Nyx-net: network fuzzing with incremental snapshots

  • Coverage-guided fuzz testing ("fuzzing") has become mainstream and we have observed lots of progress in this research area recently. However, it is still challenging to efficiently test network services with existing coverage-guided fuzzing methods. In this paper, we introduce the design and implementation of Nyx-Net, a novel snapshot-based fuzzing approach that can successfully fuzz a wide range of targets spanning servers, clients, games, and even Firefox's Inter-Process Communication (IPC) interface. Compared to state-of-the-art methods, Nyx-Net improves test throughput by up to 300x and coverage found by up to 70%. Additionally, Nyx-Net is able to find crashes in two of ProFuzzBench's targets that no other fuzzer found previously. When using Nyx-Net to play the game \(\textit {Super Mario}\), Nyx-Net shows speedups of 10--30x compared to existing work. Moreover, Nyx-Net is able to find previously unknown bugs in servers such as Lighttpd, clients such as MySQL client, and even Firefox's IPC mechanism---demonstrating the strength and versatility of the proposed approach. Lastly, our prototype implementation was awarded a $20.000 bug bounty for enabling fuzzing on previously unfuzzable code in Firefox and solving a long-standing problem at Mozilla.

Download full text files

Export metadata

Additional Services

Share in Twitter Search Google Scholar
Author:Sergej SchumiloGND, Cornelius AschermannGND, Andrea JemmettGND, Ali AbbasiORCiDGND, Thorsten HolzORCiDGND
Parent Title (English):EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems
Publisher:Association for Computing Machinery
Place of publication:New York City, New York
Document Type:Article
Date of Publication (online):2024/02/23
Date of first Publication:2022/03/28
Publishing Institution:Ruhr-Universität Bochum, Universitätsbibliothek
Tag:Fuzzing; Software Security; Testing
First Page:166
Last Page:180
Institutes/Facilities:Lehrstuhl für Systemsicherheit
Dewey Decimal Classification:Technik, Medizin, angewandte Wissenschaften / Elektrotechnik, Elektronik
open_access (DINI-Set):open_access
faculties:Fakultät für Elektrotechnik und Informationstechnik
Licence (English):License LogoCreative Commons - CC BY 4.0 - Attribution 4.0 International