This repository has been archived by the owner on Nov 24, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsrc.bib
712 lines (635 loc) · 35 KB
/
src.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
@inproceedings {AFLplusplus-Woot20,
author = {Andrea Fioraldi and Dominik Maier and Heiko Ei{\ss}feldt and Marc Heuse},
title = {{AFL++}: Combining Incremental Steps of Fuzzing Research},
booktitle = {14th {USENIX} Workshop on Offensive Technologies ({WOOT} 20)},
year = {2020},
publisher = {{USENIX} Association},
month = aug,
url = {https://www.usenix.org/system/files/woot20-paper-fioraldi.pdf},
urldate = {2024-03-11},
}
@inproceedings{libafl,
author = {Andrea Fioraldi and Dominik Maier and Dongjia Zhang and Davide Balzarotti},
title = {{LibAFL: A Framework to Build Modular and Reusable Fuzzers}},
booktitle = {Proceedings of the 29th ACM conference on Computer and communications security (CCS)},
series = {CCS '22},
year = {2022},
month = {November},
location = {Los Angeles, U.S.A.},
publisher = {ACM},
url = {https://dl.acm.org/doi/pdf/10.1145/3548606.3560602},
urldate = {2024-03-11},
}
@online{afl,
author = {Michal Salewski},
title = {AFL},
url = {https://lcamtuf.coredump.cx/afl/},
urldate = {2024-03-11},
}
@online{path-traversal,
author = {OWASP},
title = {Path Traversal},
url = {https://owasp.org/www-community/attacks/Path_Traversal},
urldate = {2024-03-11},
}
@online{sns,
author = {iisys},
title = {System and Network Security},
url = {https://www.iisys.de/forschung/forschungsgruppen/system-and-network-security/},
urldate = {2024-03-11},
}
@online{afl-instr,
author = {Michal Zalewski},
title = {Instrumentieren eines Programms mit AFL},
url = {/~https://github.com/google/AFL/blob/master/docs/technical_details.txt#L23-L76},
urldate = {2024-03-11},
}
@online{binaryProt-py,
author = {Sebastian Peschke},
title = {binaryProt.py Script zur Analyse der Ausgaben des Netzwerkprotokolls},
url = {/~https://github.com/ItsMagick/Praxis-Bachelor-Listings/blob/main/binaryProt.py},
urldate = {2024-03-11},
}
@online{reqs-n-res,
author = {Sebastian Peschke},
title = {Netzwerk Protokoll Befehle und Antworten},
url = {https://gitlab.iisys.de/isb/beam-me-up-scotty/-/blob/fuzz-test/docs/BinaryCommandsAndResponses.md?ref_type=heads},
urldate = {2024-03-11},
}
@ARTICLE{iot-fuzzing,
author={Eceiza, Maialen and Flores, Jose Luis and Iturbe, Mikel},
journal={IEEE Internet of Things Journal},
title={Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems},
year={2021},
volume={8},
number={13},
pages={10390-10411},
keywords={Fuzzing;Embedded systems;Security;Internet of Things;Task analysis;Software;Hardware;Embedded system;fuzzing;internet of Things (IoT);software testing;vulnerabilities},
doi={10.1109/JIOT.2021.3056179},
url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9344712},
urldate = {2024-03-11},
}
@online{afl-best-practice,
author = {AFL},
title = {Fuzzing a network service},
url = {https://aflplus.plus/docs/best_practices/#fuzzing-a-network-service},
urldate = {2024-03-11},
}
@online{iot-definition,
author = {Dorsemaine, Bruno},
title = {Internet of things: a definition \& taxonomy},
date = {2015},
url = {https://www.researchgate.net/profile/Bruno-Dorsemaine/publication/282218657_Internet_of_Things_A_Definition_Taxonomy/links/560833be08ae8e08c0946052/Internet-of-Things-A-Definition-Taxonomy.pdf},
urldate = {2024-03-11},
}
@online{root-fs,
author = {The Linux Information Project},
title = {Root Filesystem Definition},
url = {https://www.linfo.org/root_filesystem.html},
urldate = {2024-03-11},
}
@online{arch-procfs,
author = {ArchWiki},
title = {procfs},
url = {https://wiki.archlinux.org/title/Procfs},
urldate = {2024-03-11},
}
@online{kernel-sysfs,
author = {kernel.org},
title = {sysfs},
url = {https://www.kernel.org/doc/html/latest/admin-guide/sysfs-rules.html},
urldate = {2024-03-11},
}
@online{runfs,
author = {The Linux Foundation},
title = {Filesystem Hierarchy Standard},
url = {https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#runRuntimeVariableData},
urldate = {2024-03-11},
}
@online{chroot-fuzz,
author = {Sebastian Peschke},
title = {chroot-fuzz-bin},
url = {https://gitlab.iisys.de/isb/beam-me-up-scotty/-/blob/fuzz-test/fuzz/bin/chroot-fuzz-bin?ref_type=heads},
