Abstract
Recent techniques have significantly improved fuzzing, discovering many vulnerabilities in various software systems. However, certain types of systems, such as network protocols, are still challenging to fuzz. This article presents two enhancements that allow efficient fuzzing of network protocols. The first is Desock+, which simulates a network socket and supports different POSIX options to make Desock+ suitable for faster network protocol fuzzing. The second is Green-Fuzz, which sends input messages in one go and reduces the system-call overhead while fuzzing network protocols. We applied this modification to AFLNet, but it could be applied to any fuzzer for stateful systems. This is the maximum overhead we can avoid, when doing out-process fuzzing on stateful systems. Our evaluation shows that these enhancements make AFLNet up to four times faster.
E. Poll—This research is funded by NWO as part of the INTERSCT project (NWA.1160.18.301).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Continuous Integration/Continuous Deployment.
- 2.
This is just an estimation based on our experience with out-process fuzzing using AFL fuzzer.
- 3.
One round of fuzzing consists of sending one input to the SUT to test it, and refreshing the SUT for the next input.
- 4.
A loopback address is a unique IP address, that is used to refer to the localhost.
References
Libfuzzer: A library for coverage-guided fuzz testing (2023). https://llvm.org/docs/LibFuzzer.html. Retrieved 2 Feb 2023
Zardus: preeny (2023). https://github.com/zardus/preeny. Retrieved 6 Jan 2023
Google: ClusterFuzz Trophies (2022). https://google.github.io/clusterfuzz/#trophies. Retrieved 12 Feb 2023
Tuveri, N.: Fuzzing open-SSL (2021). https://github.com/openssl/openssl/blob/master/fuzz/README.md. Retrieved 6 Feb 2023
Low, W.C.Y.: Dissecting Microsoft IMAP Client Protocol (2022). https://www.fortinet.com/blog/threat-research/analyzing-microsoft-imap-client-protocol. Retrieved 6 Feb 2023
Aschermann, C., Schumilo, S., Abbasi, A., Holz, T.: Ijon: exploring deep state spaces via fuzzing. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1597–1612. IEEE (2020)
Ba, J., Böhme, M., Mirzamomen, Z., Roychoudhury, A.: Stateful greybox fuzzing. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 3255–3272 (2022)
Cui, B., Wang, F., Hao, Y., Chen, X.: WhirlingFuzzwork: a taint-analysis-based API in-memory fuzzing framework. Soft. Comput. 21, 3401–3414 (2017)
Daniele, C., Andarzian, S.B., Poll, E.: Fuzzers for stateful systems: survey and research directions (2023). arXiv preprint arXiv:2301.02490
Isberner, M., Howar, F., Steffen, B.: The TTT algorithm: a redundancy-free approach to active automata learning. In: Bonakdarpour, B., Smolka, S.A. (eds.) RV 2014. LNCS, vol. 8734, pp. 307–322. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11164-3_26
Maier, D., Bittner, O., Munier, M., Beier, J.: FitM: binary-only coverage-guided fuzzing for stateful network protocols. In: Workshop on Binary Analysis Research (BAR), vol. 2022 (2022)
Natella, R., Pham, V.-T.: Profuzzbench: a benchmark for stateful protocol fuzzing. In: Proceedings of the 30th ACM SIGSOFT international symposium on software testing and analysis, pp. 662–665 (2021)
Pham, V.-T., Böhme, M., Roychoudhury, A.: AFLNet: a greybox fuzzer for network protocols. In: 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), pp. 460–465. IEEE (2020)
Schumilo, S., Aschermann, C., Jemmett, A., Abbasi, A., Holz, T.: Nyx-net: network fuzzing with incremental snapshots. In: Proceedings of the Seventeenth European Conference on Computer Systems, pp. 166–180 (2022)
Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, London (2007)
Yu, Y., Chen, Z., Gan, S., Wang, X.: SGPFuzzer: a state-driven smart graybox protocol fuzzer for network protocol implementations. IEEE Access 8, 198668–198678 (2020)
Zeng, Y., et al.: Multifuzz: a coverage-based multiparty-protocol Fuzzer for IoT publish/subscribe protocols. Sensors 20(18), 5194 (2020)
Luo, Z., Zuo, F., Shen, Y., Jiao, X., Chang, W., Jiang, Y.: ICS protocol fuzzing: coverage guided packet crack and generation. In: 2020 57th ACM/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2020)
Mozilla Security: Peach (2021). https://github.com/MozillaSecurity/peach. Retrieved 2 Feb 2023
Yu, B., Wang, P., Yue, T., Tang, Y.: Poster: fuzzing IoT firmware via multi-stage message generation. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), pp. 2525–2527 (2019)
Natella, R.: StateAFL: Greybox fuzzing for stateful network servers. Empir. Softw. Eng. 27(7) (2022)
Fioraldi, A., Maier, D., EiĂźfeldt, H., Heuse, M.: AFL++: combining incremental steps of fuzzing research. In: 14th USENIX Workshop on Offensive Technologies (WOOT 20) (2020)
The OPC foundation 2023: The OPC Unified Architecture (UA) (2023). https://opcfoundation.org/about/opc-technologies/opc-ua/. Retrieved 2 Apr 2023
Modbus Organization: Modbus data communications protocol (2023). https://modbus.org/. Retrieved 2 Apr 2023
Cheremushkin, T.: OPC UA security analysis 2023. Technical report, Kaspersky (2023). https://ics-cert.kaspersky.com/publications/reports/2018/05/10/opc-ua-security-analysis/. Retrieved 14 Apr 2023
Serebryany, K.: OSS-Fuzz-Google’s continuous fuzzing service for open source software. In: USENIX 2017 (2017)
Klooster, T., Turkmen, F., Broenink, G., Hove, R.T., Böhme, M.: Continuous fuzzing: a study of the effectiveness and scalability of fuzzing in CI/CD pipelines. In: 2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT), pp. 25–32. IEEE (2023)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Andarzian, S.B., Daniele, C., Poll, E. (2024). Green-Fuzz: Efficient Fuzzing for Network Protocol Implementations. In: Mosbah, M., Sèdes, F., Tawbi, N., Ahmed, T., Boulahia-Cuppens, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2023. Lecture Notes in Computer Science, vol 14551. Springer, Cham. https://doi.org/10.1007/978-3-031-57537-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-57537-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57536-5
Online ISBN: 978-3-031-57537-2
eBook Packages: Computer ScienceComputer Science (R0)