In this paper,we propose a new privacy-aware transmission scheduling algorithm for 6G ad hoc networks.This system enables end nodes to select the optimum time and scheme to transmit private data safely.In 6G dynamic h...In this paper,we propose a new privacy-aware transmission scheduling algorithm for 6G ad hoc networks.This system enables end nodes to select the optimum time and scheme to transmit private data safely.In 6G dynamic heterogeneous infrastructures,unstable links and non-uniform hardware capabilities create critical issues regarding security and privacy.Traditional protocols are often too computationally heavy to allow 6G services to achieve their expected Quality-of-Service(QoS).As the transport network is built of ad hoc nodes,there is no guarantee about their trustworthiness or behavior,and transversal functionalities are delegated to the extreme nodes.However,while security can be guaranteed in extreme-to-extreme solutions,privacy cannot,as all intermediate nodes still have to handle the data packets they are transporting.Besides,traditional schemes for private anonymous ad hoc communications are vulnerable against modern intelligent attacks based on learning models.The proposed scheme fulfills this gap.Findings show the probability of a successful intelligent attack reduces by up to 65%compared to ad hoc networks with no privacy protection strategy when used the proposed technology.While congestion probability can remain below 0.001%,as required in 6G services.展开更多
With the rapid development of Internet technology,REST APIs(Representational State Transfer Application Programming Interfaces)have become the primary communication standard in modern microservice architectures,raisin...With the rapid development of Internet technology,REST APIs(Representational State Transfer Application Programming Interfaces)have become the primary communication standard in modern microservice architectures,raising increasing concerns about their security.Existing fuzz testing methods include random or dictionary-based input generation,which often fail to ensure both syntactic and semantic correctness,and OpenAPIbased approaches,which offer better accuracy but typically lack detailed descriptions of endpoints,parameters,or data formats.To address these issues,this paper proposes the APIDocX fuzz testing framework.It introduces a crawler tailored for dynamic web pages that automatically simulates user interactions to trigger APIs,capturing and extracting parameter information from communication packets.A multi-endpoint parameter adaptation method based on improved Jaccard similarity is then used to generalize these parameters to other potential API endpoints,filling in gaps in OpenAPI specifications.Experimental results demonstrate that the extracted parameters can be generalized with 79.61%accuracy.Fuzz testing using the enriched OpenAPI documents leads to improvements in test coverage,the number of valid test cases generated,and fault detection capabilities.This approach offers an effective enhancement to automated REST API security testing.展开更多
Fuzz testing is a widely adopted technique for uncovering bugs and security vulnerabilities in embedded firmware.However,many embedded systems heavily rely on peripherals,rendering conventional fuzzing techniques inef...Fuzz testing is a widely adopted technique for uncovering bugs and security vulnerabilities in embedded firmware.However,many embedded systems heavily rely on peripherals,rendering conventional fuzzing techniques ineffective.When peripheral responses are missing or incorrect,fuzzing a firmware may crash or exit prematurely,significantly limiting code coverage.While prior re-hosting approaches have made progress in simulating Memory-Mapped Input/Output(MMIO)and interrupt-based peripherals,they either ignore Direct Memory Access(DMA)or handle it oversimplified.In this work,we present ADFEmu,a novel automated firmware re-hosting framework that enables effective fuzzing of DMA-enabled firmware.ADFEmu integrates concolic execution with large language models(LLMs)to semantically emulate DMA operations and synthesize peripheral input sequences intelligently.Specifically,it learns DMA transfer patterns from the firmware’s context and employs guided symbolic execution to explore deeper and more diverse execution paths.This approach allows firmware to operate stably without hardware dependencies while achieving higher fidelity in emulation.Evaluated on real-world embedded firmware samples,ADFEmu achieves a 100%re-hosting success rate,improves total execution path exploration by 5.31%,and triggers more crashes compared to the state-of-the-art.These results highlight ADFEmu’s effectiveness in overcoming long-standing limitations of DMA emulation and its potential to advance automated vulnerability discovery in peripheral-rich embedded environments.展开更多