urldate = {2024-03-11},
}
@online{bwrap,
author = {Containers},
title = {bubblewrap},
url = {/~https://github.com/containers/bubblewrap},
urldate = {2024-03-11},
}
@online{afl-build-qemu,
author = {AFLplusplus},
title = {Benutzen des QEMU Mode},
url = {/~https://github.com/AFLplusplus/AFLplusplus/tree/stable/qemu_mode},
urldate = {2024-03-11},
}
@online{desocketing,
author = {lolcads},
title = {Whas ist Desocketing},
url = {https://lolcads.github.io/posts/2022/02/libdesock/},
urldate = {2024-03-11},
}
@online{libc-start-main,
author = {linuxbase},
title = {Libc Entrypoint},
url = {https://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/baselib---libc-start-main-.html},
urldate = {2024-03-11},
}
@online{afl-file-extension,
author = {AFLplusplus},
title = {AFL input Dateiendung},
url = {/~https://github.com/AFLplusplus/AFLplusplus/blob/stable/src/afl-fuzz.c#L2094-L2098},
urldate = {2024-03-11},
}
@online{afl-cmin,
author = {AFLplusplus},
title = {Sicherstellung der Einzigartigkeit des Korpus mit afl-cmin},
url = {/~https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md?plain=1#L418-L443},
urldate = {2024-03-11},
}
@online{compile-script,
author = {Sebastian Peschke},
title = {Skript zum Cross-kompilieren eines C-Programms},
url = {/~https://github.com/ItsMagick/Praxis-Bachelor-Listings/blob/main/compile-example.sh},
urldate = {2024-03-11},
}
@online{example-tcp-server,
author = {Sebastian Peschke},
title = {Exemplarischer TCP Server},
url = {/~https://github.com/ItsMagick/Praxis-Bachelor-Listings/blob/main/example-tcp-server.c},
urldate = {2024-03-11},
}
@online{docker-gcc,
author = {docker hub},
title = {ARM32v7 GCC Container},
url = {https://hub.docker.com/r/arm32v7/gcc/},
urldate = {2024-03-11},
}
@online{qemu-persistent,
author = {AFLplusplus},
title = {QEMUs persistent mode},
url = {/~https://github.com/AFLplusplus/AFLplusplus/blob/stable/qemu_mode/README.persistent.md},
urldate = {2024-03-11},
}
@online{gcc-doc,
author = {GNU},
title = {Installation von GCC},
url = {https://gcc.gnu.org/install/},
urldate = {2024-03-11},
}
@online{ubuntu-archive,
author = {Ububtu},
title = {Ubuntu Archiv GCC},
url = {http://archive.ubuntu.com/ubuntu/pool/universe/g/},
urldate = {2024-03-11},
}
@online{handler-table,
author = {Sebastian Pahl},
title = {Tabelle der Funktionen des Netzwerkprotokolls und ihre Handler},
url = {https://gitlab.iisys.de/isb/beam-me-up-scotty/-/blob/fuzz-test/scripts/table.py?ref_type=heads},
urldate = {2024-03-11},
}
@online{afl-qemu-how,
author = {Michal Zalewski},
title = {Funktionsweise des AFL QEMU Modus},
url = {/~https://github.com/google/AFL/blob/master/docs/technical_details.txt#L490-L524},
urldate = {2024-03-11},
}
@online{fuzzing-risks,
author = {AFLplusplus},
title = {Risiken des Fuzzing},
url = {/~https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md#common-sense-risks},
urldate = {2024-03-11},
}
@online{stage-progress,
author = {AFLplusplus},
title = {Strategien der Input Mutation},
url = {/~https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/afl-fuzz_approach.md#stage-progress},
urldate = {2024-03-11},
}
@online{inetpreting-output,
author = {AFLplusplus},
title = {Interpretation der Outputs von AFL},
url = {/~https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/afl-fuzz_approach.md#interpreting-output},
urldate = {2024-03-11},
}
@online{iot-statistik,
author = {dataprot},
title = {IoT Statistiken 2024},
url = {https://dataprot.net/statistics/iot-statistics/},
urldate = {2024-03-11},
}
@online{tiobe-programming-trends,
author = {TIOBE},
title = {Index der Popularität der Programmiersprachen},
url = {https://www.tiobe.com/tiobe-index/},
urldate = {2024-03-11},
}
@online{most-secure-programming,
author = {mend.io},
title = {Statistiken über die Sicherheit von Programmiersprachen},
url = {https://www.mend.io/most-secure-programming-languages/},
urldate = {2024-03-11},
}
@online{cvss,
author = {NVD},
title = {Kategorisierung der Schwere einer Sicherheitslücke mittels CVSS},
url = {https://nvd.nist.gov/vuln-metrics/cvss},
urldate = {2024-03-11},
}
@online{iot-exploitations,
author = {Kaspersky},
title = {Übersicht über IoT Ausnutzung},
