Busca avançada
Ano de início
Entree


Towards Improving Fuzzer Efficiency for the MQTT Protocol

Texto completo
Autor(es):
Araujo Rodriguez, Luis Gustavo ; Batista, Daniel Macedo ; IEEE
Número total de Autores: 3
Tipo de documento: Artigo Científico
Fonte: 26TH IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (IEEE ISCC 2021); v. N/A, p. 7-pg., 2021-01-01.
Resumo

MQTT's security has been a major concern because of its weak protocol implementations. Over the last few years, several fuzzing frameworks have been proposed to mitigate this issue. However, these frameworks lack sufficient knowledge of MQTT's specifications, requiring a considerable amount of network packets to cover all of its features and functionality. In this paper, we explain how to improve the efficiency of fuzzing frameworks for MQTT by using a grammar based on its specifications. Although defining a grammar is time-consuming and complex, these drawbacks are overshadowed by its benefits, such as deep state exploration and efficiency. Our improvements are implemented in MQTTGRAM, a new grammar-based fuzzer for MQTT. Due to these improvements, MQTTGRAM offers higher code coverage with significantly fewer packets than existing MQTT fuzzers. For instance, MQTTGRAM exchanges up to 9x fewer packets than its counterparts without reducing the line coverage. (AU)

Processo FAPESP: 14/50937-1 - INCT 2014: da Internet do Futuro
Beneficiário:Fabio Kon
Modalidade de apoio: Auxílio à Pesquisa - Temático
Processo FAPESP: 18/22979-2 - IoT-SED: segurança e eficiência no transporte de dados na Internet das Coisas
Beneficiário:Daniel Macêdo Batista
Modalidade de apoio: Auxílio à Pesquisa - Regular
Processo FAPESP: 18/23098-0 - MENTORED: da modelagem à experimentação - predizendo e detectando ataques DDoS e zero-day
Beneficiário:Michele Nogueira Lima
Modalidade de apoio: Auxílio à Pesquisa - Temático
Processo FAPESP: 15/24485-9 - Internet do futuro aplicada a cidades inteligentes
Beneficiário:Fabio Kon
Modalidade de apoio: Auxílio à Pesquisa - Temático