Feedback-Guided API Fuzzing of 5G Network

Tianchang Yang (Pennsylvania State University), Sathiyajith K S (Pennsylvania State University), Ashwin Senthil Arumugam (Pennsylvania State University), Syed Rafiul Hussain (Pennsylvania State University)

We present our work-in-progress on designing and implementing a black-box evolutionary fuzzer for REST APIs, specifically targeting 5G core networks that utilize a service-based architecture (SBA). Unlike existing tools that rely on static generation-based approaches, our approach progressively refines test inputs to explore deeper code regions in the target system. We incorporate a thorough analysis of the limited response message feedback available in black-box settings and employ a carefully crafted mutation method to generate effective state-aware test inputs. Evaluation of our current implementation has uncovered two previously unknown vulnerabilities in open-source 5G core network implementations, resulting in the assignment of two CVEs. Additionally, our approach already demonstrates superior performance compared to existing black-box fuzzing methods.

Paper

View More Papers

Keynote talk by Dr. May Wang (Palo Alto Networks)

LLM-xApp: A Large Language Model Empowered Radio Resource Management...

Xingqi Wu (University of Michigan-Dearborn), Junaid Farooq (University of Michigan-Dearborn), Yuhui Wang (University of Michigan-Dearborn), Juntao Chen (Fordham University)

A Comprehensive Memory Safety Analysis of Bootloaders

Jianqiang Wang (CISPA Helmholtz Center for Information Security), Meng Wang (CISPA Helmholtz Center for Information Security), Qinying Wang (Zhejiang University), Nils Langius (Leibniz Universität Hannover), Li Shi (ETH Zurich), Ali Abbasi (CISPA Helmholtz Center for Information Security), Thorsten Holz (CISPA Helmholtz Center for Information Security)

Revealing the Black Box of Device Search Engine: Scanning...

Mengying Wu (Fudan University), Geng Hong (Fudan University), Jinsong Chen (Fudan University), Qi Liu (Fudan University), Shujun Tang (QI-ANXIN Technology Research Institute; Tsinghua University), Youhao Li (QI-ANXIN Technology Research Institute), Baojun Liu (Tsinghua University), Haixin Duan (Tsinghua University; Quancheng Laboratory), Min Yang (Fudan University)