url = {https://securelist.com/iot-threat-report-2023/110644/},
urldate = {2024-03-11},
}
@online{greenbone,
author = {Greenbone},
title = {Greenbone Schwachstellenscanner},
url = {https://www.greenbone.net/en/products/},
urldate = {2024-03-11},
}
@online{fuzzing,
author = {OWASP Foundation},
title = {Fuzzing},
url = {https://owasp.org/www-community/Fuzzing},
urldate = {2024-03-11},
}
@online{binary-prot-doc,
author = {Sharp NEC},
title = {NEC Control Command Manual},
url = {https://assets.sharpnecdisplays.us/documents/miscellaneous/pj-control-command-codes.pdf},
urldate = {2024-03-11},
}
@online{fuzzing-process-image,
author = {AFLplusplus},
title = {Fuzzing Prozess},
url = {/~https://github.com/AFLplusplus/AFLplusplus/tree/stable/docs},
urldate = {2024-03-11},
}
@online{qemu,
author = {The QEMU Project},
title = {System und User Space Emulation},
url = {https://www.qemu.org/docs/master/about/index.html},
urldate = {2024-03-11},
}
@online{afl-qemu-coverage,
author = {Gal Tashma},
title = {Codepfadinformationen im AFL QEMU Mode},
url = {https://galtashma.com/posts/how-fuzzing-with-qemu-and-afl-work},
urldate = {2024-03-11},
}
@online{gitlab,
author = {S. Pahl},
title = {Gitlab des Projekts},
url = {https://gitlab.iisys.de/isb/beam-me-up-scotty},
urldate = {2024-03-11},
}
@online{afl-multiple-cores,
author = {AFL plus plus},
title = {Verwendung mehrerer CPU-Kerne},
url = {/~https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md#c-using-multiple-cores},
urldate = {2024-03-11},
}
@inproceedings{AFLNet,
author={Van{-}Thuan Pham and Marcel B{\"o}hme and Abhik Roychoudhury},
title={AFLNet: A Greybox Fuzzer for Network Protocols},
booktitle={Proceedings of the 13rd IEEE International Conference on Software Testing, Verification and Validation : Testing Tools Track},
year={2020},}
@online{white-box-testing,
author = {OWASP},
title = {Static Code Analysis},
url = {https://owasp.org/www-community/controls/Static_Code_Analysis},
urldate = {2024-08-30},
}
@online{black-box-testing,
author = {science direct},
title = {Black{-}Box Testing},
urldate = {2024-08-30},
url = {https://www.sciencedirect.com/topics/computer-science/black-box-testing},
}
@inproceedings{Coulter2001GrayboxST,
title={Graybox Software Testing in Real-Time in the Real World},
author={Andr{\'e} C. Coulter},
year={2001},
url={https://api.semanticscholar.org/CorpusID:29193682}
}
@online{black-box-fuzzing,
author = {Hongliang Liang},
title = {Fuzzing{:} State of the Art},
url = {https://wcventure.github.io/FuzzingPaper/Paper/TRel18_Fuzzing.pdf},
urldate = {2024-08-30},
}
@online{grey-box-fuzzing,
author = {Sutton Michael und Greene Adam und Amini Pedram},
title = {Fuzzing: Brute Force Vulnerability Discovery},
year = {2007},
isbn = {0321446119},
publisher = {Addison-Wesley Professional},
}
@article{fuzzer-intelligence,
title = {Fuzzing: a survey},
volume = {1},
issn = {2523-3246},
shorttitle = {Fuzzing},
url = {https://doi.org/10.1186/s42400-018-0002-y},
doi = {10.1186/s42400-018-0002-y},
abstract = {Security vulnerability is one of the root causes of cyber-security threats. To discover vulnerabilities and fix them in advance, researchers have proposed several techniques, among which fuzzing is the most widely used one. In recent years, fuzzing solutions, like AFL, have made great improvements in vulnerability discovery. This paper presents a summary of the recent advances, analyzes how they improve the fuzzing process, and sheds light on future work in fuzzing. Firstly, we discuss the reason why fuzzing is popular, by comparing different commonly used vulnerability discovery techniques. Then we present an overview of fuzzing solutions, and discuss in detail one of the most popular type of fuzzing, i.e., coverage-based fuzzing. Then we present other techniques that could make fuzzing process smarter and more efficient. Finally, we show some applications of fuzzing, and discuss new trends of fuzzing and potential future directions.},
number = {1},
urldate = {2024-08-30},
journal = {Cybersecurity},
author = {Li Jun und Zhao Bodong und Zhang Chao},
month = jun,
year = {2018},
keywords = {Software security, Coverage-based fuzzing, Fuzzing, Vulnerability discovery},
pages = {6},
