A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Filters
Protocol State Fuzzing of TLS Implementations
2015
USENIX Security Symposium
Preserved Fulltext
We describe a largely automated and systematic analysis of TLS implementations by what we call 'protocol state fuzzing': we use state machine learning to infer state machines from protocol implementations ...
This shows that protocol state fuzzing is a useful technique to systematically analyse security protocol implementations. ...
In essence, this involves fuzzing different sequences of messages, which is why we call this approach protocol state fuzzing. ...
dblp:conf/uss/RuiterP15
fatcat:p45hhaaeindjtg4asa3ihw6g2a
Rollback mechanism of nested virtual machines for protocol fuzz testing
2014
Proceedings of the 29th Annual ACM Symposium on Applied Computing - SAC '14
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Implementations of secure protocols should be tested as exhaustively as possible. Repeated protocol fuzz testing from every reachable state is necessary and snapshot/rollback mechanism is required. ...
The internal VM of nested VM emulates whole hardware for exact repeat of protocol handling, and the external VM and proxies work for managing the state of internal VM and packets on a wire. ...
ACKNOWLEGEMENT This work is supported by the National Institute of Information and Communications Technology of Japan. ...
doi:10.1145/2554850.2554899
dblp:conf/sac/SuzakiYTOS14
fatcat:t3e4mxccjvfk3lx2vvq4ht452e
Model-Based Grey-Box Fuzzing of Network Protocols
2022
Security and Communication Networks
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
However, the challenges of protocol fuzzing are the mutation of protocol messages and the deep interactivity of the protocol implementation. ...
This paper proposes a model-based grey-box fuzzing approach for protocol implementations, including the server-side and client-side. ...
Acknowledgments is work was supported by the National Key Research and Development Project of China (2019QY1300). e authors would like to express their gratitude to EditSprings (https:// www.editsprings.cn ...
doi:10.1155/2022/6880677
fatcat:rq63r47bd5bgtmwnpkuvxlonke
Systematic Fuzzing and Testing of TLS Libraries
2016
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We present TLS-Attacker, an open source framework for evaluating the security of TLS libraries. ...
Based on TLS-Attacker, we present a two-stage fuzzing approach to evaluate TLS server behavior. Our approach automatically searches for cryptographic failures and boundary violation vulnerabilities. ...
State Machine Attacks TLS is a complex protocol containing different message flows. This results in complex state machine implementations which can contain severe security bugs. ...
doi:10.1145/2976749.2978411
dblp:conf/ccs/Somorovsky16
fatcat:xhpgfybnwjg4rjyvpznssqyqfy
SPFuzz: A Hierarchical Scheduling Framework For Stateful Network Protocol Fuzzing
2019
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
However, it is less efficient to fuzz the stateful protocols due to the difficulties like maintaining states and dependencies of messages. ...
In experiments, the SPFuzz framework outperforms the existing stateful protocol fuzzing tool Boofuzz by an average of 69.12% in three granularities coverage tests. ...
This was tested on nine implementations of the Transfer layer security (TLS) [24] protocol. Novickis [6] also took a similar approach upon OpenVPN. ...
doi:10.1109/access.2019.2895025
fatcat:zl2mcj5mbfd2lbsi4t7damq4ee
Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning
[chapter]
2019
Communications in Computer and Information Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2019 pre-print arXiv:1902.07471v1 fatcat:pzffaaqurndffjdtmt3thceqkm
In this paper, we analyze state machine models of TLS protocol implementation of SChannel library and describe weaknesses and design flaws in these models, found using protocol state fuzzing. ...
We have used protocol state fuzzing to identify vulnerable and undesired state transitions in the state machine of the protocol for various versions of SChannel. ...
In this paper, we analyze state machine models of TLS protocol implementation of SChannel library and describe weaknesses and design flaws in these models, found using protocol state fuzzing. ...
doi:10.1007/978-981-13-5826-5_27
fatcat:rd33xjs7jzam3mcbjx5sq2anl4
Verifying Software Vulnerabilities in IoT Cryptographic Protocols
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
However, the design and implementation of such protocols is an error-prone task; flaws in the implementation can lead to devastating security vulnerabilities. ...
We evaluate the application of EBF verification framework on a case study, i.e., the S-MQTT protocol, to check security vulnerabilities in cryptographic protocols for IoT. ...
Our EBF method can be described as follows: (1) We symbolically execute the initial state of the cryptographic protocol implementation (e.g., the S-MQTT implementation). ...
arXiv:2001.09837v1
fatcat:qjjpkp7775bivnjfgtlkc2e7z4
Coverage-guided differential testing of TLS implementations based on syntax mutation
2022
PLoS ONE
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Meanwhile, various versions of TLS protocol implementations exhibit different behavioral characteristics. ...
