Fuzzing network servers is a technical challenge, since the behavior of the
target server depends on its state over a sequence of multiple messages.
Existing solutions are costly and difficult to use, as they rely on
manually-customized artifacts such as protocol models, protocol parsers, and
learning frameworks. The aim of this work is to develop a greybox fuzzer for
network servers that only relies on lightweight analysis of the target program,
with no manual customization, in a similar way to what the AFL fuzzer achieved
for stateless programs. The proposed fuzzer instruments the target server at
compile-time, to insert probes on memory allocations and network I/O
operations. At run-time, it infers the current protocol state of the target by
analyzing snapshots of long-lived memory areas, and incrementally builds a
protocol state machine for guiding fuzzing. The experimental results show that
the fuzzer can be applied with no manual customization on a large set of
network servers for popular protocols, and that it can achieve comparable, or
even better code coverage than customized fuzzing. Moreover, our qualitative
analysis shows that states inferred from memory better reflect the server
behavior than only using response codes from messages.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

By admin