{"title":"Black-Box Fuzzing for Security in Managed Networks: An Outline","authors":"Leon Fernandez;Gunnar Karlsson","doi":"10.1109/LNET.2023.3286443","DOIUrl":null,"url":null,"abstract":"Service providers are adopting open-source technology and open standards in their next-generation networks. This gives them great flexibility and spurs innovation. But it also means that they must ensure proper interoperability between components; otherwise, vulnerabilities might get introduced in their networks. Unfortunately, state-of-the-art vulnerability scanning tools are unable to handle the complexity of service provider networks. In this letter we show how interoperability issues between seemingly reliable components introduce an injection vulnerability that allows us to control a firewall-protected network management system. We also extend the state-of-the-art in black-box fuzzing to give service providers a tool for combating similar issues.","PeriodicalId":100628,"journal":{"name":"IEEE Networking Letters","volume":"5 4","pages":"241-244"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Networking Letters","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10153778/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Service providers are adopting open-source technology and open standards in their next-generation networks. This gives them great flexibility and spurs innovation. But it also means that they must ensure proper interoperability between components; otherwise, vulnerabilities might get introduced in their networks. Unfortunately, state-of-the-art vulnerability scanning tools are unable to handle the complexity of service provider networks. In this letter we show how interoperability issues between seemingly reliable components introduce an injection vulnerability that allows us to control a firewall-protected network management system. We also extend the state-of-the-art in black-box fuzzing to give service providers a tool for combating similar issues.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
