{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T12:59:40Z","timestamp":1740142780355,"version":"3.37.3"},"reference-count":38,"publisher":"Oxford University Press (OUP)","issue":"5","license":[{"start":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T00:00:00Z","timestamp":1701302400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61402526","61502528","61402525","61802115"],"award-info":[{"award-number":["61402526","61502528","61402525","61802115"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Science and Technology Major Project of He\u2019nan Province","award":["221100240100"],"award-info":[{"award-number":["221100240100"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,6,22]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>As the number of Internet of Thing (IoT) devices increases, attacks against their vulnerabilities have become a serious threat. The web servers (WSs) in IoT devices provide management services for end-users, which are currently the major attack surface. Several fuzzing solutions for identifying vulnerabilities in IoT devices have been proposed, but there is currently no grey-box fuzzer specifically designed for the unique features of WSs in IoT to effectively detect memory corruption vulnerabilities. We design and implement KVFL, an efficient grey-box fuzzer, to address the issues of low throughput and slow exploration of deep code when fuzzing for IoT WSs. Firstly, KVFL employs a delicate hooking technology that heuristically hijacks and emulates hardware-dependent functions, ensuring WSs can be accurately and efficiently emulated in user-mode. On this basis, KVFL fully utilizes the loop parsing HTTP requests feature of WSs through a redesigned fork-server, to minimize nonessential rebooting losses of the target, thereby significantly improving fuzzing throughput. Secondly, KVFL leverages code coverage feedback to automatically infer a set of valid Keys and derive a Key-Value mutation. This enables the generation of high-quality test cases that can facilitate deeper code exploration of WSs. The evaluation results show that compared to the state-of-the-art IoT grey-box fuzzer FIRM-AFL, KVFL improves the throughput by over 2\u00d7 and explores 4.5\u00d7 more edges. Additionally, it identifies all 1-day vulnerabilities with over 7\u00d7 faster speed than the baseline and detects three previously unknown 0-day vulnerabilities. These all indicate that KVFL is effective and efficient at fuzzing IoT WSs.<\/jats:p>","DOI":"10.1093\/comjnl\/bxad110","type":"journal-article","created":{"date-parts":[[2023,12,2]],"date-time":"2023-12-02T10:28:58Z","timestamp":1701512938000},"page":"1892-1909","source":"Crossref","is-referenced-by-count":2,"title":["KVFL: Key-Value-Based Persistent Fuzzing for IoT Web Servers"],"prefix":"10.1093","volume":"67","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6078-1337","authenticated-orcid":false,"given":"Chiheng","family":"Wang","sequence":"first","affiliation":[{"name":"State Key Laboratory of Mathematical Engineering and Advanced Computing , Gaoxin District, Zhengzhou 450001 , China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7598-5495","authenticated-orcid":false,"given":"Shibin","family":"Zhao","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Mathematical Engineering and Advanced Computing , Gaoxin District, Zhengzhou 450001 , China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-4941-1250","authenticated-orcid":false,"given":"Jianshan","family":"Peng","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Mathematical Engineering and Advanced Computing , Gaoxin District, Zhengzhou 450001 , China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6914-2424","authenticated-orcid":false,"given":"Junhu","family":"Zhu","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Mathematical Engineering and Advanced Computing , Gaoxin District, Zhengzhou 450001 , China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2023,11,30]]},"reference":[{"year":"2020","author":"Luethl","key":"2024062312403289500_ref1"},{"year":"2021","author":"Sinha","key":"2024062312403289500_ref2"},{"key":"2024062312403289500_ref3"},{"key":"2024062312403289500_ref4"},{"year":"2021","author":"Wegner","key":"2024062312403289500_ref5"},{"key":"2024062312403289500_ref6"},{"key":"2024062312403289500_ref7","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1109\/TSE.2017.2785841","article-title":"Coverage-based greybox fuzzing as markov chain","volume":"45","author":"B\u00f6hme","year":"2017","journal-title":"IEEE Trans. Softw. Eng."