Related papers: No Peer, no Cry: Network Application Fuzzing via Fault Injection

No Peer, no Cry: Network Application Fuzzing via Fault Injection

URL: http://arxiv.org/abs/2409.01059v1
Date: Mon, 2 Sep 2024 08:35:55 GMT
Title: No Peer, no Cry: Network Application Fuzzing via Fault Injection
Authors: Nils Bars, Moritz Schloegel, Nico Schiller, Lukas Bernhard, Thorsten Holz,
Abstract summary: We propose a fundamentally different approach that relies on fault injection rather than modifying messages. We show that Fuzztruction-Net outperforms other fuzzers in terms of coverage and bugs found. Overall, Fuzztruction-Net uncovered 23 new bugs in well-tested software, such as the web servers Nginx and Apache HTTPd and the OpenSSH client.
Score: 19.345967816562364
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Network-facing applications are commonly exposed to all kinds of attacks, especially when connected to the internet. As a result, web servers like Nginx or client applications such as curl make every effort to secure and harden their code to rule out memory safety violations. One would expect this to include regular fuzz testing, as fuzzing has proven to be one of the most successful approaches to uncovering bugs in software. Yet, surprisingly little research has focused on fuzzing network applications. When studying the underlying reasons, we find that the interactive nature of communication, its statefulness, and the protection of exchanged messages render typical fuzzers ineffective. Attempts to replay recorded messages or modify them on the fly only work for specific targets and often lead to early termination of communication. In this paper, we discuss these challenges in detail, highlighting how the focus of existing work on protocol state space promises little relief. We propose a fundamentally different approach that relies on fault injection rather than modifying messages. Effectively, we force one of the communication peers into a weird state where its output no longer matches the expectations of the target peer, potentially uncovering bugs. Importantly, this weird peer can still properly encrypt/sign the protocol message, overcoming a fundamental challenge of current fuzzers. In effect, we leave the communication system intact but introduce small corruptions. Since we can turn either the server or the client into the weird peer, our approach is the first that can effectively test client-side network applications. Evaluating 16 targets, we show that Fuzztruction-Net outperforms other fuzzers in terms of coverage and bugs found. Overall, Fuzztruction-Net uncovered 23 new bugs in well-tested software, such as the web servers Nginx and Apache HTTPd and the OpenSSH client.

Related papers

Pipe-Cleaner: Flexible Fuzzing Using Security Policies [0.07499722271664144]
Pipe-Cleaner is a system for detecting and analyzing C code vulnerabilities. It is based on flexible developer-designed security policies enforced by a tag-based runtime reference monitor. We demonstrate the potential of this approach on several heap-related security vulnerabilities.
arXiv Detail & Related papers (2024-10-31T23:35:22Z)
G-Fuzz: A Directed Fuzzing Framework for gVisor [48.85077340822625]
G-Fuzz is a directed fuzzing framework for gVisor. G-Fuzz has been deployed in industry and has detected multiple serious vulnerabilities.
arXiv Detail & Related papers (2024-09-20T01:00:22Z)
What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications [5.169724825219126]
We introduce PHUZZ, a modular fuzzing framework for PHP web applications. PHUZZ uses novel approaches to detect more client-side and server-side vulnerability classes than state-of-the-art related work. We fuzz over 1,000 API endpoints of the 115 most popular WordPress plugins, resulting in over 20 security issues and 2 new CVE-IDs.
arXiv Detail & Related papers (2024-06-10T13:43:07Z)
Fuzzing Frameworks for Server-side Web Applications: A Survey [3.522950356329991]
This study reviews the state-of-the-art fuzzing frameworks for testing web applications through web API. We collect papers from seven online repositories of peer-reviewed articles over the last ten years.
arXiv Detail & Related papers (2024-06-05T12:45:02Z)
EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection [53.25863925815954]
Federated self-supervised learning (FSSL) has emerged as a promising paradigm that enables the exploitation of clients' vast amounts of unlabeled data. While FSSL offers advantages, its susceptibility to backdoor attacks has not been investigated. We propose the Embedding Inspector (EmInspector) that detects malicious clients by inspecting the embedding space of local models.
arXiv Detail & Related papers (2024-05-21T06:14:49Z)
EDEFuzz: A Web API Fuzzer for Excessive Data Exposures [3.5061201620029885]
Excessive Data Exposure (EDE) was the third most significant API vulnerability of 2019. There are few automated tools -- either in research or industry -- to effectively find and remediate such issues. We build the first fuzzing tool -- that we call EDEFuzz -- to systematically detect EDEs.
arXiv Detail & Related papers (2023-01-23T04:05:08Z)
Randomized Message-Interception Smoothing: Gray-box Certificates for Graph Neural Networks [68.4543263023324]
We propose novel gray-box certificates for Graph Neural Networks (GNNs) We randomly intercept messages and analyze the probability that messages from adversarially controlled nodes reach their target nodes. Our certificates provide stronger guarantees for attacks at larger distances.
arXiv Detail & Related papers (2023-01-05T12:21:48Z)
SNPSFuzzer: A Fast Greybox Fuzzer for Stateful Network Protocols using Snapshots [14.927657157570053]
SNPSFuzzer is a fast greybox fuzzer for stateful network protocol using snapshots. SNPSFuzzer dumps the context information when the network protocol program is under a specific state and restores it when the state needs to be fuzzed.
arXiv Detail & Related papers (2022-02-08T04:53:36Z)
Robust and Verifiable Information Embedding Attacks to Deep Neural Networks via Error-Correcting Codes [81.85509264573948]
In the era of deep learning, a user often leverages a third-party machine learning tool to train a deep neural network (DNN) classifier. In an information embedding attack, an attacker is the provider of a malicious third-party machine learning tool. In this work, we aim to design information embedding attacks that are verifiable and robust against popular post-processing methods.
arXiv Detail & Related papers (2020-10-26T17:42:42Z)
Backdoor Attack against Speaker Verification [86.43395230456339]
We show that it is possible to inject the hidden backdoor for infecting speaker verification models by poisoning the training data. We also demonstrate that existing backdoor attacks cannot be directly adopted in attacking speaker verification.
arXiv Detail & Related papers (2020-10-22T11:10:08Z)
Learning with Weak Supervision for Email Intent Detection [56.71599262462638]
We propose to leverage user actions as a source of weak supervision to detect intents in emails. We develop an end-to-end robust deep neural network model for email intent identification.
arXiv Detail & Related papers (2020-05-26T23:41:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.