Saturday, October 11, 2008
« Presidential Campaign which is a word u... |
Main |
Revoking Repeatedly Misbehaving Anonymou... »
The Department of Computer Science at Dartmouth College
announces a new technical report:
LZfuzz: a fast compression-based fuzzer for poorly documented protocols
Dartmouth Technical Report TR2008-634
Sergey Bratus
Axel Hansen
Anna Shubina
Date: September 2008
Abstract:
Real-world infrastructure offers many scenarios where
protocols (and other details) are not released due
to being considered too sensitive or for other reasons.
This situation makes it hard to apply fuzzing techniques
to test their security and reliability, since their
full documentation is only available to their developers,
and domain developer expertise does not necessarily intersect
with fuzz-testing expertise (nor deployment responsibility).
State-of-the-art fuzzing
techniques, however, work best when protocol specifications
are available. Still, operators whose networks
include equipment communicating via proprietary protocols
should be able to reap the benefits of fuzz-testing them.
In particular, administrators should be able to test proprietary
protocols in the absence of
end-to-end application-level encryption to
understand whether they can withstand injection of bad traffic, and
thus be able to plan adequate network protection measures. Such
protocols can be observed in action prior to fuzzing, and packet
captures can be used to learn enough about the structure of the
protocol to make fuzzing more efficient.
Various machine learning approaches, e.g. bioinformatics methods, have been proposed
for learning models of the targeted protocols. The problem with most of these
approaches to date is that, although sometimes quite successful, they
are very computationally heavy and thus are hardly practical for
application by network administrators and equipment owners who
cannot easily dedicate a compute cluster to such tasks.
We propose a simple method that,
despite its roughness, allowed us to learn facts useful for fuzzing
from protocol traces at much smaller CPU and time costs. Our fuzzing
approach proved itself empirically in testing actual proprietary SCADA
protocols in an isolated control network test environment,
and was also successful in triggering flaws in implementations of several
popular commodity Internet protocols.
Our fuzzer, LZfuzz (pronounced ``lazy-fuzz'') relies on a variant of Lempel--Ziv
compression algorithm to guess boundaries between the structural units
of the protocol, and builds on the well-known free software GPF fuzzer.
To obtain an electronic copy, point your web browser to the URL
<http://www.cs.dartmouth.edu/reports/abstracts/TR2008-634/>.
SIGN UP and GET POSTS DELIVERED TO YOUR EMAIL
ON THIS PAGE....
ARCHIVES
| November, 2008 (53) |
| October, 2008 (72) |
| September, 2008 (38) |
| August, 2008 (43) |
| July, 2008 (71) |
| June, 2008 (65) |
| May, 2008 (124) |
| April, 2008 (103) |
| March, 2008 (57) |
| February, 2008 (94) |
| January, 2008 (102) |
| December, 2007 (113) |
| November, 2007 (274) |
| October, 2007 (47) |
SEARCH THIS BLOG
Navigation
SUBSCRIBE TO CATEGORY FEEDS
Blogroll
ABOUT
Disclaimer
The opinions expressed do not represent Educational CyberPlayGround™ views in anyway.
© Copyright 2008, edu-cyberpg.com
E-mail
Tag Cloud
Sign In