TY - GEN
T1 - HyFuzz
T2 - 12th IEEE International Conference on Cloud Networking, CloudNet 2023
AU - Yang, Jingda
AU - Wang, Ying
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The paper presents HyFuzz, the first-of-its-kind framework that enables multi-step interactive deep fuzzing for NextG cybersecurity assurance. HyFuzz operates across hybrid radio platforms, piloted on srsRAN in this paper. HyFuzz showcases the versatility of fuzz testing, facilitating both virtualized and Over-the-Air (OTA) testing environments, enabling assessment at different protocol layers. Virtualized mode is designed from a holistic perspective and serves as a valuable guide in identifying high-risk commands through single-point fuzz testing. Subsequently, we present OTA mode facilitates deeper verification and enables extensive multi-point fuzz testing, ensuring a comprehensive assessment and causation analysis of system vulnerabilities. Virtualized mode provides low-cost, agile testing that satisfies the demands of smoke tests and fast validation. Compared with virtualized fuzz testing, over-the-air fuzz testing enables thorough analysis of commands via parsing hex number formatted commands, which provides a clear understanding of the vulnerable command sequence or identifiers within the commands and an in-depth explanation of the underlying causation chain. Further, we demonstrate two types of fuzz testing emulating common network attacks: bit- and command-level fuzz testing, targeting confidentiality-related and integrity-related vulnerabilities separately. Via the combination of the two modes using both bit- and command-level fuzzing, we present and reveal 4 so far undiscovered types of vulnerabilities according to our knowledge that compromise security assurance through multi-point complex attack strategies.
AB - The paper presents HyFuzz, the first-of-its-kind framework that enables multi-step interactive deep fuzzing for NextG cybersecurity assurance. HyFuzz operates across hybrid radio platforms, piloted on srsRAN in this paper. HyFuzz showcases the versatility of fuzz testing, facilitating both virtualized and Over-the-Air (OTA) testing environments, enabling assessment at different protocol layers. Virtualized mode is designed from a holistic perspective and serves as a valuable guide in identifying high-risk commands through single-point fuzz testing. Subsequently, we present OTA mode facilitates deeper verification and enables extensive multi-point fuzz testing, ensuring a comprehensive assessment and causation analysis of system vulnerabilities. Virtualized mode provides low-cost, agile testing that satisfies the demands of smoke tests and fast validation. Compared with virtualized fuzz testing, over-the-air fuzz testing enables thorough analysis of commands via parsing hex number formatted commands, which provides a clear understanding of the vulnerable command sequence or identifiers within the commands and an in-depth explanation of the underlying causation chain. Further, we demonstrate two types of fuzz testing emulating common network attacks: bit- and command-level fuzz testing, targeting confidentiality-related and integrity-related vulnerabilities separately. Via the combination of the two modes using both bit- and command-level fuzzing, we present and reveal 4 so far undiscovered types of vulnerabilities according to our knowledge that compromise security assurance through multi-point complex attack strategies.
KW - Fuzz testing
KW - Non-Intrusive Platform
KW - Over-the-Air
KW - Virtualization
KW - Vulnerabilities
UR - http://www.scopus.com/inward/record.url?scp=85191239778&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85191239778&partnerID=8YFLogxK
U2 - 10.1109/CloudNet59005.2023.10490051
DO - 10.1109/CloudNet59005.2023.10490051
M3 - Conference contribution
AN - SCOPUS:85191239778
T3 - 2023 IEEE 12th International Conference on Cloud Networking, CloudNet 2023
SP - 274
EP - 280
BT - 2023 IEEE 12th International Conference on Cloud Networking, CloudNet 2023
Y2 - 1 November 2023 through 3 November 2023
ER -