The development of the Internet of Things(IoT)has brought convenience to people’s lives,but it also introduces significant security risks.Due to the limitations of IoT devices themselves and the challenges of re-host...The development of the Internet of Things(IoT)has brought convenience to people’s lives,but it also introduces significant security risks.Due to the limitations of IoT devices themselves and the challenges of re-hosting technology,existing fuzzing for IoT devices is mainly conducted through black-box methods,which lack effective execution feedback and are blind.Meanwhile,the existing static methods mainly rely on taint analysis,which has high overhead and high false alarm rates.We propose a new directed fuzz testing method for detecting bugs in web service programs of IoT devices,which can test IoT devices more quickly and efficiently.Specifically,we identify external input entry points using multiple features.Then we quickly find sensitive targets and paths affected by external input sources based on sensitive data flow analysis of decompiled code,treating them as testing objects.Finally,we performa directed fuzzing test.We use debugging interfaces to collect execution feedback and guide the programto reach sensitive targets based on programpruning techniques.We have implemented a prototype system,AntDFuzz,and evaluated it on firmware fromten devices across five well-known manufacturers.We discovered twelve potential vulnerabilities,seven of which were confirmed and assigned bug id by China National Vulnerability Database(CNVD).The results show that our approach has the ability to find unknown bugs in real devices and is more efficient compared to existing tools.展开更多
Memory leak is a common software vulnerability that can decrease the reliability of an application and,in severe cases,even cause program crashes.If there are intentionally triggerable memory leak vulnerabilities in a...Memory leak is a common software vulnerability that can decrease the reliability of an application and,in severe cases,even cause program crashes.If there are intentionally triggerable memory leak vulnerabilities in a program,attackers can exploit these bugs to launch denial-of-service attacks or induce the program to exhibit unexpected behaviors due to low memory conditions.Existing fuzzing techniques primarily focus on improving code coverage,and specialized fuzzing techniques for individual memory-related defects like uncontrolled memory allocation do not address memory leak vulnerabilities.MemLock is the first fuzzing technique to address memory consumption vulnerabilities including memory leakage.However,the coverage-centric guidance mechanism of MemLock introduces a degree of aimlessness in the testing process,that results in low seed quality and slow bug exposure speed.To address this issue,we propose a risk areas guidance-based fuzzing technique called RBZZER.First,RBZZER retains MemLock’s memory consumption-guided mechanism and introduces a novel distance-guided approach to expedite the arrival of fuzzing at the potential memory areas.Second,we introduce a new seed scheduling strategy called risk areas-based seed scheduling,which classifies seeds based on potential memory leak areas in the program and further schedules them,thereby effectively improving the efficiency of discovering memory leak vulnerabilities.Experiments demonstrate that RBZZER outperforms the state-of-the-art fuzzing techniques by finding 52%more program unique crashes than the second-best counterpart.In particular,RBZZER can discover the amount of memory leakage at least 112%more than the other baseline fuzzers.Besides,RBZZER detects memory leaks at an average speed that is 9.10x faster than MemLock.展开更多
The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this crit...The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this critical ecosystem.While ISO 15118 standardizes EV-EVCS communication,its underspecified security guidelines and the variability in manufacturers’implementations frequently result in vulnerabilities that can disrupt charging services,compromise user data,or affect power grid stability.This research introduces a systematic black-box fuzzing methodology,accompanied by an open-source tool,to proactively identify and mitigate such security flaws in EVCS firmware operating under ISO 15118.The proposed approach systematically evaluates EVCS behavior by leveraging the state machine defined in the ISO 15118 standard for test case generation and execution,enabling platform-agnostic testing at the application layer.Message sequences,corresponding to valid andmutated traversals of the protocol’s state machine,are generated to uncover logical errors and improper input handling.Themethodology comprises state-aware initial sequence generation,simulated V2G session establishment,targeted message mutation correlated with defined protocol states,and rigorous response analysis to detect anomalies and system crashes.Experimental validation on an open-source EVCS implementation identified five vulnerabilities.These included session integrity weaknesses allowing unauthorized interruptions,billing manipulation through invalid metering data acceptance,and resource exhaustion vulnerabilities from specific parameter malformations leading to denial-of-service.The findings confirm the proposed method’s capability in pinpointing vulnerabilities often overlooked by standard conformance tests,thus offering a robust and practical solution for enhancing the security and resilience of the rapidly growing EV charging infrastructure.展开更多
基金funding from the European Commission by the Ruralities project(grant agreement no.101060876).
