NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices
Abstract Network function virtualization provides programmable in-network middlewares by leveraging virtualization technologies and commodity hardware and has gained popularity among all mainstream network device manufacturers. Yet it is challenging to apply coverage-guided fuzzing, one of the state...
Main Authors: | , , , , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
SpringerOpen
2022-11-01
|
Series: | Cybersecurity |
Subjects: | |
Online Access: | https://doi.org/10.1186/s42400-022-00120-1 |
_version_ | 1798044483580854272 |
---|---|
author | Yu Zhang Nanyu Zhong Wei You Yanyan Zou Kunpeng Jian Jiahuan Xu Jian Sun Baoxu Liu Wei Huo |
author_facet | Yu Zhang Nanyu Zhong Wei You Yanyan Zou Kunpeng Jian Jiahuan Xu Jian Sun Baoxu Liu Wei Huo |
author_sort | Yu Zhang |
collection | DOAJ |
description | Abstract Network function virtualization provides programmable in-network middlewares by leveraging virtualization technologies and commodity hardware and has gained popularity among all mainstream network device manufacturers. Yet it is challenging to apply coverage-guided fuzzing, one of the state-of-the-art vulnerability discovery approaches, to those virtualized network devices, due to inevitable integrity protection adopted by those devices. In this paper, we propose a coverage-guided fuzzing framework NDFuzz for virtualized network devices with a novel integrity protection bypassing method, which is able to distinguish processes of virtualized network devices from hypervisors with a carefully designed non-intrusive page global directory inference technique. We implement NDFuzz atop of two black-box fuzzers and evaluate NDFuzz with three representative network protocols, SNMP , DHCP and NTP , on nine popular virtualized network devices. NDFuzz obtains an average 36% coverage improvement in comparison with its black-box counterparts. NDFuzz discovers 2 0-Day vulnerabilities and 1 1-Day vulnerability with coverage guidance while the black-box fuzzer can find only one of them. All discovered vulnerabilities are confirmed by corresponding vendors. |
first_indexed | 2024-04-11T23:04:37Z |
format | Article |
id | doaj.art-1561972d559449308be0da4db77bb71e |
institution | Directory Open Access Journal |
issn | 2523-3246 |
language | English |
last_indexed | 2024-04-11T23:04:37Z |
publishDate | 2022-11-01 |
publisher | SpringerOpen |
record_format | Article |
series | Cybersecurity |
spelling | doaj.art-1561972d559449308be0da4db77bb71e2022-12-22T03:58:02ZengSpringerOpenCybersecurity2523-32462022-11-015112110.1186/s42400-022-00120-1NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devicesYu Zhang0Nanyu Zhong1Wei You2Yanyan Zou3Kunpeng Jian4Jiahuan Xu5Jian Sun6Baoxu Liu7Wei Huo8Institute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesRenmin University of ChinaInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesAbstract Network function virtualization provides programmable in-network middlewares by leveraging virtualization technologies and commodity hardware and has gained popularity among all mainstream network device manufacturers. Yet it is challenging to apply coverage-guided fuzzing, one of the state-of-the-art vulnerability discovery approaches, to those virtualized network devices, due to inevitable integrity protection adopted by those devices. In this paper, we propose a coverage-guided fuzzing framework NDFuzz for virtualized network devices with a novel integrity protection bypassing method, which is able to distinguish processes of virtualized network devices from hypervisors with a carefully designed non-intrusive page global directory inference technique. We implement NDFuzz atop of two black-box fuzzers and evaluate NDFuzz with three representative network protocols, SNMP , DHCP and NTP , on nine popular virtualized network devices. NDFuzz obtains an average 36% coverage improvement in comparison with its black-box counterparts. NDFuzz discovers 2 0-Day vulnerabilities and 1 1-Day vulnerability with coverage guidance while the black-box fuzzer can find only one of them. All discovered vulnerabilities are confirmed by corresponding vendors.https://doi.org/10.1186/s42400-022-00120-1Coverage-guided fuzzingNetwork devicesNetwork function virtualization |
spellingShingle | Yu Zhang Nanyu Zhong Wei You Yanyan Zou Kunpeng Jian Jiahuan Xu Jian Sun Baoxu Liu Wei Huo NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices Cybersecurity Coverage-guided fuzzing Network devices Network function virtualization |
title | NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices |
title_full | NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices |
title_fullStr | NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices |
title_full_unstemmed | NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices |
title_short | NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices |
title_sort | ndfuzz a non intrusive coverage guided fuzzing framework for virtualized network devices |
topic | Coverage-guided fuzzing Network devices Network function virtualization |
url | https://doi.org/10.1186/s42400-022-00120-1 |
work_keys_str_mv | AT yuzhang ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices AT nanyuzhong ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices AT weiyou ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices AT yanyanzou ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices AT kunpengjian ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices AT jiahuanxu ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices AT jiansun ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices AT baoxuliu ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices AT weihuo ndfuzzanonintrusivecoverageguidedfuzzingframeworkforvirtualizednetworkdevices |