. Yu, Y., Chen, Z., Gan, S., Wang, X.: SGPFuzzer: a state-driven smart graybox protocol fuzzer for network protocol implementations. IEEE Access 8, 198668–198678 (2020)

    Article  Google Scholar 

  17. Zeng, Y., et al.: Multifuzz: a coverage-based multiparty-protocol Fuzzer for IoT publish/subscribe protocols. Sensors 20(18), 5194 (2020)

    Article  Google Scholar 

  18. Luo, Z., Zuo, F., Shen, Y., Jiao, X., Chang, W., Jiang, Y.: ICS protocol fuzzing: coverage guided packet crack and generation. In: 2020 57th ACM/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2020)

    Google Scholar 

  19. Mozilla Security: Peach (2021). https://github.com/MozillaSecurity/peach. Retrieved 2 Feb 2023

  20. Yu, B., Wang, P., Yue, T., Tang, Y.: Poster: fuzzing IoT firmware via multi-stage message generation. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), pp. 2525–2527 (2019)

    Google Scholar 

  21. Natella, R.: StateAFL: Greybox fuzzing for stateful network servers. Empir. Softw. Eng. 27(7) (2022)

    Google Scholar 

  22. Fioraldi, A., Maier, D., EiĂźfeldt, H., Heuse, M.: AFL++: combining incremental steps of fuzzing research. In: 14th USENIX Workshop on Offensive Technologies (WOOT 20) (2020)

    Google Scholar 

  23. The OPC foundation 2023: The OPC Unified Architecture (UA) (2023). https://opcfoundation.org/about/opc-technologies/opc-ua/. Retrieved 2 Apr 2023

  24. Modbus Organization: Modbus data communications protocol (2023). https://modbus.org/. Retrieved 2 Apr 2023

  25. Cheremushkin, T.: OPC UA security analysis 2023. Technical report, Kaspersky (2023). https://ics-cert.kaspersky.com/publications/reports/2018/05/10/opc-ua-security-analysis/. Retrieved 14 Apr 2023

  26. Serebryany, K.: OSS-Fuzz-Google’s continuous fuzzing service for open source software. In: USENIX 2017 (2017)

    Google Scholar 

  27. Klooster, T., Turkmen, F., Broenink, G., Hove, R.T., Böhme, M.: Continuous fuzzing: a study of the effectiveness and scalability of fuzzing in CI/CD pipelines. In: 2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT), pp. 25–32. IEEE (2023)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Radboud Universiteit, Nijmegen, The Netherlands

    Seyed Behnam Andarzian, Cristian Daniele & Erik Poll

Authors
  1. Seyed Behnam Andarzian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cristian Daniele
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Erik Poll
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Seyed Behnam Andarzian .

Editor information

Editors and Affiliations

  1. University of Bordeaux, Bordeaux, France

    Mohamed Mosbah

  2. Toulouse III - Paul Sabatier University, Toulouse, France

    Florence Sèdes

  3. Université Laval, Québec, QC, Canada

    Nadia Tawbi

  4. University of Bordeaux, Bordeaux, France

    Toufik Ahmed

  5. Polytechnique Montréal, Montreal, QC, Canada

    Nora Boulahia-Cuppens

  6. Telecom SudParis, Palaiseau, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Andarzian, S.B., Daniele, C., Poll, E. (2024). Green-Fuzz: Efficient Fuzzing for Network Protocol Implementations. In: Mosbah, M., Sèdes, F., Tawbi, N., Ahmed, T., Boulahia-Cuppens, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2023. Lecture Notes in Computer Science, vol 14551. Springer, Cham. https://doi.org/10.1007/978-3-031-57537-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-57537-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-57536-5

  • Online ISBN: 978-3-031-57537-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation