HyFuzz: A NextG Hybrid Testing Platform for Multi-step Deep Fuzzing and Performance Assessment from Virtualization to Over-the-Air

Jingda Yang, Ying Wang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

The paper presents HyFuzz, the first-of-its-kind framework that enables multi-step interactive deep fuzzing for NextG cybersecurity assurance. HyFuzz operates across hybrid radio platforms, piloted on srsRAN in this paper. HyFuzz showcases the versatility of fuzz testing, facilitating both virtualized and Over-the-Air (OTA) testing environments, enabling assessment at different protocol layers. Virtualized mode is designed from a holistic perspective and serves as a valuable guide in identifying high-risk commands through single-point fuzz testing. Subsequently, we present OTA mode facilitates deeper verification and enables extensive multi-point fuzz testing, ensuring a comprehensive assessment and causation analysis of system vulnerabilities. Virtualized mode provides low-cost, agile testing that satisfies the demands of smoke tests and fast validation. Compared with virtualized fuzz testing, over-the-air fuzz testing enables thorough analysis of commands via parsing hex number formatted commands, which provides a clear understanding of the vulnerable command sequence or identifiers within the commands and an in-depth explanation of the underlying causation chain. Further, we demonstrate two types of fuzz testing emulating common network attacks: bit- and command-level fuzz testing, targeting confidentiality-related and integrity-related vulnerabilities separately. Via the combination of the two modes using both bit- and command-level fuzzing, we present and reveal 4 so far undiscovered types of vulnerabilities according to our knowledge that compromise security assurance through multi-point complex attack strategies.

Original languageEnglish
Title of host publication2023 IEEE 12th International Conference on Cloud Networking, CloudNet 2023
Pages274-280
Number of pages7
ISBN (Electronic)9798350313062
DOIs
StatePublished - 2023
Event12th IEEE International Conference on Cloud Networking, CloudNet 2023 - Hoboken, United States
Duration: 1 Nov 20233 Nov 2023

Publication series

Name2023 IEEE 12th International Conference on Cloud Networking, CloudNet 2023

Conference

Conference12th IEEE International Conference on Cloud Networking, CloudNet 2023
Country/TerritoryUnited States
CityHoboken
Period1/11/233/11/23

Keywords

  • Fuzz testing
  • Non-Intrusive Platform
  • Over-the-Air
  • Virtualization
  • Vulnerabilities

Fingerprint

Dive into the research topics of 'HyFuzz: A NextG Hybrid Testing Platform for Multi-step Deep Fuzzing and Performance Assessment from Virtualization to Over-the-Air'. Together they form a unique fingerprint.

Cite this