Abstract
Stateful protocols, such as FTP, SIP, and RTSP, play a significant role in computer systems. However, their implementation is prone to security vulnerabilities, which have drawn attention from both industry and academia. Various fuzzing techniques, including the AFLNet fuzzer, have been proposed to test stateful protocol implementations. However, the effectiveness of these existing techniques has not been systematically evaluated, and the understanding of their strengths and weaknesses is limited. To fill this gap, we conducted a comprehensive study to explore the performance of state-of-the-art fuzzing techniques on stateful protocols. In particular, we systematically investigated six state-of-the-art fuzzers on 13 widely used programs using identical seed inputs. Our empirical study revealed the following key findings: (i) State coverage guidance effectively navigates through complex states, although with limitations in directly improving code coverage; (ii) Sequence mutation is pivotal yet requires refinement for effectiveness; (iii) Replacement of asynchronous network socket with synchronous shared memory not only improves test throughput but also improve test efficiency. Finally, based on our findings, we further pinpointed the further research in the broad area of stateful protocol fuzzing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alrahem, T., et al.: Interstate: a stateful protocol fuzzer for sip. Defcon 15, 1–5 (2007)
Andronidis, A., Cadar, C.: Snapfuzz: high-throughput fuzzing of network applications. In: Ryu, S., Smaragdakis, Y. (eds.) ISSTA ’22: 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, 18–22 July 2022, pp. 340–351. ACM, Virtual Event, South Korea (2022)
Aschermann, C., Schumilo, S., Abbasi, A., Holz, T.: IJON: exploring deep state spaces via fuzzing. In: 2020 IEEE Symposium on Security and Privacy, SP 2020, 18–21 May 2020, pp. 1597–1612. IEEE, San Francisco, CA, USA (2020)
Atlidakis, V., Godefroid, P., Polishchuk, M.: Restler: stateful REST API fuzzing. In: Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, 25–31 May 2019, pp. 748–758. IEEE/ACM, Montreal, QC, Canada (2019)
Ba, J., Böhme, M., Mirzamomen, Z., Roychoudhury, A.: Stateful greybox fuzzing. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 3255–3272. USENIX Association, Boston, MA, August 2022
Banks, G., Cova, M., Felmetsger, V., Almeroth, K., Kemmerer, R., Vigna, G.: SNOOZE: toward a stateful network protocol fuzzer. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 343–358. Springer, Heidelberg (2006). https://doi.org/10.1007/11836810_25
beyondsecurity: beSTORM (2022). https://www.beyondsecurity.com/bestorm-and-the-sdl
Ferreira, G.M.: SPIKE (2022). https://github.com/guilhermeferreira/spikepp
GitLab: peach-fuzzer-community (2022). https://gitlab.com/peachtech/peach-fuzzer-community
Goodin, D.: NSA-leaking Shadow Brokers just dumped its most damaging release yet (2022). https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
Google: AFL (2021). https://github.com/google/AFL
Google: AFLNWE (2021). https://github.com/thuanpv/aflnwe
Gorbunov, S., Rosenbloom, A.: Autofuzz: automated network protocol fuzzing framework. Ijcsns 10(8), 239 (2010)
He, H., Wang, Y.: Pnfuzz: a stateful network protocol fuzzing approach based on packet clustering. Comput. Sci. Inf. Technol. (CS & IT) 10, 61–69 (2020)
Jian, K., et al.: Fuzzing for stateful protocol implementations: are we there yet? Evaluation’s data (2024). https://sites.google.com/view/stateprotocolfuzzevaluation
Li, J., Li, S., Sun, G., Chen, T., Yu, H.: Snpsfuzzer: a fast greybox fuzzer for stateful network protocols using snapshots. IEEE Trans. Inf. Forensics Secur. 17, 2673–2687 (2022)
Liu, D., Pham, V., Ernst, G., Murray, T., Rubinstein, B.I.P.: State selection algorithms and their impact on the performance of stateful network protocol fuzzing. In: IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2022, 15–18 March 2022, pp. 720–730. IEEE, Honolulu, HI, USA (2022)
