DataSys 2023 Congress
June 26, 2023 to June 30, 2023 - Nice, Saint-Laurent-du-Var, France

  • AICT 2023, The Nineteenth Advanced International Conference on Telecommunications
  • ICIW 2023, The Eighteenth International Conference on Internet and Web Applications and Services
  • ICIMP 2023, The Eighteenth International Conference on Internet Monitoring and Protection
  • SMART 2023, The Twelfth International Conference on Smart Cities, Systems, Devices and Technologies
  • IMMM 2023, The Thirteenth International Conference on Advances in Information Mining and Management
  • INFOCOMP 2023, The Thirteenth International Conference on Advanced Communications and Computation
  • MOBILITY 2023, The Thirteenth International Conference on Mobile Services, Resources, and Users
  • SPWID 2023, The Ninth International Conference on Smart Portable, Wearable, Implantable and Disability-oriented Devices and Systems
  • ACCSE 2023, The Eighth International Conference on Advances in Computation, Communications and Services

ComputationWorld 2023 Congress
June 26, 2023 to June 30, 2023 - Nice, Saint-Laurent-du-Var, France

  • SERVICE COMPUTATION 2023, The Fifteenth International Conference on Advanced Service Computing
  • CLOUD COMPUTING 2023, The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization
  • FUTURE COMPUTING 2023, The Fifteenth International Conference on Future Computational Technologies and Applications
  • COGNITIVE 2023, The Fifteenth International Conference on Advanced Cognitive Technologies and Applications
  • ADAPTIVE 2023, The Fifteenth International Conference on Adaptive and Self-Adaptive Systems and Applications
  • CONTENT 2023, The Fifteenth International Conference on Creative Content Technologies
  • PATTERNS 2023, The Fifteenth International Conference on Pervasive Patterns and Applications
  • COMPUTATION TOOLS 2023, The Fourteenth International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking
  • BUSTECH 2023, The Thirteenth International Conference on Business Intelligence and Technology

NetWare 2023 Congress
September 25, 2023 to September 29, 2023 - Porto, Portugal

  • SENSORCOMM 2023, The Seventeenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2023, The Fourteenth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2023, The Seventeenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2023, The Fifteenth International Conference on Advances in Future Internet
  • CENICS 2023, The Sixteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2023, The Seventeenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2023, The Ninth International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2023, The Eighth International Conference on Green Communications, Computing and Technologies

NexTech 2023 Congress
September 25, 2023 to September 29, 2023 - Porto, Portugal

  • UBICOMM 2023, The Seventeenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2023, The Seventeenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2023, The Seventeenth International Conference on Advances in Semantic Processing
  • AMBIENT 2023, The Thirteenth International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2023, The Fifteenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2023, The Twelfth International Conference on Data Analytics
  • GLOBAL HEALTH 2023, The Twelfth International Conference on Global Health Challenges
  • CYBER 2023, The Eighth International Conference on Cyber-Technologies and Cyber-Systems

TrendNews 2023 Congress
September 25, 2023 to September 29, 2023 - Porto, Portugal

  • CORETA 2023, Advances on Core Technologies and Applications
  • DIGITAL 2023, Advances on Societal Digital Transformation

SocSys 2023 Congress
November 13, 2023 to November 17, 2023 - Valencia, Spain

SoftNet 2023 Congress
November 13, 2023 to November 17, 2023 - Valencia, Spain

  • ICSEA 2023, The Eighteenth International Conference on Software Engineering Advances
  • ICSNC 2023, The Eighteenth International Conference on Systems and Networks Communications
  • CENTRIC 2023, The Sixteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2023, The Fifteenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2023, The Fifteenth International Conference on Advances in System Simulation
  • SOTICS 2023, The Thirteenth International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2023, The Twelfth International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2023, The Eighth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

IARIA Congress 2023, The 2023 IARIA Annual Congress on Frontiers in Science, Technology, Services, and Applications
November 13, 2023 to November 17, 2023 - Valencia, Spain

 

 

ThinkMind // CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems // View article cyber_2021_1_120_80083

A Potentially Specious Cyber Security Offering for 5G/B5G/6G: Software Supply Chain Vulnerabilities within Certain Fuzzing Modules

Authors:
Steve Chan

Keywords: cyber security; fuzzing; wireless networks; 5G; autonomous vehicles; grey-box concolic fuzzer.

Abstract:
A plethora of fuzzing Tactics, Techniques, and Procedures (TTPs) have been either proposed or described in the literature for the purpose of discerning software vulnerabilities with efficacy. The benefits of fuzzing have been well documented, such as when researchers found dozens of vulnerabilities in 4G LTE wireless networks, and fuzzing has become prevalent among the disparate actors within the wireless network ecosystem (to include 5G). However, fuzzing implementations are varied, and ironically, in some cases, implementations have utilized software bundles that have contained known “High Severity” Common Vulnerabilities and Exposures (CVE). On the surface, it seems that fuzzing the fuzzing module itself would constitute a simple solution to this issue. However, prototypical fuzzers have coverage issues (i.e., they only fuzz certain lines of code or sections of the software program). In addition, as numerous fuzzers utilize Docker containers, which are essentially inert when not in use, the complexity of the challenge is non-trivial. This paper introduces a fuzzing framework that capitalizes upon a sequence of bespoke grey-box concolic (i.e., hybridized symbolic and concrete execution) fuzzers (one set that fuzzes the next) to better address the coverage issue (as well as more likely to discern CVEs) and leverage their hybridized nature to overcome the disadvantages of black-box (higher computational performance, but lower coverage) and white-box fuzzers (e.g., lower computational performance, but higher coverage). The introduced bespoke grey-box concolic fuzzer architecture has certain advantages over other Coverage-based Grey-box Fuzzers (CGF) via the numerical stability-centric approach by which it selects seeds, undertakes seed scheduling, and operationalizes the seed pool.

Pages: 43 to 50

Copyright: Copyright (c) IARIA, 2021

Publication date: October 3, 2021

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-893-8

Location: Barcelona, Spain

Dates: from October 3, 2021 to October 7, 2021

SERVICES CONTACT
2010 - 2022 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.