Abstract
Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzing has many advantages in terms of simplicity and effectiveness over more complex, expensive testing approaches. Unfortunately, current fuzzing tools suffer from a number of limitations, and, in particular, they provide little support for the fuzzing of stateful protocols.
In this paper, we present SNOOZE, a tool for building flexible, security-oriented, network protocol fuzzers. SNOOZE implements a stateful fuzzing approach that can be used to effectively identify security flaws in network protocol implementations. SNOOZE allows a tester to describe the stateful operation of a protocol and the messages that need to be generated in each state. In addition, SNOOZE provides attack-specific fuzzing primitives that allow a tester to focus on specific vulnerability classes. We used an initial prototype of the SNOOZE tool to test programs that implement the SIP protocol, with promising results. SNOOZE supported the creation of sophisticated fuzzing scenarios that were able to expose real-world bugs in the programs analyzed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Communications of the ACM 33(12), 32–44 (1990)
Miller, B.P., Koski, D., Lee, C., Maganty, V., Murthy, R., Natarajan, A., Steidl, J.: Fuzz Revisited: A Reexamination of the Reliability of UNIX Utilities and Services. Technical report, Computer Science Department, University of Wisconsin (1995)
Forrester, J.E., Miller, B.P.: An empirical study of the robustness of Windows NT applications using random testing. In: Proceedings of the 4th USENIX Windows Systems Symposium, pp. 59–68 (2000)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: RFC 3261: SIP: Session Initiation Protocol (2002)
Miller, B.P., Cooksey, G., Moore, F.: An Empirical Study of the Robustness of MacOS Applications Using Random Testing. Technical report, Computer Science Department, University of Wisconsin (2006)
Cukier, M., Chandra, R., Henke, D., Pistole, J., Sanders, W.H.: Fault Injection Based on a Partial View of the Global State of a Distributed System. In: Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems, pp. 168–177. IEEE Computer Society, Washington (1999)
Dawson, S., Jahanian, F., Mitton, T.: ORCHESTRA: A fault injection environment for distributed systems. Technical Report CSE-TR-318-96, University of Michigan (1996)
Stott, D.T., Floering, B., Kalbarczyk, Z., Iyer, R.K.: A Framework for Assessing Dependability in Distributed Systems with Lightweight Fault Injectors. In: Proceedings of the 4th International Computer Performance and Dependability Symposium, pp. 91–102 (2000)
Huang, Y.W., Huang, S.K., Lin, T.P., Tsai, C.H.: Web Application Security Assessment by Fault Injection and Behavior Monitoring. In: Proceedings of the 12th International World Wide Web Conference, pp. 148–159. ACM Press, New York (2003)
Looker, N., Xu, J.: Assessing the Dependability of SOAP RPC-Based Web Services by Fault Injection. In: Proceedings of the Ninth IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (2003)
Foundstone: WSDigger, http://www.foundstone.com/resources/s3i_tools.htm
Aitel, D.: The Advantages of Block-Based Protocol Analysis for Security Testing. Technical report, Immunity, Inc. (2003)
Kaksonen, R., Laakso, M., Takanen, A.: Software Security Assessment through Specification Mutations and Fault Injection. In: Proceedings of Communications and Multimedia Security Issues of the New Century (2001)
Oulu University Secure Programming Group: PROTOS Test-Suite: c06-snmpv1. Technical report, University of Oulu, Electrical and Information Engineering (2002)
Linphone Project Team: Linphone: Telephony on Linux, http://www.linphone.org/
Moizard, A.: The GNU oSIP library, http://www.gnu.org/software/osip/
KPhone Project Team: KPhone: a voice over internet phone, http://sourceforge.net/projects/kphone/
SJ Labs: SJphone, http://www.sjlabs.com/sjp.html
Morlat, S.: Re: [SNOOZE] remote crash of linphone-1.1.0. Personal communication to the authors (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Banks, G., Cova, M., Felmetsger, V., Almeroth, K., Kemmerer, R., Vigna, G. (2006). SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_25
Download citation
DOI: https://doi.org/10.1007/11836810_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38341-3
Online ISBN: 978-3-540-38343-7
eBook Packages: Computer ScienceComputer Science (R0)