The differences of different implementations during the fuzzing process, such as code coverage and response data, are taken to guide the mutation of test cases, and the seeds are mutated based on the TLS ...
For the protocol state machine [5, 6] , Ruiter et al. [7] modeled a state machine for implementing the TLS protocol based on the active learning method. ...
doi:10.1371/journal.pone.0262176
pmid:35073360
pmcid:PMC8786154
fatcat:2ol6csi32ndqhns4tuenihbuba
Inferring OpenVPN State Machines Using Protocol State Fuzzing
2018
2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We infer state machines of the server-side implementation and focus on particular phases of the protocol. ...
Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. ...
Regular inference, or protocol state fuzzing, is a technique to infer a state machine from the implementation of a protocol [1] . ...
doi:10.1109/eurospw.2018.00009
dblp:conf/eurosp/DanielPR18
fatcat:rkijsstqzrcxzcmm53rteklowe
Analysis of DTLS Implementations Using Protocol State Fuzzing
2020
USENIX Security Symposium
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We present the first comprehensive analysis of DTLS implementations using protocol state fuzzing. ...
We build a framework for applying protocol state fuzzing on DTLS servers, and use it to learn state machine models for thirteen DTLS implementations. ...
The research was established at the Lorentz Center workshop on Systematic Analysis of Security Protocol Implementations. ...
dblp:conf/uss/Fiterau-Brostean20
fatcat:rtjd3ewmmbcqli2xpvtihj46hm
StateAFL: Greybox Fuzzing for Stateful Network Servers
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
At run-time, it infers the current protocol state of the target by analyzing snapshots of long-lived memory areas, and incrementally builds a protocol state machine for guiding fuzzing. ...
Fuzzing network servers is a technical challenge, since the behavior of the target server depends on its state over a sequence of multiple messages. ...
, to be tailored for the system-under-test (e.g., TLS-Attacker for the TLS protocol) [35] . ...
arXiv:2110.06253v1
fatcat:hhtcwz3onnbtnk45ryclwdvwka
MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols
2020
Sensors
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Second, it uses a message mutation algorithm to stimulate protocol state transitions, without the need of protocol specifications. ...
We implement MultiFuzz based on AFL, and use it to fuzz two popular projects Eclipse Mosquitto and libCoAP. We reported discovered problems to the projects. ...
, like TLS-Attacker [27] for the Transport Layer Security (TLS) protocol, and MTF [37] for the Modbus protocol. ...
doi:10.3390/s20185194
pmid:32933082
fatcat:773wbha32vhobiopgzf56jkl7u
Stateful Greybox Fuzzing
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In this work, we posit that manual annotations for state identification can be avoided for stateful protocol fuzzing. ...
We call these bugs as "stateful" bugs. Usually, when we are testing a protocol implementation, we do not have a detailed formal specification of the protocol to rely upon. ...
HVlearn [21] infers DFA-models of SSL/TLS hostname verification implementations via learning algorithms. ...
arXiv:2204.02545v3
fatcat:ybwwd64uhbabrjrjj7dm4drp34
SGPFuzzer: A State-Driven Smart Graybox Protocol Fuzzer for Network Protocol Implementations
2020
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
As one of the most widely used technologies in software testing, fuzzing technology has been applied to network protocol vulnerability detection, and various network protocol fuzzers have been proposed ...
In this study, we first analyze and summarize some typical network protocol fuzzers to highlight the challenges when addressing stateful network protocol fuzzing. ...
Our stateful fuzzer design, in contrast, learns the state space of a stateful network protocol implementation; moreover, it records the state-state transitions triggered by fuzzing. ...
doi:10.1109/access.2020.3025037
fatcat:77anseyuv5dthc46aytphitqtu
Protocol State Machines and Session Languages: Specification, implementation, and Security Flaws
2015
2015 IEEE Security and Privacy Workshops
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
As a way to improve this situation, we discuss the possibility to automatically infer formal specifications of such languages, in the form of protocol state machines, from implementations by black box ...
Often an input language not only involves a language of individual messages, but also some protocol with a notion of a session, i.e. a sequence of messages that makes up a dialogue between two parties. ...
We also thank Julien Vanegue and Sergey Bratus for their feedback on earlier versions of this paper. ...
doi:10.1109/spw.2015.32
dblp:conf/sp/PollRS15
fatcat:ewealcbccnftnf4p6q4to7woga
« Previous
Showing results 1 — 15 out of 394 results