Yonghao Zou (Beihang University and Peking University), Jia-Ju Bai (Beihang University), Zu-Ming Jiang (ETH Zurich), Ming Zhao (Arizona State University), Diyu Zhou (Peking University)

This paper presents DistFuzz, which, to our knowledge, is the first feedback-guided blackbox fuzzing framework for distributed systems. The novelty of DistFuzz comes from two conceptual contributions on key aspects of distributed system fuzzing: the input space and feedback metrics. Specifically, unlike prior work that focuses on systematically mutating faults, exploiting the request-driven and timing-dependence nature of distributed systems, DistFuzz proposes a multi-dimensional input space by incorporating regular events and relative timing among events as the other two dimensions. Furthermore, observing that important state changes in distributed systems can be indicated by network messages among nodes, DistFuzz utilizes the sequences of network messages with symmetry-based pruning as program feedback, which departs from the conventional wisdom that effective feedback requires code instrumentation/analysis and/or user inputs. DistFuzz finds 52 real bugs in ten popular distributed systems in C/C++, Go, and Java. Among these bugs, 28 have been confirmed by the developers, 20 were unknown before, and 4 have been assigned with CVEs.

View More Papers

YuraScanner: Leveraging LLMs for Task-driven Web App Scanning

Aleksei Stafeev (CISPA Helmholtz Center for Information Security), Tim Recktenwald (CISPA Helmholtz Center for Information Security), Gianluca De Stefano (CISPA Helmholtz Center for Information Security), Soheil Khodayari (CISPA Helmholtz Center for Information Security), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security)

Read More

ReThink: Reveal the Threat of Electromagnetic Interference on Power...

Fengchen Yang (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Labratory), Zihao Dan (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Labratory), Kaikai Pan (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Labratory), Chen Yan (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Labratory), Xiaoyu Ji (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Labratory), Wenyuan Xu (Zhejiang University; ZJU…

Read More

A Field Study to Uncover and a Tool to...

Leon Kersten (Eindhoven University of Technology), Kim Beelen (Eindhoven University of Technology), Emmanuele Zambon (Eindhoven University of Technology), Chris Snijders (Eindhoven University of Technology), Luca Allodi (Eindhoven University of Technology)

Read More

LeoCommon – A Ground Station Observatory Network for LEO...

Eric Jedermann, Martin Böh (University of Kaiserslautern), Martin Strohmeier (armasuisse Science & Technology), Vincent Lenders (Cyber-Defence Campus, armasuisse Science & Technology), Jens Schmitt (University of Kaiserslautern)

Read More