Black-box Fuzzing for Security in Managed Networks: An Outline

Service providers are adopting open-source technology and open standards in their next-generation networks. This gives them great flexibility and spurs innovation. But it also means that they must ensure proper interoperability between components; otherwise, vulnerabilities might get introduced in t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE networking letters 2023-12, Vol.5 (4), p.1-1
Hauptverfasser: Fernandez, Leon, Karlsson, Gunnar
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Service providers are adopting open-source technology and open standards in their next-generation networks. This gives them great flexibility and spurs innovation. But it also means that they must ensure proper interoperability between components; otherwise, vulnerabilities might get introduced in their networks. Unfortunately, state-of-the-art vulnerability scanning tools are unable to handle the complexity of service provider networks. In this paper we show how interoperability issues between seemingly reliable components introduce an injection vulnerability that allows us to control a firewall-protected network management system. We also extend the state-of-the-art in black-box fuzzing to give service providers a tool for combating similar issues.
ISSN:2576-3156
2576-3156
DOI:10.1109/LNET.2023.3286443