Network function virtualization provides programmable in-network middlewares by leveraging virtualization tech-nologies and commodity hardware and has gained popularity among all mainstream network device manufacturer...Network function virtualization provides programmable in-network middlewares by leveraging virtualization tech-nologies and commodity hardware and has gained popularity among all mainstream network device manufacturers.Yet it is challenging to apply coverage-guided fuzzing,one of the state-of-the-art vulnerability discovery approaches,to those virtualized network devices,due to inevitable integrity protection adopted by those devices.In this paper,we propose a coverage-guided fuzzing framework NDFuzz for virtualized network devices with a novel integrity protec-tion bypassing method,which is able to distinguish processes of virtualized network devices from hypervisors with a carefully designed non-intrusive page global directory inference technique.We implement NDFuzz atop of two black-box fuzzers and evaluate NDFuzz with three representative network protocols,SNMP,DHCP and NTP,on nine popular virtualized network devices.NDFuzz obtains an average 36%coverage improvement in comparison with its black-box counterparts.NDFuzz discovers 2 O-Day vulnerabilities and 11-Day vulnerability with coverage guidance while the black-box fuzzer can find only one of them.All discovered vulnerabilities are confirmed by corresponding vendors.展开更多
基金This work is supported in part by Chinese National Natural Science Foundation(61802394,U1836209,62032010)Strategic Priority Research Program of theCAS(XDC02040100)。
文摘Network function virtualization provides programmable in-network middlewares by leveraging virtualization tech-nologies and commodity hardware and has gained popularity among all mainstream network device manufacturers.Yet it is challenging to apply coverage-guided fuzzing,one of the state-of-the-art vulnerability discovery approaches,to those virtualized network devices,due to inevitable integrity protection adopted by those devices.In this paper,we propose a coverage-guided fuzzing framework NDFuzz for virtualized network devices with a novel integrity protec-tion bypassing method,which is able to distinguish processes of virtualized network devices from hypervisors with a carefully designed non-intrusive page global directory inference technique.We implement NDFuzz atop of two black-box fuzzers and evaluate NDFuzz with three representative network protocols,SNMP,DHCP and NTP,on nine popular virtualized network devices.NDFuzz obtains an average 36%coverage improvement in comparison with its black-box counterparts.NDFuzz discovers 2 O-Day vulnerabilities and 11-Day vulnerability with coverage guidance while the black-box fuzzer can find only one of them.All discovered vulnerabilities are confirmed by corresponding vendors.
