Fuzzing an Industrial Proprietary Protocol

被引：0

作者：

Baranov, Eduard ^{[1
]}

Legay, Axel ^{[1
]}

Vivian, Martin ^{[1
]}

机构：

[1] UCLouvain, ICTEAM, INGI, Ottignies, Belgium

来源：

FORMAL METHODS FOR INDUSTRIAL CRITICAL SYSTEMS, FMICS 2024 | 2024年 / 14952卷

关键词：

Protocol Fuzzing; Vulnerability Detection;

D O I：

10.1007/978-3-031-68150-9_7

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

For many proprietary systems source code and documentation are not available which makes them hard to test leaving only black-box approaches. In this work, we present an experience of fuzzing a protocol for drone control and the developed tool BinFuzz. BinFuzz is a man-in-the-middle stateful black-box protocol fuzzer. Listening to real communication as a man-in-the-middle, the fuzzer reconstructs states of the protocol as well as detects message types and their variable fields. The collected knowledge is used during the fuzzing to improve the quality of the generated inputs. For the application, we first test BinFuzz on an FTP protocol and then use it to fuzz the protocol for drone control.

引用

页码：119 / 135

页数：17

共 31 条

[1] Abdelnur H.J., 2007, P 1 INT C PRINC SYST, P47
[2] RESTler: Stateful REST API Fuzzing
Atlidakis, Vaggelis
Godefroid, Patrice
Polishchuk, Marina
[J]. 2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), 2019, : 748 - 758
[3] Chang Oliver, 2023, Taking the Next step: OSS-Fuzz in 2023
[4] de Ruiter J, 2015, PROCEEDINGS OF THE 24TH USENIX SECURITY SYMPOSIUM, P193
[5] Gascon H., 2015, INT C SEC PRIV COMM, V164, P330, DOI 10
[6] SAGE: Whitebox Fuzzing for Security Testing
Godefroid, Patrice
Levin, Michael Y.
Molinar, David
[J]. COMMUNICATIONS OF THE ACM, 2012, 55 (03) : 40 - 44
[7] Görz P, 2023, PROCEEDINGS OF THE 32ND USENIX SECURITY SYMPOSIUM, P4535
[8] Gorbunov S, 2010, INT J COMPUT SCI NET, V10, P239
[9] Hoikkala J., 2021, FFuF-fuzz faster u fool
[10] Turning Programs against Each Other: High Coverage Fuzz-Testing using Binary-Code Mutation and Dynamic Slicing
Kargen, Ulf
Shahmehri, Nahid
[J]. 2015 10TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2015) PROCEEDINGS, 2015, : 782 - 792

← 1 2 3 4 →