A state-aware protocol fuzzer based on application-layer protocols

Takahisa Kitagawa, Miyuki Hanaoka, Kenji Kono

Research output: Contribution to journalArticle

Abstract

In the face of constant malicious attacks to networkconnected software systems, software vulnerabilities need to be discovered early in the development phase. In this paper, we present AspFuzz, a state-aware protocol fuzzer based on the specifications of application-layer protocols. AspFuzz automatically generates anomalous messages that exploit possible vulnerabilities. The key observation behind AspFuzz is that most attack messages violate the strict specifications of application-layer protocols. For example, they do not conform to the rigid format or syntax required of each message. In addition, some attack messages ignore the protocol states and have incorrect orders of messages. AspFuzz automatically generates a large number of anomalous messages that deliberately violate the specifications of application-layer protocols. To demonstrate the effectiveness of AspFuzz, we conducted experiments with POP3 and HTTP servers. With AspFuzz, we can discover 20 reported and 1 previously unknown vulnerabilities for POP3 servers and 25 reported vulnerabilities for HTTP servers. Two vulnerabilities among these can be discovered by the state-awareness of AspFuzz. It can also find a SIP state-related vulnerability.

Original languageEnglish
Pages (from-to)1008-1017
Number of pages10
JournalIEICE Transactions on Information and Systems
VolumeE94-D
Issue number5
DOIs
Publication statusPublished - 2011 May

Fingerprint

Network protocols
HTTP
Servers
Specifications
Experiments

Keywords

  • Fuzzing
  • Protocol specification
  • Software vulnerability testing

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Software
  • Artificial Intelligence
  • Hardware and Architecture
  • Computer Vision and Pattern Recognition

Cite this

A state-aware protocol fuzzer based on application-layer protocols. / Kitagawa, Takahisa; Hanaoka, Miyuki; Kono, Kenji.

In: IEICE Transactions on Information and Systems, Vol. E94-D, No. 5, 05.2011, p. 1008-1017.

Research output: Contribution to journalArticle

Kitagawa, Takahisa ; Hanaoka, Miyuki ; Kono, Kenji. / A state-aware protocol fuzzer based on application-layer protocols. In: IEICE Transactions on Information and Systems. 2011 ; Vol. E94-D, No. 5. pp. 1008-1017.
@article{268111fe7c124207837085a8807e45a1,
title = "A state-aware protocol fuzzer based on application-layer protocols",
abstract = "In the face of constant malicious attacks to networkconnected software systems, software vulnerabilities need to be discovered early in the development phase. In this paper, we present AspFuzz, a state-aware protocol fuzzer based on the specifications of application-layer protocols. AspFuzz automatically generates anomalous messages that exploit possible vulnerabilities. The key observation behind AspFuzz is that most attack messages violate the strict specifications of application-layer protocols. For example, they do not conform to the rigid format or syntax required of each message. In addition, some attack messages ignore the protocol states and have incorrect orders of messages. AspFuzz automatically generates a large number of anomalous messages that deliberately violate the specifications of application-layer protocols. To demonstrate the effectiveness of AspFuzz, we conducted experiments with POP3 and HTTP servers. With AspFuzz, we can discover 20 reported and 1 previously unknown vulnerabilities for POP3 servers and 25 reported vulnerabilities for HTTP servers. Two vulnerabilities among these can be discovered by the state-awareness of AspFuzz. It can also find a SIP state-related vulnerability.",
keywords = "Fuzzing, Protocol specification, Software vulnerability testing",
author = "Takahisa Kitagawa and Miyuki Hanaoka and Kenji Kono",
year = "2011",
month = "5",
doi = "10.1587/transinf.E94.D.1008",
language = "English",
volume = "E94-D",
pages = "1008--1017",
journal = "IEICE Transactions on Information and Systems",
issn = "0916-8532",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "5",

}

TY - JOUR

T1 - A state-aware protocol fuzzer based on application-layer protocols

AU - Kitagawa, Takahisa

AU - Hanaoka, Miyuki

AU - Kono, Kenji

PY - 2011/5

Y1 - 2011/5

N2 - In the face of constant malicious attacks to networkconnected software systems, software vulnerabilities need to be discovered early in the development phase. In this paper, we present AspFuzz, a state-aware protocol fuzzer based on the specifications of application-layer protocols. AspFuzz automatically generates anomalous messages that exploit possible vulnerabilities. The key observation behind AspFuzz is that most attack messages violate the strict specifications of application-layer protocols. For example, they do not conform to the rigid format or syntax required of each message. In addition, some attack messages ignore the protocol states and have incorrect orders of messages. AspFuzz automatically generates a large number of anomalous messages that deliberately violate the specifications of application-layer protocols. To demonstrate the effectiveness of AspFuzz, we conducted experiments with POP3 and HTTP servers. With AspFuzz, we can discover 20 reported and 1 previously unknown vulnerabilities for POP3 servers and 25 reported vulnerabilities for HTTP servers. Two vulnerabilities among these can be discovered by the state-awareness of AspFuzz. It can also find a SIP state-related vulnerability.

AB - In the face of constant malicious attacks to networkconnected software systems, software vulnerabilities need to be discovered early in the development phase. In this paper, we present AspFuzz, a state-aware protocol fuzzer based on the specifications of application-layer protocols. AspFuzz automatically generates anomalous messages that exploit possible vulnerabilities. The key observation behind AspFuzz is that most attack messages violate the strict specifications of application-layer protocols. For example, they do not conform to the rigid format or syntax required of each message. In addition, some attack messages ignore the protocol states and have incorrect orders of messages. AspFuzz automatically generates a large number of anomalous messages that deliberately violate the specifications of application-layer protocols. To demonstrate the effectiveness of AspFuzz, we conducted experiments with POP3 and HTTP servers. With AspFuzz, we can discover 20 reported and 1 previously unknown vulnerabilities for POP3 servers and 25 reported vulnerabilities for HTTP servers. Two vulnerabilities among these can be discovered by the state-awareness of AspFuzz. It can also find a SIP state-related vulnerability.

KW - Fuzzing

KW - Protocol specification

KW - Software vulnerability testing

UR - http://www.scopus.com/inward/record.url?scp=79955623593&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79955623593&partnerID=8YFLogxK

U2 - 10.1587/transinf.E94.D.1008

DO - 10.1587/transinf.E94.D.1008

M3 - Article

AN - SCOPUS:79955623593

VL - E94-D

SP - 1008

EP - 1017

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

SN - 0916-8532

IS - 5

ER -