Title :
Vulnerability mining of Cisco router based on fuzzing
Author :
Fengjiao Li ; Luyong Zhang ; Dianjun Chen
Author_Institution :
Key Lab. of Universal Wireless Commun., Minist. of Educ., Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Router security analysis plays a vital role in maintaining network security. However, IOS, which runs in Cisco routers, has been proved carrying serious security risks. And in order to improve security, we need to conduct vulnerability mining on IOS. Currently, Fuzzing, as a simple and effective automated test technology, is widely used in vulnerability discovery. In this paper, we introduce a novel testing framework for Cisco routers. Based on this framework, we first generate test cases with Semi-valid Fuzzing Test Cases Generator (SFTCG), which considerably improves the test effectiveness and code coverage. After that, we develop a new Fuzzer based on SFTCG and then emulate Cisco router in Dynamips, which makes it easy to interact with GDB or IDA Pro for debugging. In order to supervise the Target, we employ a Monitor Module to check the status of the router regularly. Finally, through the experiment on ICMP protocol in IOS, we find the released vulnerabilities of Ping of Death and Denial of Service, which demonstrates the effectiveness of our proposed Fuzzer.
Keywords :
computer network security; routing protocols; transport protocols; Cisco router mining; Denial of Service; GDB; ICMP protocol; IDA; IOS; SFTCG; dynamip; internet control message protocol; monitor module; network security; router security risk analysis; semivalid fuzzing test case generator; target supervision; Communication networks; Debugging; Monitoring; Routing protocols; Security; Testing; Cisco IOS; Fuzzing; SFTCG; Vulnerability;
Conference_Titel :
Systems and Informatics (ICSAI), 2014 2nd International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4799-5457-5
DOI :
10.1109/ICSAI.2014.7009366
