Saturday, October 11, 2008
« Presidential Campaign which is a word u... | Main | Revoking Repeatedly Misbehaving Anonymou... »
LZfuz: a fast compression-based fuzzer for poorly documented protocols
The Department of Computer Science at Dartmouth College
announces a new technical report:

LZfuzz: a fast compression-based fuzzer for poorly documented protocols

Dartmouth Technical Report TR2008-634

        Sergey Bratus
        Axel Hansen
        Anna Shubina

Date: September 2008


Abstract:
 Real-world infrastructure offers many scenarios where
 protocols (and other details) are not released due
 to being considered too sensitive or for other reasons.
 This situation makes it hard to apply fuzzing techniques
 to test their security and reliability, since their
 full documentation is only available to their developers,
 and domain developer expertise does not necessarily intersect
 with fuzz-testing expertise (nor deployment responsibility).
 State-of-the-art fuzzing
 techniques, however, work best when protocol specifications
 are available. Still, operators whose networks
 include equipment communicating via proprietary protocols
 should be able to reap the benefits of fuzz-testing them.
  In particular, administrators should be able to test proprietary
 protocols in the absence of
 end-to-end application-level encryption to
 understand whether they can withstand injection of bad traffic, and
 thus be able to plan adequate network protection measures.  Such
 protocols can be observed in action prior to fuzzing, and packet
 captures can be used to learn enough about the structure of the
 protocol to make fuzzing more efficient.
  Various machine learning approaches, e.g. bioinformatics methods, have been proposed
 for learning models of the targeted protocols. The problem with most of these
 approaches to date is that, although sometimes quite successful, they
 are very computationally heavy and thus are hardly practical for
 application by network administrators and equipment owners who
 cannot easily dedicate a compute cluster to such tasks.
  We propose a simple method that,
 despite its roughness, allowed us to learn facts useful for fuzzing
 from protocol traces at much smaller CPU and time costs. Our fuzzing
 approach proved itself empirically in testing actual proprietary SCADA
 protocols in an isolated control network test environment,
 and was also successful in triggering flaws in implementations of several
 popular commodity Internet protocols.
 Our fuzzer,  LZfuzz (pronounced ``lazy-fuzz'') relies on a variant of Lempel--Ziv
 compression algorithm to guess boundaries between the structural units
 of the protocol, and builds on the well-known free software GPF fuzzer.

To obtain an electronic copy, point your web browser to the URL
   <http://www.cs.dartmouth.edu/reports/abstracts/TR2008-634/>.

Network Newsletters
Saturday, October 11, 2008 11:17:38 PM (Eastern Daylight Time, UTC-04:00)    Disclaimer  |  Comments [0]  |  Related posts:
Broadband Providers and Consumer Privacy
Three undersea cables cut: traffic greatly disturbed between Europe and Asia/Near East zone
New Resource from Gale Unlocks the Vault of History
CNC Beijing
SITESEEING: www.change.gov
AT&T Monthly Bandwidth Caps Are Here
Comments are closed.