2 research outputs found
Comparing Fuzzers on a Level Playing Field with FuzzBench
Fuzzing is a testing approach commonly used in
industry to discover bugs in a given software under test (SUT).
It consists of running a SUT iteratively with randomly generated
(or mutated) inputs, in order to find as many as possible
inputs that make the SUT crash. Many fuzzers have been
proposed to date, however no consensus has been reached on
how to properly evaluate and compare fuzzers. In this work we
evaluate and compare nine prominent fuzzers by carrying out a
thorough empirical study based on an open-source framework
developed by Google, namely FuzzBench, and a manually curated
benchmark suite of 12 real-world software systems. The results
show that honggfuzz and AFL++ are, in that order, the best
choices in terms of general purpose fuzzing effectiveness. The
results also show that none of the fuzzers outperforms the others
in terms of efficiency across all considered metrics, that no
particular bug affinity is found for any fuzzer, and that the
correlation found between coverage and number of bugs depends
more on the SUT rather than on the fuzzer used
Onion Spoofing: a Novel Technique for Observing Exit Node Traffic for Correlation Attacks
Tor is a tool that is used by 2,000,000 users every day for anonymous internet activity like
anonymous web browsing. But, Tor’s suitability for web browsing is not only a cause for its
popularity it is also a cause of its biggest weakness. Because Tor is fast enough for web browsing,
it is vulnerable to traffic correlation. Traffic correlation is an attack on anonymity where an
attacker observing both ends of a victim’s Tor connection can determine that both of these ends
are “correlated”, thus revealing who the victim is communicating with. This revelation makes the
victim’s communication no longer anonymous. Past research has shown that Tor nodes, Autonomous
Systems (AS), and Internet Exchange Points (IXPs) can perform correlation attacks. In this paper
we introduce “Onion Spoofing” an attack that uses DNS spoofing to intercept and observe traffic
sent out of Tor by exit nodes. We then describe our implementation of Onion Spoofing and how we
used it to perform correlation attacks to deanonymize Tor users in experimental settings. After this
description, we share measurements we took of the Tor Network. These show that 91% of Tor exits
are vulnerable to Onion Spoofing. We also found that 31% of Tor connections at any given time
vulnerable to Onion Spoofing by Google. After demonstrating that Onion Spoofing is a threat to
anonymity, we suggest mitigations and make recommendations for future work to improve Onion
Spoofing