Skip to main content

Security Testing of Optical Networking Equipment

Optical networks are a critical part of today's infrastructure, from 5G to residential access, that must be protected. A connecting device or group of devices with malicious intent should not be able to disrupt network operations under any circumstance.

The nodes that make up modern optical networks need to be manageable, upgradeable and possible to monitor, all from a distance. In addition, their features and software components should be modular. They are also expected to support a large variety of protocols on various interfaces. In short, the nodes are complex software systems. And where there is software, there are bugs and possibly even vulnerabilities.

Security testing is the first line of defense against attackers. Software becomes more secure if bugs and vulnerabilities are found at an early stage in the development cycle, before the software is deployed.

But how do you find vulnerabilities which you don't know that you have? In this project we investigate how experimental and state-of-the-art methods for automated test case generation can be used to assess the security of next-generation optical networking equipment. We are concerned both with functional verification and with the performance aspect to prevent overloading attacks.

Publications

L. Fernandez and G. Karlsson, Squashing Resource Exhaustion Bugs with Black-box Fuzzing and Reinforcement Learning, The 7th International Conference on System Reliability and Safety, Bologna, Italy, 2023

L. Fernandez and G. Karlsson, Black-box Fuzzing for Security in Managed Networks: An Outline, IEEE Networking Letters, 2023

L. Fernandez and G. Karlsson, Fuzz Testing for Code Injection Vulnerabilities in Network Management Systems, Proc. IEEE The 8th International Conference on System Reliability and Safety, Sicily, Italy, 2024

L. Fernandez and G. Karlsson, Measuring the Impact of Fuzzing Activity in Networking Software, The 40th ACM/SIGAPP Symposium on Applied Computing Sicily, Italy, 2025

Leon Fernandez, Black-Box Fuzz Testing for Security in Service-Provider Networks, Licentiate Thesis, KTH Royal Institute of Technology, 2026

L. Fernandez and G. Karlsson, "Black-box Fuzzing for Security in Managed Networks: An Outline," i IEEE Networking Letters, doi: