SNOOZE: toward a stateful network protocol fuzZEr

Authors:
Greg Banks;Marco Cova;Viktoria Felmetsger;Kevin Almeroth;Richard Kemmerer;Giovanni Vigna
Affiliations:
Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara
Venue:
ISC'06 Proceedings of the 9th international conference on Information Security
Year:
2006

Citing 6
Cited 7

An empirical study of the reliability of UNIX utilities

Communications of the ACM
System Security Assessment through Specification Mutations and Fault Injection

Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security Issues of the New Century
Web application security assessment by fault injection and behavior monitoring

WWW '03 Proceedings of the 12th international conference on World Wide Web
Fault Injection Based on a Partial View of the Global State of a Distributed System

SRDS '99 Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems
A Framework for Assessing Dependability in Distributed Systems with Lightweight Fault Injectors

IPDS '00 Proceedings of the 4th International Computer Performance and Dependability Symposium
An empirical study of the robustness of Windows NT applications using random testing

WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4

KiF: a stateful SIP fuzzer

Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
A Formal Approach to Robustness Testing of Network Protocol

NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution

ACM Transactions on Information and System Security (TISSEC)
STING: finding name resolution vulnerabilities in programs

Security'12 Proceedings of the 21st USENIX conference on Security symposium
Behavioral fuzzing operators for UML sequence diagrams

SAM'12 Proceedings of the 7th international conference on System Analysis and Modeling: theory and practice
Semi-valid input coverage for fuzz testing

Proceedings of the 2013 International Symposium on Software Testing and Analysis
Dowsing for overflows: a guided fuzzer to find buffer boundary violations

SEC'13 Proceedings of the 22nd USENIX conference on Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzing has many advantages in terms of simplicity and effectiveness over more complex, expensive testing approaches. Unfortunately, current fuzzing tools suffer from a number of limitations, and, in particular, they provide little support for the fuzzing of stateful protocols. In this paper, we present SNOOZE, a tool for building flexible, security-oriented, network protocol fuzzers. SNOOZE implements a stateful fuzzing approach that can be used to effectively identify security flaws in network protocol implementations. SNOOZE allows a tester to describe the stateful operation of a protocol and the messages that need to be generated in each state. In addition, SNOOZE provides attack-specific fuzzing primitives that allow a tester to focus on specific vulnerability classes. We used an initial prototype of the SNOOZE tool to test programs that implement the SIP protocol, with promising results. SNOOZE supported the creation of sophisticated fuzzing scenarios that were able to expose real-world bugs in the programs analyzed.