}
@inproceedings{smart-fuzzing,
author={Chen Yuqi und Poskitt Christopher M. und Sun Jun und Adepu Sridhar und Zhang Fan},
booktitle={2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)},
title={Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences},
year={2019},
volume={},
number={},
pages={962-973},
keywords={Fuzzing;Actuators;Benchmark testing;Machine learning;Predictive models;Monitoring;cyber-physical systems;fuzzing;testing;benchmark generation;machine learning;metaheuristic optimisation},
doi={10.1109/ASE.2019.00093},
url = {https://arxiv.org/pdf/1909.05410},
urldate = {2024-08-30},
}
@inproceedings{directed-greybox-fuzzing,
author = {B\"{o}hme Marcel und Pham Van-Thuan und Nguyen Manh-Dung und Roychoudhury Abhik},
title = {Directed Greybox Fuzzing},
year = {2017},
isbn = {9781450349468},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://mboehme.github.io/paper/CCS17.pdf},
doi = {10.1145/3133956.3134020},
abstract = {Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards problematic changes or patches, towards critical system calls or dangerous locations, or towards functions in the stack-trace of a reported vulnerability that we wish to reproduce. In this paper, we introduce Directed Greybox Fuzzing (DGF) which generates inputs with the objective of reaching a given set of target program locations efficiently. We develop and evaluate a simulated annealing-based power schedule that gradually assigns more energy to seeds that are closer to the target locations while reducing energy for seeds that are further away. Experiments with our implementation AFLGo demonstrate that DGF outperforms both directed symbolic-execution-based whitebox fuzzing and undirected greybox fuzzing. We show applications of DGF to patch testing and crash reproduction, and discuss the integration of AFLGo into Google's continuous fuzzing platform OSS-Fuzz. Due to its directedness, AFLGo could find 39 bugs in several well-fuzzed, security-critical projects like LibXML2. 17 CVEs were assigned.},
booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security},
pages = {2329–2344},
numpages = {16},
keywords = {coverage-based greybox fuzzing, crash reproduction, directed testing, patch testing, reachability, verifying true positives},
location = {Dallas, Texas, USA},
series = {CCS '17}
}
@online{tcp-ip,
author={Russell, A.L.},
journal={IEEE Annals of the History of Computing},
title={'Rough Consensus and Running Code' and the Internet-OSI Standards War},
year={2006},
volume={28},
number={3},
pages={48-61},
keywords={Internet;Code standards;IP networks;TCPIP;Access protocols;Voting;ISO standards;Standards publication;Computer architecture;Satellite broadcasting;Internet standards;history of computing;organizations},
doi={10.1109/MAHC.2006.42}
}
@online{tcp-handshake,
title = {TCP Protocol Specification RFC 793},
urldate = {2024-09-01},
url = {https://www.rfc-editor.org/rfc/rfc793#section-3.4},
}
@online{tcp-manpage,
author = {kernel.org},
title = {man tcp(7)},
urldate = {2024-09-01},
url = {https://www.man7.org/linux/man-pages/man7/tcp.7.html},
}
@online{mqtt,
author = {OASIS},
title = {MQTT Version 3.1.1 Spezifikation},
urldate = {2024-09-01},
url = {https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html},
}
@online{mqtt-manpage,
author = {MQTT},
title = {MQTT man page},
urldate = {2024-09-01},
url = {https://mosquitto.org/man/mqtt-7.html},
}
@online{pulsar-docker,
author = {Sebastian Pahl},
title = {Docker Container für Pulsar},
urldate = {2024-09-01},
url = {/~https://github.com/ItsMagick/pulsar},
}
@inproceedings{pulsar,
address = {Cham},
title = {Pulsar: {Stateful} {Black}-{Box} {Fuzzing} of {Proprietary} {Network} {Protocols}},
isbn = {978-3-319-28865-9},
