Stateful protocols are fundamental to network, yet their vulnerabilities can lead to severe security risks. Fuzzing, an effective testing technique, is widely used to uncover vulnerabilities in stateful protocol programs, enhancing their robustness and security. Existing fuzzers for stateful protocols typically employ state-guided strategies, selecting a state for testing in each iteration. However, these approaches often struggle with inaccurate state identification, failing to align with the actual protocol states of the program. Additionally, not all states carry equal risk; some are more likely to harbor vulnerabilities. Current methods overlook this variation in state significance during state selection, which diminishes the overall efficiency of fuzzing. To overcome these limitations, we propose a state importance-based fuzzing approach for stateful protocols and implement a prototype tool, SSGFuzz. SSGFuzz identifies state variables and states from the program by leveraging the characteristics of stateful protocols and evaluates the importance of each state across multiple dimensions. During the fuzzing process, SSGFuzz prioritizes state selection and test case mutation based on state importance, focusing on those states most likely to contain vulnerabilities. We conducted comparative experiments between SSGFuzz and existing fuzzers. The results show that SSGFuzz achieves an average increase of 36.4% in state coverage and 4.8% in code coverage, while also triggering more crashes, which facilitates the discovery of additional vulnerabilities.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

State Significance-Guided Fuzzing for Stateful Protocol Program

  • Kunpeng Jian,
  • Yanyan Zou,
  • Chen Wang,
  • Ning Li,
  • Menghao Li,
  • Wei Huo

摘要

Stateful protocols are fundamental to network, yet their vulnerabilities can lead to severe security risks. Fuzzing, an effective testing technique, is widely used to uncover vulnerabilities in stateful protocol programs, enhancing their robustness and security. Existing fuzzers for stateful protocols typically employ state-guided strategies, selecting a state for testing in each iteration. However, these approaches often struggle with inaccurate state identification, failing to align with the actual protocol states of the program. Additionally, not all states carry equal risk; some are more likely to harbor vulnerabilities. Current methods overlook this variation in state significance during state selection, which diminishes the overall efficiency of fuzzing. To overcome these limitations, we propose a state importance-based fuzzing approach for stateful protocols and implement a prototype tool, SSGFuzz. SSGFuzz identifies state variables and states from the program by leveraging the characteristics of stateful protocols and evaluates the importance of each state across multiple dimensions. During the fuzzing process, SSGFuzz prioritizes state selection and test case mutation based on state importance, focusing on those states most likely to contain vulnerabilities. We conducted comparative experiments between SSGFuzz and existing fuzzers. The results show that SSGFuzz achieves an average increase of 36.4% in state coverage and 4.8% in code coverage, while also triggering more crashes, which facilitates the discovery of additional vulnerabilities.