L. Zhiqiang, Peng Jianshan, Bi Yechuan, Liang Xiaowei
{"title":"基于KVM PT的网络关键设备覆盖反馈模糊测试","authors":"L. Zhiqiang, Peng Jianshan, Bi Yechuan, Liang Xiaowei","doi":"10.1109/ICCEA53728.2021.00025","DOIUrl":null,"url":null,"abstract":"With the advent of the network era, network security has attracted more and more attention. As the key node in the network, network key devices play an important role in protecting the internal network and ensuring the network security. For the vulnerability of network key devices, security analysis has become an important concern of security personnel. Fuzzing is an automatic and effective vulnerability mining technology. In this paper, we propose the first coverage feedback fuzzy testing framework based on KVM PT technology for network key devices, aiming to solve the feasibility of applying fuzzy tools in network critical devices. At the same time, a fuzzy test agent technology based on firmware modification is proposed to help speed up the call of testcases. We evaluated the framework on Cisco ASA firewall, and trigger CVE-2018-0101, which proves the effectiveness of the framework.","PeriodicalId":325790,"journal":{"name":"2021 International Conference on Computer Engineering and Application (ICCEA)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"KVM PT Based Coverage Feedback Fuzzing for Network Key Devices\",\"authors\":\"L. Zhiqiang, Peng Jianshan, Bi Yechuan, Liang Xiaowei\",\"doi\":\"10.1109/ICCEA53728.2021.00025\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the advent of the network era, network security has attracted more and more attention. As the key node in the network, network key devices play an important role in protecting the internal network and ensuring the network security. For the vulnerability of network key devices, security analysis has become an important concern of security personnel. Fuzzing is an automatic and effective vulnerability mining technology. In this paper, we propose the first coverage feedback fuzzy testing framework based on KVM PT technology for network key devices, aiming to solve the feasibility of applying fuzzy tools in network critical devices. At the same time, a fuzzy test agent technology based on firmware modification is proposed to help speed up the call of testcases. We evaluated the framework on Cisco ASA firewall, and trigger CVE-2018-0101, which proves the effectiveness of the framework.\",\"PeriodicalId\":325790,\"journal\":{\"name\":\"2021 International Conference on Computer Engineering and Application (ICCEA)\",\"volume\":\"90 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Computer Engineering and Application (ICCEA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCEA53728.2021.00025\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computer Engineering and Application (ICCEA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCEA53728.2021.00025","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
KVM PT Based Coverage Feedback Fuzzing for Network Key Devices
With the advent of the network era, network security has attracted more and more attention. As the key node in the network, network key devices play an important role in protecting the internal network and ensuring the network security. For the vulnerability of network key devices, security analysis has become an important concern of security personnel. Fuzzing is an automatic and effective vulnerability mining technology. In this paper, we propose the first coverage feedback fuzzy testing framework based on KVM PT technology for network key devices, aiming to solve the feasibility of applying fuzzy tools in network critical devices. At the same time, a fuzzy test agent technology based on firmware modification is proposed to help speed up the call of testcases. We evaluated the framework on Cisco ASA firewall, and trigger CVE-2018-0101, which proves the effectiveness of the framework.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
