Black-Box Fuzzing for Security in Managed Networks: An Outline

Abstract

Service providers are adopting open-source technology and open standards in their next-generation networks. This gives them great flexibility and spurs innovation. But it also means that they must ensure proper interoperability between components; otherwise, vulnerabilities might get introduced in their networks. Unfortunately, state-of-the-art vulnerability scanning tools are unable to handle the complexity of service provider networks. In this letter we show how interoperability issues between seemingly reliable components introduce an injection vulnerability that allows us to control a firewall-protected network management system. We also extend the state-of-the-art in black-box fuzzing to give service providers a tool for combating similar issues.