Liu, H., et al.: Labrador: response guided directed fuzzing for black-box IoT devices. In: 2024 IEEE Symposium on Security and Privacy (SP), p. 126. IEEE Computer Society, Los Alamitos, CA, USA (2024)
Luo, Z., et al.: Bleem: packet sequence oriented fuzzing for protocol implementations. In: 32st USENIX Security Symposium, USENIX Security 2023, 9–11 AUGUST 2023. p. Accepted. USENIX Association, ANAHEIM, CA, USA (2023)
Maier, D., Bittner, O., Munier, M., Beier, J.: FiTM: binary-only coverage-guided fuzzing for stateful network protocols. In: Workshop on Binary Analysis Research (BAR), 2022 (2022)
McKnight, P.E., Najab, J.: Mann-whitney u test. The Corsini encyclopedia of psychology (2010)
Meng, R., Mirchev, M., Böhme, M., Roychoudhury, A.: Large language model guided protocol fuzzing. In: Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS) (2024)
Natella, R.: Stateafl: greybox fuzzing for stateful network servers. Empir. Softw. Eng. 27(7), 191 (2022)
Natella, R., Pham, V.: Profuzzbench: a benchmark for stateful protocol fuzzing. In: Cadar, C., Zhang, X. (eds.) ISSTA ’21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, 11–17 July 2021, pp. 662–665. ACM, Virtual Event, Denmark (2021)
OpenRCE: Sulley (2019). https://github.com/llvm/llvm-project
Pereyda, J.: boofuzz (2022). https://github.com/jtpereyda/boofuzz
Pham, V., Böhme, M., Roychoudhury, A.: AFLNET: a greybox fuzzer for network protocols. In: 13th IEEE International Conference on Software Testing, Validation and Verification, ICST 2020, 24–28 October 2020, pp. 460–465. IEEE, Porto, Portugal (2020)
Qin, S., Hu, F., Zhao, B., Yin, T., Zhang, C.: Registered report: nsfuzz: towards efficient and state-aware network service fuzzing. In: International Fuzzing Workshop (FUZZING) 2022. San Diego, CA, USA (2022)
Schumilo, S., Aschermann, C., Jemmett, A., Abbasi, A., Holz, T.: Nyx-net: network fuzzing with incremental snapshots. In: Bromberg, Y., Kermarrec, A., Kozyrakis, C. (eds.) EuroSys ’22: Seventeenth European Conference on Computer Systems, April 5–8, 2022, pp. 166–180. ACM, Rennes, France (2022)
Shu, Z., Yan, G.: Iotinfer: automated blackbox fuzz testing of iot network protocols guided by finite state machine inference. IEEE Internet Things J. 9(22), 22737–22751 (2022)
Yu, Y., Chen, Z., Gan, S., Wang, X.: Sgpfuzzer: a state-driven smart graybox protocol fuzzer for network protocol implementations. IEEE Access 8, 198668–198678 (2020)
Zhao, B., et al.: StateFuzz: system call-based state-aware linux driver fuzzing. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 3273–3289. USENIX Association, Boston, MA (2022)
Zuo, F., Luo, Z., Yu, J., Liu, Z., Jiang, Y.: Pavfuzz: state-sensitive fuzz testing of protocols in autonomous vehicles. In: 58th ACM/IEEE Design Automation Conference, DAC 2021, 5–9 December 2021, pp. 823–828. IEEE, San Francisco, CA, USA (2021)
Acknowledgment
The authors would like to thank the anonymous reviewers for their valuable feedback. This work is partly supported by the National Key R &D Program of China under Grant #2022YFB3103900, Strategic Priority Research Program of the CAS under Grant #XDCO2030200, Chinese National Natural Science Foundation (Grants #62032010, #62202462), and Hong Kong RGC/GRF #16205821.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Jian, K. et al. (2024). Fuzzing for Stateful Protocol Implementations: Are We There Yet?. In: Chin, WN., Xu, Z. (eds) Theoretical Aspects of Software Engineering. TASE 2024. Lecture Notes in Computer Science, vol 14777. Springer, Cham. https://doi.org/10.1007/978-3-031-64626-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-64626-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-64625-6
Online ISBN: 978-3-031-64626-3
eBook Packages: Computer ScienceComputer Science (R0)