ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing

Abstract

This paper proposes a new automated fuzzing tool “ReqsMiner” to discover CDN forwarding request inconsistencies.

Publication
In Proceedings of the 31st Annual Network and Distributed System Security Symposium. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%)

Overview

This paper proposes a new automated fuzzing tool “ReqsMiner” to discover CDN forwarding request inconsistencies.

More details coming soon…

Xiang Li
Xiang Li
Ph.D. Candidate in Cyberspace Security (Tsinghua University)

Xiang Li is a 5th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy with 15 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P, USENIX Security, CCS, NDSS, and Black Hat (Asia, USA, and Europe). He has obtained over 180 CVE/CNVD vulnerability numbers, more than $11,600 rewards, 290+ GitHub stars, multiple CERT reports, 60+ news coverage, and RFC acknowledgement. He got multiple prizes, such as 1st prize of IPv6 Technology Application Innovation Competition, Tsinghua Outstanding Scholarship, LongFor Excellent Scholarship, National Scholarship, and 2nd prize of GeekCon 2023 DAF Contest.