abstract = {The security of network services and their protocols critically depends on minimizing their attack surface. A single flaw in an implementation can suffice to compromise a service and expose sensitive data to an attacker. The discovery of vulnerabilities in protocol implementations, however, is a challenging task: While for standard protocols this process can be conducted with regular techniques for auditing, the situation becomes difficult for proprietary protocols if neither the program code nor the specification of the protocol are easily accessible. As a result, vulnerabilities in closed-source implementations can often remain undiscovered for a longer period of time. In this paper, we present Pulsar, a method for stateful black-box fuzzing of proprietary network protocols. Our method combines concepts from fuzz testing with techniques for automatic protocol reverse engineering and simulation. It proceeds by observing the traffic of a proprietary protocol and inferring a generative model for message formats and protocol states that can not only analyze but also simulate communication. During fuzzing this simulation can effectively explore the protocol state space and thereby enables uncovering vulnerabilities deep inside the protocol implementation. We demonstrate the efficacy of Pulsar in two case studies, where it identifies known as well as unknown vulnerabilities.},
booktitle = {Security and {Privacy} in {Communication} {Networks}},
publisher = {Springer International Publishing},
author = {Gascon Hugo und Wressnegger Christian und Yamaguchi Fabian und Arp Daniel und Rieck Konrad},
editor = {Thuraisingham Bhavani und Wang XiaoFeng und Yegneswaran Vinod},
year = {2015},
pages = {330--347},
}
@online{python-script-input-generation,
author = {Sebastian Peschke},
title = {Skript zur generierung von Eingaben für das MQTT Protokoll},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/Fuzzing_Benchmarking/blob/main/scripts/create_aflnet_inputs.py},
}
@online{aflnet-capture-traffic,
author = {Sebastian Peschke},
title = {Script zum Extrahieren des Netzwerkverkehrs},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/Fuzzing_Benchmarking/blob/main/scripts/extract_traffic.sh},
}
@online{run-pulsar,
author = {Sebastian Peschke},
title = {Skript zum Ausführen von Pulsar},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/pulsar/blob/ff1852d82fa61acc67aff6cd42d6f63d1f5bdca5/run},
}
@online{aflnet-dockerfile,
author = {Sebastian Peschke},
title = {Dockerfile für das Kompilieren von AFLNet und MQTT},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/Fuzzing_Benchmarking/blob/main/Dockerfile},
}
@online{llvm-patch,
author = {Sebastian Peschke},
title = {llvm patch},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/Fuzzing_Benchmarking/blob/main/afl-llvm-pass.patch},
}
@online{mqtt-preload,
author = {Sebastian Peschke},
title = {Preload Bibliothek für MQTT},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/Fuzzing_Benchmarking/blob/main/scripts/std_out_redirect.c},
}
@online{crash-extraction-script,
author = {Sebastian Peschke},
title = {Skript zur Extraktion der Abstürze aus den AFLNet stdout logs},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/Fuzzing_Benchmarking/blob/main/scripts/document_crashes.sh},
}
@online{analyse-crashes-script,
author = {Sebastian Peschke},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/Fuzzing_Benchmarking/blob/main/scripts/test_crashes.sh},
}
@inproceedings{fuzzing-evaluation,
author = {M. Schloegel and N. Bars and N. Schiller and L. Bernhard and T. Scharnowski and A. Crump and A. Ale-Ebrahim and N. Bissantz and M. Muench and T. Holz},
booktitle = {2024 IEEE Symposium on Security and Privacy (SP)},
title = {SoK: Prudent Evaluation Practices for Fuzzing},
year = {2024},
volume = {},
issn = {},
pages = {1974-1993},
keywords = {privacy;systematics;computer bugs;fuzzing;reproducibility of results;software;security},
doi = {10.1109/SP54263.2024.00137},
url = {https://doi.ieeecomputersociety.org/10.1109/SP54263.2024.00137},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
month = {05}
}
@inproceedings {mutuation-analysis,
author = {Philipp G{\"o}rz und Bj{\"o}rn Mathis und Keno Hassler und Emre G{\"u}ler und Thorsten Holz und Andreas Zeller und Rahul Gopinath},
title = {Systematic Assessment of Fuzzers using Mutation Analysis},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
year = {2023},
isbn = {978-1-939133-37-3},
address = {Anaheim, CA},
pages = {4535--4552},
url = {https://www.usenix.org/conference/usenixsecurity23/presentation/gorz},
publisher = {USENIX Association},
month = aug
}
@online{aflnet-generate-test,
