论文速览

论文速览

当前位置: 首页 > 论文速览 > 正文

http://science.ijournals.cn/jsunature_cn/ch/reader/view_abstract.aspx?file_no=W230005&flag=1

作者:

Author:

收稿日期:          年卷(期)页码:2020,61(1):013002-

期刊名称:四川大学学报: 自然科学版

Journal Name:Journal of Sichuan University (Natural Science Edition)

关键字:http://science.ijournals.cn/jsunature_cn/ch/reader/view_abstract.aspx?file_no=W230005&flag=1

Key words:

基金项目:

中文摘要

英文摘要

Abstract:Almost all of the systems which need communication are inseparable from protocol design. If the protocol stack is vulnerable, attackers can achieve denial of service attack, data theft and even remote code execution via Zero-Click. Protocol messages often have certain elements such as structure, semantics, and timing, making it challenging for general fuzzers to effectively perform fuzzing on the server. In recent years, there have been many researches on grey box protocol fuzzing, among which AFLNET is a representative one. However, the coverage of these researches on the server state machine depends on the coverage of the initial seed corpus. In this paper, we firstly analyze the defects of AFLNET in handling binary format protocols, and propose BBFuzz, a protocol fuzzer for test case generation based on manual data models. BBFuzz can quickly provide many interesting seed files for the seed queue, even with only one initial input, and these seed files can cover a more comprehensive server state. Meanwhile, BBFuzz can well support fuzzing of two different types of protocols, namely human readable ASCII format and binary format protocols. The paper implemented BBFuzz''s support for RTMP protocol, and evaluated BBFuzz on the RTMP module of two well-known streaming media software. Our evaluation results show that BBFuzz outperforms AFLNET on both map density and paths. For RTMP module, we dug two real vulnerabilities on ZLMediaKit and media-server respectively, and these two vulnerabilities have been assigned CVE number which is classified as HIGH.

关闭

Copyright © 2020四川大学期刊社 版权所有.

地址:成都市一环路南一段24号

邮编:610065