检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Yu Zhang Nanyu Zhong Wei You Yanyan Zou Kunpeng Jian Jiahuan Xu Jian Sun Baoxu Liu Wei Huo
机构地区:[1]Institute of Information Engineering,Chinese Academy of Sciences,Bejing,China [2]School of Cyber Security,University of Chinese Academy of Sciences,Bejing,China [3]Key Laboratory of Network Assessment Technology,Chinese Academy of Sciences,Beijing,China [4]Beijing Key Laboratory of Network Security and Protection Technology,Beijing,China [5]Renmin University of China,Beijing,China
出 处:《Cybersecurity》2023年第1期54-74,共21页网络空间安全科学与技术(英文)
基 金:This work is supported in part by Chinese National Natural Science Foundation(61802394,U1836209,62032010);Strategic Priority Research Program of theCAS(XDC02040100)。
摘 要:Network function virtualization provides programmable in-network middlewares by leveraging virtualization tech-nologies and commodity hardware and has gained popularity among all mainstream network device manufacturers.Yet it is challenging to apply coverage-guided fuzzing,one of the state-of-the-art vulnerability discovery approaches,to those virtualized network devices,due to inevitable integrity protection adopted by those devices.In this paper,we propose a coverage-guided fuzzing framework NDFuzz for virtualized network devices with a novel integrity protec-tion bypassing method,which is able to distinguish processes of virtualized network devices from hypervisors with a carefully designed non-intrusive page global directory inference technique.We implement NDFuzz atop of two black-box fuzzers and evaluate NDFuzz with three representative network protocols,SNMP,DHCP and NTP,on nine popular virtualized network devices.NDFuzz obtains an average 36%coverage improvement in comparison with its black-box counterparts.NDFuzz discovers 2 O-Day vulnerabilities and 11-Day vulnerability with coverage guidance while the black-box fuzzer can find only one of them.All discovered vulnerabilities are confirmed by corresponding vendors.
关 键 词:Coverage-guided fuzzing Network devices Network function virtualization
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.133.13.2