author = {Sebastian Peschke},
urldate = {2024-09-02},
url = {/~https://github.com/ItsMagick/Fuzzing_Benchmarking/blob/main/scripts/create_aflnet_inputs.py},
}
@online{asan,
author = {llvm.org},
title = {AddressSanitizer},
date = {2024-09-06},
url = {https://clang.llvm.org/docs/AddressSanitizer.html},
}
@article{embedded-fuzzing,
title = {Embedded fuzzing: a review of challenges, tools, and solutions},
volume = {5},
issn = {2523-3246},
shorttitle = {Embedded fuzzing},
url = {https://doi.org/10.1186/s42400-022-00123-y},
doi = {10.1186/s42400-022-00123-y},
abstract = {Fuzzing has become one of the best-established methods to uncover software bugs. Meanwhile, the market of embedded systems, which binds the software execution tightly to the very hardware architecture, has grown at a steady pace, and that pace is anticipated to become yet more sustained in the near future. Embedded systems also benefit from fuzzing, but the innumerable existing architectures and hardware peripherals complicate the development of general and usable approaches, hence a plethora of tools have recently appeared. Here comes a stringent need for a systematic review in the area of fuzzing approaches for embedded systems, which we term “embedded fuzzing” for brevity. The inclusion criteria chosen in this article are semi-objective in their coverage of the most relevant publication venues as well as of our personal judgement. The review rests on a formal definition we develop to represent the realm of embedded fuzzing. It continues by discussing the approaches that satisfy the inclusion criteria, then defines the relevant elements of comparison and groups the approaches according to how the execution environment is served to the system under test. The resulting review produces a table with 42 entries, which in turn supports discussion suggesting vast room for future research due to the limitations noted.},
number = {1},
urldate = {2024-05-27},
journal = {Cybersecurity},
author = {Eisele Max and Maugeri Marcello and Shriwas Rachna and Huth Christopher and Bella Giampaolo},
month = {09},
year = {2022},
keywords = {Dynamic analysis, Embedded security, Embedded systems, Software security, Vulnerability mining},
pages = {18},
}
@inproceedings{effective-performance-fuzzing,
title = {Towards {Effective} {Performance} {Fuzzing}},
url = {https://ieeexplore.ieee.org/document/9985101},
doi = {10.1109/ISSREW55968.2022.00055},
abstract = {Fuzzing is an automated testing technique that utilizes injection of random inputs in a target program to help uncover vulnerabilities. Performance fuzzing extends the classic fuzzing approach and generates inputs that trigger poor performance. During our evaluation of performance fuzzing tools, we have identified certain conventionally used assumptions that do not always hold true. Our research (re)evaluates PERFFUZZ [1] in order to identify the limitations of current techniques, and guide the direction of future work for improvements to performance fuzzing. Our experimental results highlight two specific limitations. Firstly, we identify the assumption that the length of execution paths correlate to program performance is not always the case, and thus cannot reflect the quality of test cases generated by performance fuzzing. Secondly, the default testing parameters by the fuzzing process (timeouts and size limits) overly confine the input search space. Based on these observations, we suggest further investigation on performance fuzzing guidance, as well as controlled fuzzing and testing parameters.},
urldate = {2024-09-08},
booktitle = {2022 {IEEE} {International} {Symposium} on {Software} {Reliability} {Engineering} {Workshops} ({ISSREW})},
author = {Chen Yiqun and Bradbury Matthew and Suri Neeraj},
month = {10},
year = {2022},
keywords = {Aerospace electronics, Conferences, Fuzzing, input selection, metrics, performance fuzzing, Software reliability, Testing},
pages = {128--129},
}
@article{fuzzing-assessment,
title = {Improving fuzzing assessment methods through the analysis of metrics and experimental conditions},
volume = {124},
issn = {0167-4048},
url = {https://www.sciencedirect.com/science/article/pii/S0167404822003388},
