Context-Sensitive Fuzzing

Description

Internet-facing security-critical network protocols are susceptible to exploitation by remote adversaries seeking to compromise overall security. These adversaries employ crafted inputs to exploit undisclosed or unpatched security flaws (bugs) in protocol implementations. Despite the common strategy of bug identification and patching, unearthing elusive bugs in protocol implementations remains challenging as it requires navigating stringent input validation to discover bugs that lurk deep in the code. Fuzzing automates security testing by passing abnormal inputs to programs in order to discover bugs. While fuzzing has effectively uncovered bugs in many real-world systems, it still struggles to generate inputs essential for testing complex code logic. This project bridges this gap in traditional fuzzing by developing an innovative automated solution that effectively enhances the testing of protocol implementations.

Publications

People

• Endadul Hoque
• Polina Kozyreva
• Siwei Zhang

Funding Source

• Google Research
• National Science Foundation