SSFuzz:State-sensitive Greybox Fuzzing for Network Protocol Services
The vulnerability of network protocol services,as the interface for personal devices to interact with the Internet,poses a serious threat to users'privacy and information security.The state-of-the-art network protocol grey-box fuzzy testing tools in-troduce state feedback on the basis of code coverage,which further filters effective variant seeds by analysing the state informa-tion of network protocol services.However,different fuzz testing tools have different definitions of network protocol service state,e.g.,AFLNET extracts state by analysing the contents of server response packets,and StateAFL defines long-lived memo-ry as program state.For state collection,SGFuzz identifies assignment statements of state variables and inserts stakes by analy-sing Enum type data definitions.However,SGFuzz cannot identify the indirect assignment statements of state variables,and the identification of state variables is not comprehensive.Meanwhile,when constructing state machines,different fuzzy testing tech-niques have different definitions of state machine nodes,making it difficult to use multiple state collection strategies on the same fuzzy testing tool at the same time.In addition,in terms of experimental design,existing schemes tend to compare the code cove-rage situation over the same period of time.However,the growth of code coverage is affected by various factors,such as through-put,seed screening strategies,etc.Code coverage experiments within the same time are suitable for comparison between different fuzzy testing tools,not for improvement experiments of individual modules in them.In this paper,we propose SSFuzz.Specifical-ly,SSFuzz first investigates the state-variable based staking approach,which identifies the indirect assignment method of state-variable assignment based on the abstract syntax tree information during the code compilation process,and is able to stake state-variable assignment statements more accurately.Secondly,SSFuzz defines the state machine for guiding state screening,which is able to facilitate the co-construction of state machines by different state feedback strategies.Experiments show that SSFuzz ena-bles staking of most network protocol services,and compared to SGFuzz,indirect assignment statements.In addition,we discuss experimental methods suitable for evaluating the effectiveness of state machines and demonstrate that SSFuzz is able to achieve higher path coverage with a smaller number of test samples.
NETL
NSTL
万方数据