doi = {10.1016/j.cose.2022.102946},
abstract = {Fuzzing is nowadays one of the most widely used bug hunting techniques. By automatically generating malformed inputs, fuzzing aims to trigger unwanted behavior on its target. While fuzzing research has matured considerably in the last years, the evaluation and comparison of different fuzzing proposals remain challenging, as no standard set of metrics, data, or experimental conditions exist to allow such observation. This paper aims to fill that gap by proposing a standard set of features to allow such comparison. For that end, it first reviews the existing evaluation methods in the literature and discusses all existing metrics by evaluating seven fuzzers under identical experimental conditions. After examining the obtained results, it recommends a set of practices –particularly on the metrics to be used–, to allow proper comparison between different fuzzing proposals.},
urldate = {2024-09-07},
journal = {Computers \& Security},
author = {Eceiza, Maialen and Flores, Jose Luis and Iturbe, Mikel},
month = {01},
year = {2023},
keywords = {Security, Fuzzing, Evaluation methodology, Metrics, Software testing},
pages = {102946},
}
@article{cnn,
title = {{CNNPRE}: {A} {CNN}-{Based} {Protocol} {Reverse} {Engineering} {Method}},
volume = {11},
issn = {2169-3536},
shorttitle = {{CNNPRE}},
url = {https://ieeexplore.ieee.org/document/10287339/?arnumber=10287339},
doi = {10.1109/ACCESS.2023.3325391},
abstract = {Given the growth in computer networks and Internet usage, the traditional network environment has evolved into a more intricate system. Many applications utilize unknown communication protocols, for which the specification documentation is not available. The use of undocumented network protocols raises various security and management concerns. Protocol reverse engineering based on network traffic aims to infer the behavior and format of unknown network protocols. Clustering same-type messages or packets is a crucial initial step in correctly performing reverse engineering of protocol syntax or behavior. Therefore, this paper proposes a new method called CNNPRE, utilizing deep learning techniques to identify and group traffic message types. Our method employs network traffic and traffic features as input. Specifically, we use convolutional neural networks and deep transfer learning for feature extraction and message type identification and to tackle the challenge of unlabeled training data in the real world scenarios of protocol reverse engineering. The experimental results demonstrate that our proposed method works well and outperforms other methods for different protocols and achieves an average Homogeneity score of more than 0.87 on all datasets. This means that the method can identify message types according to the changing characteristics of messages and traffic features without the need for human expert intervention.},
urldate = {2024-09-08},
journal = {IEEE Access},
author = {Garshasbi, Javad and Teimouri, Mehdi},
year = {2023},
note = {Conference Name: IEEE Access},
keywords = {Feature extraction, Protocols, Reverse engineering, Clustering algorithms, Convolutional neural networks, deep learning, deep transfer learning, message type identification, network protocols, protocol reverse engineering, Telecommunication traffic, Transfer learning},
pages = {116255--116268},
}
@online{fuzzbench,
author = {Google},
title = {FuzzBench: Fuzzer Benchmarking as a Service},
utldate = {2024-09-08},
url = {/~https://github.com/google/FuzzBench},
}
@inproceedings{lava,
title = {{LAVA}: {Large}-{Scale} {Automated} {Vulnerability} {Addition}},
shorttitle = {{LAVA}},
url = {https://ieeexplore.ieee.org/document/7546498},
doi = {10.1109/SP.2016.15},
