Logos: Log Guided Fuzzing for Protocol Implementations
Network protocols are extensively used in a variety of network devices, making the security of their implementations crucial. Protocol fuzzing has shown promise in uncovering vulnerabilities in these implementations. However traditional methods often require instrumentation of the target implementation to provide guidance, which is intrusive, adds overhead, and can hinder black-box testing. This paper presents Logos, a protocol fuzzer that utilizes non-intrusive runtime log information for fuzzing guidance. Logos first standardizes the unstructured logs and embeds them into a high-dimensional vector space for semantic representation.Then, Logos filters the semantic representation and dynamically maintains a semantic coverage to chart the explored space for customized guidance.We evaluate Logos on eight widely used implementations of well-known protocols. Results show that, compared to existing intrusive or expert knowledge-driven protocol fuzzers, Logos achieves 26.75%-106.19% higher branch coverage within 24 hours. Furthermore, Logos exposed 12 security-critical vulnerabilities in these prominent protocol implementations, with 9 CVEs assigned.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 11:50 | |||
10:30 20mTalk | Prospector: Boosting Directed Greybox Fuzzing for Large-Scale Target Sets with Iterative Prioritization Technical Papers Zhijie Zhang Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Liwei Chen Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Haolai Wei Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Gang Shi Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Dan Meng Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI | ||
10:50 20mTalk | FRIES: Fuzzing Rust Library Interactions via Efficient Ecosystem-Guided Target Generation Technical Papers Xizhe Yin Nanjing University, Yang Feng Nanjing University, Qingkai Shi Nanjing University, Zixi Liu Nanjing University, Hongwang Liu Nanjing University, Baowen Xu Nanjing University DOI | ||
11:10 20mTalk | DDGF: Dynamic Directed Greybox Fuzzing with Path Profiling Technical Papers Haoran Fang Shanghai Jiao Tong University, Kaikai Zhang Shanghai Jiao Tong University, Donghui Yu Shanghai Jiao Tong University, Yuanyuan Zhang Shanghai Jiao Tong University DOI Pre-print | ||
11:30 20mTalk | Logos: Log Guided Fuzzing for Protocol Implementations Technical Papers Feifan Wu Tsinghua University, Zhengxiong Luo National University of Singapore, Yanyang Zhao Tsinghua University, Qingpeng Du Beijing University of Posts and Telecommunications, Junze Yu Tsinghua University, Ruikang Peng Central South University, Heyuan Shi Central South University, Yu Jiang Tsinghua University DOI | ||