Shisong Qin (Tsinghua University), Fan Hu (State Key Laboratory of Mathematical Engineering and Advanced Computing), Bodong Zhao (Tsinghua University), Tingting Yin (Tsinghua University), Chao Zhang (Tsinghua University)

As the essential component responsible for communication, network services are security-critical, and it is vital to find vulnerabilities in them. Fuzzing is currently one of the most popular software vulnerability discovery techniques, widely adopted due to its high efficiency and low false positives. However, existing coverage-guided fuzzers mainly aim at stateless local applications, leaving stateful network services underexplored. Recently, some fuzzers targeting network services have been proposed but have certain limitations, e.g., insufficient or inaccurate state representation and low testing efficiency.

In this paper, we propose a new fuzzing solution NSFuzz for stateful network services. Specifically, we studied typical implementations of network service programs and figured out how they represent states and interact with clients, and accordingly propose (1) a program variable-based state representation scheme and (2) an efficient interaction synchronization mechanism to improve efficiency. We have implemented a prototype of NSFuzz, which uses static analysis to identify network event loops and extract state variables, then achieves fast I/O synchronization and efficient s t ate-aware fuzzing via lightweight compile-time instrumentation. The preliminary evaluation results show that, compared with state-of-the-art network service fuzzers AFLNET and STATEAFL, our solution NSFuzz could infer a more accurate state model during fuzzing and improve the testing throughput by up to 50x and the coverage by up to 20%.

View More Papers

Demo #4: Recovering Autonomous Robotic Vehicles from Physical Attacks

Pritam Dash (University of British Columbia) and Karthik Pattabiraman (University of British Columbia)

Read More

DrawnApart: A Deep-Learning Enhanced GPU Fingerprinting Technique

Naif Mehanna (University of Lille, CNRS, Inria), Tomer Laor (Ben-Gurion University of the Negev)

Read More

Forensic Analysis of Configuration-based Attacks

Muhammad Adil Inam (University of Illinois at Urbana-Champaign), Wajih Ul Hassan (University of Illinois at Urbana-Champaign), Ali Ahad (University of Virginia), Adam Bates (University of Illinois at Urbana-Champaign), Rashid Tahir (University of Prince Mugrin), Tianyin Xu (University of Illinois at Urbana-Champaign), Fareed Zaffar (LUMS)

Read More