abstract = {Work on automating vulnerability discovery has long been hampered by a shortage of ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth prevents authors and users of tools alike from being able to measure such fundamental quantities as miss and false alarm rates. In this paper, we present LAVA, a novel dynamic taint analysis-based technique for producing ground-truth corpora by quickly and automatically injecting large numbers of realistic bugs into program source code. Every LAVA bug is accompanied by an input that triggers it whereas normal inputs are extremely unlikely to do so. These vulnerabilities are synthetic but, we argue, still realistic, in the sense that they are embedded deep within programs and are triggered by real inputs. Using LAVA, we have injected thousands of bugs into eight real-world programs, including bash, tshark, and the GNU coreutils. In a preliminary evaluation, we found that a prominent fuzzer and a symbolic execution-based bug finder were able to locate some but not all LAVA-injected bugs, and that interesting patterns and pathologies were already apparent in their performance. Our work forms the basis of an approach for generating large ground-truth vulnerability corpora on demand, enabling rigorous tool evaluation and providing a high-quality target for tool developers.},
urldate = {2024-09-08},
booktitle = {2016 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})},
author = {Dolan-Gavitt, Brendan and Hulin, Patrick and Kirda, Engin and Leek, Tim and Mambretti, Andrea and Robertson, Wil and Ulrich, Frederick and Whelan, Ryan},
month = {05},
year = {2016},
note = {ISSN: 2375-1207},
keywords = {Computer bugs, Geophysical measurement techniques, Ground penetrating radar, Length measurement, Pathology, Privacy, Security},
pages = {110--121},
}
@misc{a-survey-of-network-protocol-fuzzing,
title = {A {Survey} of {Network} {Protocol} {Fuzzing}: {Model}, {Techniques} and {Directions}},
shorttitle = {A {Survey} of {Network} {Protocol} {Fuzzing}},
url = {http://arxiv.org/abs/2402.17394},
abstract = {As one of the most successful and effective software testing techniques in recent years, fuzz testing has uncovered numerous bugs and vulnerabilities in modern software, including network protocol software. In contrast to other fuzzing targets, network protocol software exhibits its distinct characteristics and challenges, introducing a plethora of research questions that need to be addressed in the design and implementation of network protocol fuzzers. While some research work has evaluated and systematized the knowledge of general fuzzing techniques at a high level, there is a lack of similar analysis and summarization for fuzzing research specific to network protocols. This paper offers a comprehensive exposition of network protocol software’s fuzzing-related features and conducts a systematic review of some representative advancements in network protocol fuzzing since its inception. We summarize state-of-the-art strategies and solutions in various aspects, propose a unified protocol fuzzing process model, and introduce the techniques involved in each stage of the model. At the same time, this paper also summarizes the promising research directions in the landscape of protocol fuzzing to foster exploration within the community for more efficient and intelligent modern network protocol fuzzing techniques.},
language = {en},
urldate = {2024-05-27},
publisher = {arXiv},
author = {Jiang, Shihao and Zhang, Yu and Li, Junqiang and Yu, Hongfang and Luo, Long and Sun, Gang},
month = {02},
year = {2024},
note = {arXiv:2402.17394 [cs]},
keywords = {Computer Science - Networking and Internet Architecture},
}
@inproceedings{iot-fuzzer,
title={IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing},
author={Jiongyi Chen and Wenrui Diao and Qingchuan Zhao and Chaoshun Zuo and Zhiqiang Lin and XiaoFeng Wang and Wing Cheong Lau and Menghan Sun and Ronghai Yang and Kehuan Zhang},
booktitle={Network and Distributed System Security Symposium},
year={2018},
url={https://api.semanticscholar.org/CorpusID:158965}
}
@online{mqtt-fixed-header,
author = {OASIS MQTT},
title = {Valide Steuerpakettypen für MQTT Fixed Headers},
urldate = {2024-09-10},
url = {https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718021},
}
@online{mqtt-variable-header,
author = {OASIS MQTT},
title = {Struktur des MQTT Variable Headers eines Connect Pakets},
urldate = {2024-09-10},
url = {https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718030},
}
@online{aflnet-repo,
author = {Thaun Pham},
title = {AFLNet Repository},
urldate = {2024-09-11},
url = {/~https://github.com/aflnet/aflnet},
}