Nyx-Net: Network Fuzzing with Incremental Snapshots
Autor: | Sergej Schumilo, Cornelius Aschermann, Andrea Jemmett, Ali Abbasi, Thorsten Holz |
---|---|
Přispěvatelé: | Computer Systems, Network Institute |
Jazyk: | angličtina |
Rok vydání: | 2021 |
Předmět: | |
Zdroj: | Schumilo, S, Aschermann, C, Jemmett, A, Abbasi, A & Holz, T 2022, Nyx-Net: Network Fuzzing with Incremental Snapshots . in EuroSys '22 : Proceedings of the Seventeenth European Conference on Computer Systems . Association for Computing Machinery, Inc, pp. 166-180, 17th European Conference on Computer Systems, EuroSys 2022, Rennes, France, 5/04/22 . https://doi.org/10.1145/3492321.3519591 EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems, 166-180 STARTPAGE=166;ENDPAGE=180;TITLE=EuroSys '22 |
DOI: | 10.1145/3492321.3519591 |
Popis: | Coverage-guided fuzz testing ("fuzzing") has become mainstream and we have observed lots of progress in this research area recently. However, it is still challenging to efficiently test network services with existing coverage-guided fuzzing methods. In this paper, we introduce the design and implementation of Nyx-Net, a novel snapshot-based fuzzing approach that can successfully fuzz a wide range of targets spanning servers, clients, games, and even Firefox's Inter-Process Communication (IPC) interface. Compared to state-of-the-art methods, Nyx-Net improves test throughput by up to 300x and coverage found by up to 70%. Additionally, Nyx-Net is able to find crashes in two of ProFuzzBench's targets that no other fuzzer found previously. When using Nyx-Net to play the game Super Mario, Nyx-Net shows speedups of 10-30x compared to existing work. Under some circumstances, Nyx-Net is even able play "faster than light": solving the level takes less wall-clock time than playing the level perfectly even once. Nyx-Net is able to find previously unknown bugs in servers such as Lighttpd, clients such as MySQL client, and even Firefox's IPC mechanism - demonstrating the strength and versatility of the proposed approach. Lastly, our prototype implementation was awarded a $20.000 bug bounty for enabling fuzzing on previously unfuzzable code in Firefox and solving a long-standing problem at Mozilla. |
Databáze: | OpenAIRE |
Externí odkaz: |