文摘In this paper,we propose a new privacy-aware transmission scheduling algorithm for 6G ad hoc networks.This system enables end nodes to select the optimum time and scheme to transmit private data safely.In 6G dynamic heterogeneous infrastructures,unstable links and non-uniform hardware capabilities create critical issues regarding security and privacy.Traditional protocols are often too computationally heavy to allow 6G services to achieve their expected Quality-of-Service(QoS).As the transport network is built of ad hoc nodes,there is no guarantee about their trustworthiness or behavior,and transversal functionalities are delegated to the extreme nodes.However,while security can be guaranteed in extreme-to-extreme solutions,privacy cannot,as all intermediate nodes still have to handle the data packets they are transporting.Besides,traditional schemes for private anonymous ad hoc communications are vulnerable against modern intelligent attacks based on learning models.The proposed scheme fulfills this gap.Findings show the probability of a successful intelligent attack reduces by up to 65%compared to ad hoc networks with no privacy protection strategy when used the proposed technology.While congestion probability can remain below 0.001%,as required in 6G services.
基金supported by the Open Foundation of Key Laboratory of Cyberspace Security,Ministry of Education of China(KLCS20240211)。
文摘With the rapid development of Internet technology,REST APIs(Representational State Transfer Application Programming Interfaces)have become the primary communication standard in modern microservice architectures,raising increasing concerns about their security.Existing fuzz testing methods include random or dictionary-based input generation,which often fail to ensure both syntactic and semantic correctness,and OpenAPIbased approaches,which offer better accuracy but typically lack detailed descriptions of endpoints,parameters,or data formats.To address these issues,this paper proposes the APIDocX fuzz testing framework.It introduces a crawler tailored for dynamic web pages that automatically simulates user interactions to trigger APIs,capturing and extracting parameter information from communication packets.A multi-endpoint parameter adaptation method based on improved Jaccard similarity is then used to generalize these parameters to other potential API endpoints,filling in gaps in OpenAPI specifications.Experimental results demonstrate that the extracted parameters can be generalized with 79.61%accuracy.Fuzz testing using the enriched OpenAPI documents leads to improvements in test coverage,the number of valid test cases generated,and fault detection capabilities.This approach offers an effective enhancement to automated REST API security testing.
基金funded by the Science and Technology Project of State Grid Jiangsu Electric Power Company Ltd.,grant number J2024169.
文摘Fuzz testing is a widely adopted technique for uncovering bugs and security vulnerabilities in embedded firmware.However,many embedded systems heavily rely on peripherals,rendering conventional fuzzing techniques ineffective.When peripheral responses are missing or incorrect,fuzzing a firmware may crash or exit prematurely,significantly limiting code coverage.While prior re-hosting approaches have made progress in simulating Memory-Mapped Input/Output(MMIO)and interrupt-based peripherals,they either ignore Direct Memory Access(DMA)or handle it oversimplified.In this work,we present ADFEmu,a novel automated firmware re-hosting framework that enables effective fuzzing of DMA-enabled firmware.ADFEmu integrates concolic execution with large language models(LLMs)to semantically emulate DMA operations and synthesize peripheral input sequences intelligently.Specifically,it learns DMA transfer patterns from the firmware’s context and employs guided symbolic execution to explore deeper and more diverse execution paths.This approach allows firmware to operate stably without hardware dependencies while achieving higher fidelity in emulation.Evaluated on real-world embedded firmware samples,ADFEmu achieves a 100%re-hosting success rate,improves total execution path exploration by 5.31%,and triggers more crashes compared to the state-of-the-art.These results highlight ADFEmu’s effectiveness in overcoming long-standing limitations of DMA emulation and its potential to advance automated vulnerability discovery in peripheral-rich embedded environments.
