Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
SNOOZE: Toward a Stateful NetwOrk prOtocol Greg Banks, Marco Cova, Viktoria Felmetsger, Kevin Almeroth,
 

Summary: SNOOZE: Toward a Stateful NetwOrk prOtocol
fuzZEr
Greg Banks, Marco Cova, Viktoria Felmetsger, Kevin Almeroth,
Richard Kemmerer, and Giovanni Vigna
Department of Computer Science
University of California, Santa Barbara
{nomed, marco, rusvika, almeroth, kemm, vigna}@cs.ucsb.edu
Abstract. Fuzzing is a well-known black-box approach to the security
testing of applications. Fuzzing has many advantages in terms of simplic-
ity and effectiveness over more complex, expensive testing approaches.
Unfortunately, current fuzzing tools suffer from a number of limitations,
and, in particular, they provide little support for the fuzzing of stateful
protocols.
In this paper, we present SNOOZE, a tool for building flexible, security-
oriented, network protocol fuzzers. SNOOZE implements a stateful
fuzzing approach that can be used to effectively identify security flaws in
network protocol implementations. SNOOZE allows a tester to describe
the stateful operation of a protocol and the messages that need to be gen-
erated in each state. In addition, SNOOZE provides attack-specific fuzzing
primitives that allow a tester to focus on specific vulnerability classes. We

  

Source: Almeroth, Kevin C. - Department of Computer Science, University of California at Santa Barbara

 

Collections: Computer Technologies and Information Sciences