Abstract | ||
---|---|---|
Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzing has many advantages in terms of simplicity and effectiveness over more complex, expensive testing approaches. Unfortunately, current fuzzing tools suffer from a number of limitations, and, in particular, they provide little support for the fuzzing of stateful protocols. In this paper, we present SNOOZE, a tool for building flexible, security-oriented, network protocol fuzzers. SNOOZE implements a stateful fuzzing approach that can be used to effectively identify security flaws in network protocol implementations. SNOOZE allows a tester to describe the stateful operation of a protocol and the messages that need to be generated in each state. In addition, SNOOZE provides attack-specific fuzzing primitives that allow a tester to focus on specific vulnerability classes. We used an initial prototype of the SNOOZE tool to test programs that implement the SIP protocol, with promising results. SNOOZE supported the creation of sophisticated fuzzing scenarios that were able to expose real-world bugs in the programs analyzed. |
Year | DOI | Venue |
---|---|---|
2006 | 10.1007/11836810_25 | Lecture Notes in Computer Science |
Keywords | Field | DocType |
stateful protocol,attack-specific fuzzing primitive,stateful network protocol fuzzer,network protocol fuzzers,stateful fuzzing approach,sip protocol,sophisticated fuzzing scenario,snooze tool,stateful operation,network protocol implementation,current fuzzing tool,computer security,vulnerability,network protocol,black box,security testing | Black box (phreaking),Security testing,Fuzz testing,Computer science,Computer security,Implementation,Session Initiation Protocol,Stateful firewall,Transmission protocol,Communications protocol,Embedded system | Conference |
Volume | ISSN | ISBN |
4176 | 0302-9743 | 3-540-38341-7 |
Citations | PageRank | References |
42 | 2.37 | 8 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Greg Banks | 1 | 201 | 15.26 |
Marco Cova | 2 | 1425 | 71.19 |
Viktoria Felmetsger | 3 | 313 | 15.93 |
Kevin C. Almeroth | 4 | 2551 | 209.40 |
Richard Kemmerer | 5 | 449 | 25.88 |
Giovanni Vigna | 6 | 7121 | 507.72 |