文摘The development of the Internet of Things(IoT)has brought convenience to people’s lives,but it also introduces significant security risks.Due to the limitations of IoT devices themselves and the challenges of re-hosting technology,existing fuzzing for IoT devices is mainly conducted through black-box methods,which lack effective execution feedback and are blind.Meanwhile,the existing static methods mainly rely on taint analysis,which has high overhead and high false alarm rates.We propose a new directed fuzz testing method for detecting bugs in web service programs of IoT devices,which can test IoT devices more quickly and efficiently.Specifically,we identify external input entry points using multiple features.Then we quickly find sensitive targets and paths affected by external input sources based on sensitive data flow analysis of decompiled code,treating them as testing objects.Finally,we performa directed fuzzing test.We use debugging interfaces to collect execution feedback and guide the programto reach sensitive targets based on programpruning techniques.We have implemented a prototype system,AntDFuzz,and evaluated it on firmware fromten devices across five well-known manufacturers.We discovered twelve potential vulnerabilities,seven of which were confirmed and assigned bug id by China National Vulnerability Database(CNVD).The results show that our approach has the ability to find unknown bugs in real devices and is more efficient compared to existing tools.
基金supported by the National Key R&D Program of China(No.2021YFB3101803).
文摘Memory leak is a common software vulnerability that can decrease the reliability of an application and,in severe cases,even cause program crashes.If there are intentionally triggerable memory leak vulnerabilities in a program,attackers can exploit these bugs to launch denial-of-service attacks or induce the program to exhibit unexpected behaviors due to low memory conditions.Existing fuzzing techniques primarily focus on improving code coverage,and specialized fuzzing techniques for individual memory-related defects like uncontrolled memory allocation do not address memory leak vulnerabilities.MemLock is the first fuzzing technique to address memory consumption vulnerabilities including memory leakage.However,the coverage-centric guidance mechanism of MemLock introduces a degree of aimlessness in the testing process,that results in low seed quality and slow bug exposure speed.To address this issue,we propose a risk areas guidance-based fuzzing technique called RBZZER.First,RBZZER retains MemLock’s memory consumption-guided mechanism and introduces a novel distance-guided approach to expedite the arrival of fuzzing at the potential memory areas.Second,we introduce a new seed scheduling strategy called risk areas-based seed scheduling,which classifies seeds based on potential memory leak areas in the program and further schedules them,thereby effectively improving the efficiency of discovering memory leak vulnerabilities.Experiments demonstrate that RBZZER outperforms the state-of-the-art fuzzing techniques by finding 52%more program unique crashes than the second-best counterpart.In particular,RBZZER can discover the amount of memory leakage at least 112%more than the other baseline fuzzers.Besides,RBZZER detects memory leaks at an average speed that is 9.10x faster than MemLock.
基金support of the Korea Internet&Security Agency(KISA)—Information Security Specialized University Support Project(50%)supported by a grant from the Korea Electric Power Corporation(R24XO01-4,50%)for basic research and development projects starting in 2024.
文摘The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this critical ecosystem.While ISO 15118 standardizes EV-EVCS communication,its underspecified security guidelines and the variability in manufacturers’implementations frequently result in vulnerabilities that can disrupt charging services,compromise user data,or affect power grid stability.This research introduces a systematic black-box fuzzing methodology,accompanied by an open-source tool,to proactively identify and mitigate such security flaws in EVCS firmware operating under ISO 15118.The proposed approach systematically evaluates EVCS behavior by leveraging the state machine defined in the ISO 15118 standard for test case generation and execution,enabling platform-agnostic testing at the application layer.Message sequences,corresponding to valid andmutated traversals of the protocol’s state machine,are generated to uncover logical errors and improper input handling.Themethodology comprises state-aware initial sequence generation,simulated V2G session establishment,targeted message mutation correlated with defined protocol states,and rigorous response analysis to detect anomalies and system crashes.Experimental validation on an open-source EVCS implementation identified five vulnerabilities.These included session integrity weaknesses allowing unauthorized interruptions,billing manipulation through invalid metering data acceptance,and resource exhaustion vulnerabilities from specific parameter malformations leading to denial-of-service.The findings confirm the proposed method’s capability in pinpointing vulnerabilities often overlooked by standard conformance tests,thus offering a robust and practical solution for enhancing the security and resilience of the rapidly growing EV charging infrastructure.
