Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis 2022
DOI: 10.1145/3533767.3534376
|View full text |Cite
|
Sign up to set email alerts
|

SnapFuzz: high-throughput fuzzing of network applications

Abstract: In recent years, fuzz testing has benefited from increased computational power and important algorithmic advances, leading to systems that have discovered many critical bugs and vulnerabilities in production software. Despite these successes, not all applications can be fuzzed efficiently. In particular, stateful applications such as network protocol implementations are constrained by a low fuzzing throughput and the need to develop complex fuzzing harnesses that involve custom time delays and clean-up scripts… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
7
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 29 publications
(7 citation statements)
references
References 28 publications
0
7
0
Order By: Relevance
“…To obtain the LLM grammar for analysis, we randomly sampled 50 answers from the LLM for the RTSP protocol and consolidated them into one answer set. 4 As shown in Figure 4, the LLM generates grammars for all ten message types that we expected to see appear in over 40 answers from the LLM. Additionally, the LLM occasionally generated 2 random types of client requests, such as "SET DESCRIPTION"; however, each random type only appeared once in our answer set.…”
Section: A Lifting Message Grammars: Quality and Diversitymentioning
confidence: 97%
“…To obtain the LLM grammar for analysis, we randomly sampled 50 answers from the LLM for the RTSP protocol and consolidated them into one answer set. 4 As shown in Figure 4, the LLM generates grammars for all ten message types that we expected to see appear in over 40 answers from the LLM. Additionally, the LLM occasionally generated 2 random types of client requests, such as "SET DESCRIPTION"; however, each random type only appeared once in our answer set.…”
Section: A Lifting Message Grammars: Quality and Diversitymentioning
confidence: 97%
“…Automatic testing of network services has been subject to several other related works [2,8,11,14,16,17,19,20,27,29,32,34]. However, we are the first to create an advanced fuzzer for DNS resolvers.…”
Section: Related Workmentioning
confidence: 99%
“…Fuzzing uses a forkserver, which allows for fast restarts and parallelization. SnapFuzz [2] is an iteration of AFLnet with increased performance, achieved with new binary rewriting. The rewriting replaces file system accesses with a custom in-memory implementation, replaces the TCP and UDP socket calls with UNIX domain sockets, and optimizes the forkserver.…”
Section: Related Workmentioning
confidence: 99%
“…For OpenSSH, the lower throughput was caused by an additional delay between request messages, which was configured to make the analysis of in-memory states more deterministic. A potential extennsion to avoid the need for such delays, and in general for improving the fuzzing throughput, is represented by ongoing research on snapshot-based fuzzing, which saves and restores the state of the entire server process at selected times (Li et al 2022;Andronidis and Cadar 2022). Please note that snapshot-based fuzzing is complementary area of research to STATEAFL, which infers states from a fine-grained analysis of process memory, and would guide the snapshot-based process by identifying unique application-level states.…”
Section: Performancementioning
confidence: 99%