{"id":91,"date":"2023-12-06T13:55:23","date_gmt":"2023-12-06T12:55:23","guid":{"rendered":"https:\/\/project.inria.fr\/protofuzz\/?page_id=91"},"modified":"2024-05-29T12:00:11","modified_gmt":"2024-05-29T10:00:11","slug":"results","status":"publish","type":"page","link":"https:\/\/project.inria.fr\/protofuzz\/results\/","title":{"rendered":"Results"},"content":{"rendered":"<h2 class=\"wp-block-heading\">Publications<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Max Ammann, Lucca Hirschi, Steve Kremer. <a rel=\"noreferrer noopener\" href=\"https:\/\/eprint.iacr.org\/2023\/57\" target=\"_blank\">DY Fuzzing: Formal Dolev-Yao Models Meet Protocol Fuzz Testing<\/a>. <strong><a href=\"https:\/\/sp2024.ieee-security.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">IEEE Security &amp; Privacy<\/a><\/strong>, 2024.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Tools<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" href=\"https:\/\/tlspuffin.github.io\/\" target=\"_blank\">tlspuffin<\/a>: We developed with Max Ammann (main developer, security engineer at Trail of Bits), Tom Gouville (PhD student), and Michael Mera (research engineer) a fuzzer implementing a novel model-guided kind of fuzzer. The novel idea is to use the security-related domain-specific Dolev-Yao formal model to guide the fuzzer towards finding logical attacks in security protocols. See our <a href=\"https:\/\/tlspuffin.github.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">tool website<\/a>.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">News<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><em>[November 2023]<\/em> New <a rel=\"noreferrer noopener\" href=\"https:\/\/eprint.iacr.org\/2023\/57\" target=\"_blank\">paper<\/a> accepted at Security &amp; Privacy&#8217;24 where we propose a new fuzzing technique we called Dolev-Yao model-guided Fuzzing. We provide a full-fledged implementation of such a DY fuzzer in Rust with our tool <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/tlspuffin\/tlspuffin\" target=\"_blank\">tlspuffin<\/a>, which found four new CVEs on <a rel=\"noreferrer noopener\" href=\"https:\/\/www.wolfssl.com\/\" target=\"_blank\">WolfSSL<\/a>, including one critical and two high CVEs. See our <a href=\"https:\/\/tlspuffin.github.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">project website<\/a>, <a rel=\"noreferrer noopener\" href=\"https:\/\/www.youtube.com\/watch?v=dOZ3sKoZvvs\" target=\"_blank\">recorded talk,<\/a> or <a href=\"https:\/\/tlspuffin.github.io\/assets\/files\/SP24_Poster-f90cdd5b2df492a64fa18089c98a7b2e.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">poster<\/a>.<\/li><li><em>[January 2023]<\/em> The ProtoFuzz project (2023-2027) was funded by the ANR (280k euros) as a JCJC project (individual research projects coordinated by young researchers). <strong>We are looking for students (research interns, PhD students), postdocs, and engineers to join this research effort. In case you are interested, contact <a rel=\"noreferrer noopener\" href=\"https:\/\/members.loria.fr\/LHirschi\/\" target=\"_blank\">Lucca Hirschi<\/a> via email.<\/strong><\/li><\/ul>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Publications Max Ammann, Lucca Hirschi, Steve Kremer. DY Fuzzing: Formal Dolev-Yao Models Meet Protocol Fuzz Testing. IEEE Security &amp; Privacy, 2024. Tools tlspuffin: We developed with Max Ammann (main developer, security engineer at Trail of Bits), Tom Gouville (PhD student), and Michael Mera (research engineer) a fuzzer implementing a novel\u2026<\/p>\n<p> <a class=\"continue-reading-link\" href=\"https:\/\/project.inria.fr\/protofuzz\/results\/\"><span>Continue reading<\/span><i class=\"crycon-right-dir\"><\/i><\/a> <\/p>\n","protected":false},"author":2145,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-91","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/project.inria.fr\/protofuzz\/wp-json\/wp\/v2\/pages\/91","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/project.inria.fr\/protofuzz\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/project.inria.fr\/protofuzz\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/project.inria.fr\/protofuzz\/wp-json\/wp\/v2\/users\/2145"}],"replies":[{"embeddable":true,"href":"https:\/\/project.inria.fr\/protofuzz\/wp-json\/wp\/v2\/comments?post=91"}],"version-history":[{"count":5,"href":"https:\/\/project.inria.fr\/protofuzz\/wp-json\/wp\/v2\/pages\/91\/revisions"}],"predecessor-version":[{"id":113,"href":"https:\/\/project.inria.fr\/protofuzz\/wp-json\/wp\/v2\/pages\/91\/revisions\/113"}],"wp:attachment":[{"href":"https:\/\/project.inria.fr\/protofuzz\/wp-json\/wp\/v2\/media?parent=91"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}