NexTech 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • UBICOMM 2021, The Fifteenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2021, The Fifteenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2021, The Fifteenth International Conference on Advances in Semantic Processing
  • AMBIENT 2021, The Eleventh International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2021, The Thirteenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2021, The Tenth International Conference on Data Analytics
  • GLOBAL HEALTH 2021, The Tenth International Conference on Global Health Challenges
  • CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems

SoftNet 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • ICSEA 2021, The Sixteenth International Conference on Software Engineering Advances
  • ICSNC 2021, The Sixteenth International Conference on Systems and Networks Communications
  • CENTRIC 2021, The Fourteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2021, The Thirteenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2021, The Thirteenth International Conference on Advances in System Simulation
  • SOTICS 2021, The Eleventh International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2021, The Tenth International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2021, The Sixth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

NetWare 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • SENSORCOMM 2021, The Fifteenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2021, The Twelfth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2021, The Fifteenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2021, The Thirteenth International Conference on Advances in Future Internet
  • CENICS 2021, The Fourteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2021, The Fifteenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2021, The Seventh International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2021, The Sixth International Conference on Green Communications, Computing and Technologies

TrendNews 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • CORETA 2021, Advances on Core Technologies and Applications
  • DIGITAL 2021, Advances on Societal Digital Transformation

 


ThinkMind // CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems // View article cyber_2021_1_120_80083


A Potentially Specious Cyber Security Offering for 5G/B5G/6G: Software Supply Chain Vulnerabilities within Certain Fuzzing Modules

Authors:
Steve Chan

Keywords: cyber security; fuzzing; wireless networks; 5G; autonomous vehicles; grey-box concolic fuzzer.

Abstract:
A plethora of fuzzing Tactics, Techniques, and Procedures (TTPs) have been either proposed or described in the literature for the purpose of discerning software vulnerabilities with efficacy. The benefits of fuzzing have been well documented, such as when researchers found dozens of vulnerabilities in 4G LTE wireless networks, and fuzzing has become prevalent among the disparate actors within the wireless network ecosystem (to include 5G). However, fuzzing implementations are varied, and ironically, in some cases, implementations have utilized software bundles that have contained known “High Severity” Common Vulnerabilities and Exposures (CVE). On the surface, it seems that fuzzing the fuzzing module itself would constitute a simple solution to this issue. However, prototypical fuzzers have coverage issues (i.e., they only fuzz certain lines of code or sections of the software program). In addition, as numerous fuzzers utilize Docker containers, which are essentially inert when not in use, the complexity of the challenge is non-trivial. This paper introduces a fuzzing framework that capitalizes upon a sequence of bespoke grey-box concolic (i.e., hybridized symbolic and concrete execution) fuzzers (one set that fuzzes the next) to better address the coverage issue (as well as more likely to discern CVEs) and leverage their hybridized nature to overcome the disadvantages of black-box (higher computational performance, but lower coverage) and white-box fuzzers (e.g., lower computational performance, but higher coverage). The introduced bespoke grey-box concolic fuzzer architecture has certain advantages over other Coverage-based Grey-box Fuzzers (CGF) via the numerical stability-centric approach by which it selects seeds, undertakes seed scheduling, and operationalizes the seed pool.

Pages: 43 to 50

Copyright: Copyright (c) IARIA, 2021

Publication date: October 3, 2021

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-893-8

Location: Barcelona, Spain

Dates: from October 3, 2021 to October 7, 2021

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.