Team Madynes

Overall Objectives
Scientific Foundations
Application Domains
New Results
Contracts and Grants with Industry
Other Grants and Activities

Section: New Results

Protocol fuzzing

Participants : Humberto Abdelnur [ contact ] , Olivier Festor.

Fuzz testing is an abnormal testing technique which focuses in finding unexpected behavior (vulnerable code) rather than checking the functional behavior of the equipment under test. The main problem encountered in the software testing area, is in fact, the quantity of tests required to build in order to completely enssure the quality of a piece of code. This year, we circumvented this problem by building a dynamic monitor capable of recollect information from the tested equipment, called mtrace. Mtrace is a tracer that can be used to follow the system and dynamic library calls made by a program. Using this information, mtrace can follow from the received data (e.g from the network sockets or files) the tainted data propagation and therefore build the tainted data tree associated to the input execution. Thus, for each of the messages generated by our fuzzer, the tracer immediately transmit back the tainted data information. This tainted information allows us to identify the traces of the program executed. Thus, we build a platform for comparing how different fuzzing strategies work (therefore, comparing how the impact of different fuzzer frameworks are), identify the code coverage exposed by each technique and finally, define stopping criteria when no new code is been tested. In a second phase, we also make the link between tainted data and the syntax tree build by our initial fuzzer. The syntax tree is a tree representation of the input data based on the grammar of the protocol. Since each syntax node contains full specification of the composition for the fields, we are able to generate malicious data only in fields known to be used in the execution at the target program. Concluding, this close-loop technique reported a higher code execution coverage with a higher impact in a considerable lower set of malicious inputs.

We also submitted a draft to the IETF SIPPING group describing one standard vulnerability together with a solution to avoid it.


Logo Inria