A Survey of Protocol Fuzzing

Xiaohan Zhang,Cen Zhang,Xinghua Li,Zhengjie Du,Bing Mao,Yuekang Li,Yaowen Zheng,Yeting Li,Li Pan,Yang Liu,Robert H. Deng
2024-09-19
Abstract:Communication protocols form the bedrock of our interconnected world, yet vulnerabilities within their implementations pose significant security threats. Recent developments have seen a surge in fuzzing-based research dedicated to uncovering these vulnerabilities within protocol implementations. However, there still lacks a systematic overview of protocol fuzzing for answering the essential questions such as what the unique challenges are, how existing works solve them, etc. To bridge this gap, we conducted a comprehensive investigation of related works from both academia and industry. Our study includes a detailed summary of the specific challenges in protocol fuzzing, and provides a systematic categorization and overview of existing research efforts. Furthermore, we explore and discuss potential future research directions in protocol fuzzing. This survey serves as a foundational guideline for researchers and practitioners in the field.
Cryptography and Security,Networking and Internet Architecture
What problem does this paper attempt to address?
### Problems Attempted to Solve by the Paper This paper, "A Survey of Protocol Fuzz Testing," aims to address the following issues: 1. **Systematic Overview of Protocol Fuzz Testing**: - There is currently a lack of a systematic review in the field of protocol fuzz testing. Although there are some survey articles on traditional software fuzz testing, they cannot fully cover the unique challenges, existing solutions, and future research directions of protocol fuzz testing. 2. **Identifying Unique Challenges of Protocol Fuzz Testing**: - Protocol fuzz testing significantly differs from traditional software fuzz testing. These differences mainly lie in the complexity of communication and the limitations of the testing environment. Specifically: - **High Communication Complexity**: Protocols need to adhere to strict semantic constraints, including intra-message and inter-message constraints. Additionally, protocols must ensure characteristics such as timing requirements, authentication, confidentiality, and concurrency. - **Constrained Testing Environment**: Many protocols are tightly coupled with hardware, especially protocols at the physical layer and data link layer, or protocols in specific domains (e.g., automotive, industrial control systems, power grids, and aviation systems). These hardware dependencies limit testing throughput and the application of advanced fuzz testing techniques. 3. **Summarizing Existing Research Work**: - This paper provides a detailed summary of the methods and techniques used in existing research to address the challenges of protocol fuzz testing. These methods include the design and optimization of input generators, executors, and vulnerability collectors. 4. **Exploring Future Research Directions**: - The paper also discusses potential future research directions in the field of protocol fuzz testing to guide future academic and industrial research. Through the above content, this paper aims to provide researchers and industry practitioners with a comprehensive guide to better understand and address the various challenges in protocol fuzz testing.