Fuzzing

Description

Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzing has many advantages in terms of simplicity and effectiveness over more complex, expensive testing approaches. Unfortunately, current fuzzing tools suffer from a number of limitations, and, in particular, they provide little support for the fuzzing of stateful protocols.

We built a prototype of a fuzzing tool, called SNOOZE, in which we tried to integrate the strengths of existing fuzzing tools, while correcting the limitations mentioned above. SNOOZE is a tool for building flexible, security-oriented, network protocol fuzzers. SNOOZE implements a stateful fuzzing approach that can be used to effectively identify security flaws in network protocol implementations. SNOOZE allows a tester to describe the stateful operation of a protocol and the messages that need to be generated in each state. In addition, SNOOZE provides attack-specific fuzzing primitives that allow a tester to focus on specific vulnerability classes.

Definitions

Fuzzing: Fuzzing is a black-box approach to testing the security properties of a software component. Fuzzing operates on the input and output of a component without requiring any knowledge of its internal working. The technique of fuzzing aims to expose flaws in applications by exercising them with invalid inputs.

Results

We used an initial prototype of the SNOOZE tool to test programs that implement the Session Initiation Protocol (SIP), an application-layer signaling protocol used to create, modify and terminate sessions with one or more participants, such as those found in Internet conferences and Internet telephone calls. SNOOZE allowed for the creation of sophisticated fuzzing scenarios that were able to expose real-world bugs in the programs analyzed. Please, refer to the "SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr" paper for an additional information.

Publications

G. Banks, M. Cova, V. Felmetsger, K. Almeroth, R. Kemmerer and G. Vigna, "SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr,", in Proceedings of the 9th Information Security Conference (ISC'06), , August 30 - September 2, 2006. To appear.

People

G. Banks, Graduate Student.
M. Cova, Graduate Student.
V. Felmetsger, Graduate Student.
R. Kemmerer, Professor.
G. Vigna, Associate Professor.
K. Almeroth, Professor.

Acknowledgments

This research was supported by the Army Research Laboratory and the Army Research Office, under agreement DAAD19-01-1-0484.