},{"key":"2024062312403289500_ref8","doi-asserted-by":"crossref","first-page":"2329","DOI":"10.1145\/3133956.3134020","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","author":"B\u00f6hme","year":"2017"},{"key":"2024062312403289500_ref9","doi-asserted-by":"crossref","first-page":"679","DOI":"10.1109\/SP.2018.00040","volume-title":"2018 IEEE Symposium on Security and Privacy (SP)","author":"Gan","year":"2018"},{"key":"2024062312403289500_ref10","first-page":"2577","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Gan","year":"2020"},{"key":"2024062312403289500_ref11","first-page":"1949","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Lyu","year":"2019"},{"volume-title":"14th USENIX Workshop on Offensive Technologies (WOOT 20)","year":"2020","author":"Fioraldi","key":"2024062312403289500_ref12"},{"volume-title":"Network and Distributed System Security Symposium","year":"2018","author":"Chen","key":"2024062312403289500_ref13"},{"key":"2024062312403289500_ref14","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s42400-021-00091-9","article-title":"ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-type vulnerabilities","volume":"4","author":"Zhang","year":"2021","journal-title":"Cybersecurity"},{"key":"2024062312403289500_ref15","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1145\/3460120.3484543","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","author":"Feng","year":"2021"},{"key":"2024062312403289500_ref16","doi-asserted-by":"crossref","first-page":"484","DOI":"10.1109\/SP40001.2021.00066","volume-title":"2021 IEEE Symposium on Security and Privacy (SP)","author":"Redini","year":"2021"},{"volume-title":"Network and Distributed System Security Symposium","year":"2018","author":"Muench","key":"2024062312403289500_ref17"},{"key":"2024062312403289500_ref18","doi-asserted-by":"crossref","first-page":"1.1","DOI":"10.1007\/978-3-319-46298-1","volume-title":"Network and Distributed System Security Symposium","author":"Chen","year":"2016"},{"key":"2024062312403289500_ref19","first-page":"1099","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zheng","year":"2019"},{"key":"2024062312403289500_ref20"},{"key":"2024062312403289500_ref21","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1145\/2897845.2897900","volume-title":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","author":"Costin","year":"2016"},{"key":"2024062312403289500_ref22","first-page":"10.5555","volume-title":"USENIX Annual Technical Conference, FREENIX Track","author":"Bellard","year":"2005"},{"key":"2024062312403289500_ref23","first-page":"1","volume-title":"Network and Distributed System Security Symposium","author":"Zaddach","year":"2014"},{"key":"2024062312403289500_ref24","first-page":"1.1","volume-title":"Network and Distributed System Security Symposium","author":"Shoshitaishvili","year":"2015"},{"key":"2024062312403289500_ref25","doi-asserted-by":"crossref","first-page":"1544","DOI":"10.1109\/SP40000.2020.00036","volume-title":"2020 IEEE Symposium on Security and Privacy (SP)","author":"Redini","year":"2020"},{"key":"2024062312403289500_ref26","first-page":"303","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Chen","year":"2021"},{"key":"2024062312403289500_ref27"},{"year":"2015","author":"lcamtuf","key":"2024062312403289500_ref28"},{"key":"2024062312403289500_ref29","doi-asserted-by":"crossref","first-page":"460","DOI":"10.1109\/ICST46399.2020.00062","volume-title":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","author":"Pham","year":"2020"},{"key":"2024062312403289500_ref30","doi-asserted-by":"crossref","first-page":"2525","DOI":"10.1145\/3319535.3363247","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","author":"Yu","year":"2019"},{"key":"2024062312403289500_ref31","doi-asserted-by":"crossref","first-page":"18490","DOI":"10.1109\/ACCESS.2019.2895025","article-title":"SPFuzz: a hierarchical scheduling framework for stateful network protocol fuzzing","volume":"7","author":"Song","year":"2019","journal-title":"IEEE Access"},{"key":"2024062312403289500_ref32"},{"key":"2024062312403289500_ref33","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1109\/EuroSPW.2018.00009","volume-title":"2018 IEEE European Symposium On Security And Privacy Workshops (Euros&PW)","author":"Daniel","year":"2018"},{"key":"2024062312403289500_ref34","first-page":"489","volume-title":"2021 USENIX Annual Technical Conference (USENIX ATC 21)","author":"Zou","year":"2021"},{"key":"2024062312403289500_ref35","doi-asserted-by":"crossref","first-page":"2123","DOI":"10.1145\/3243734.3243804","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","author":"Klees","year":"2018"},{"key":"2024062312403289500_ref36"},{"key":"2024062312403289500_ref37"},{"key":"2024062312403289500_ref38"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/5\/1892\/58307882\/bxad110.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/5\/1892\/58307882\/bxad110.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,23]],"date-time":"2024-06-23T12:40:58Z","timestamp":1719146458000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/67\/5\/1892\/7456153"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,30]]},"references-count":38,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2023,11,30]]},"published-print":{"date-parts":[[2024,6,22]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxad110","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"type":"print","value":"0010-4620"},{"type":"electronic","value":"1460-2067"}],"subject":[],"published-other":{"date-parts":[[2024,5]]},"published":{"date-parts":[[2023,11,30]]}}}