Online Model-Based Behavioral Fuzzing

被引:14
|
作者
Schneider, Martin [1 ]
Grossmann, Juergen [1 ]
Schieferdecker, Ina [1 ]
Pietschker, Andrej [2 ]
机构
[1] Fraunhofer FOKUS, Kaiserin Augusta Allee 31, D-10589 Berlin, Germany
[2] Giesecke & Devrient GmbH, D-81677 Munich, Germany
来源
IEEE SIXTH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2013) | 2013年
关键词
Model-based Testing; Security Testing; Test Generation; Test Execution; Behavioral Fuzzing;
D O I
10.1109/ICSTW.2013.61
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Fuzz testing or fuzzing is interface robustness testing by stressing the interface of a system under test (SUT) with invalid input data. It aims at finding security-relevant weaknesses in the implementation that may result in a crash of the system-under-test or anomalous behavior. Fuzzing means sending invalid input data to the SUT, the input space is usually huge. This is also true for behavioral fuzzing where invalid message sequences are submitted to the SUT. Because systems are getting more and more complex, testing a single invalid message sequence becomes more and more time consuming due to startup and initialization of the SUT. We present an approach to make the test execution for behavioral fuzz testing more efficient by generating test cases at runtime instead of before execution, focusing on interesting regions of a message sequence based on a previously conducted risk analysis and reducing the test space by integrating already retrieved test results in the test generation process.
引用
收藏
页码:469 / 475
页数:7
相关论文
共 50 条
  • [1] A Model-Based Behavioral Fuzzing Approach for Network Service
    Wang, Jiajie
    Guo, Tao
    Zhang, Puhan
    Xiao, Qixue
    2013 THIRD INTERNATIONAL CONFERENCE ON INSTRUMENTATION & MEASUREMENT, COMPUTER, COMMUNICATION AND CONTROL (IMCCC), 2013, : 1129 - 1134
  • [2] A Model-Based Fuzzing Approach for DBMS
    Wang, Jiajie
    Zhang, Puhan
    Zhang, Lei
    Zhu, Haowen
    Ye, Xiaojun
    2013 8TH INTERNATIONAL ICST CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA (CHINACOM), 2013, : 426 - 431
  • [3] Model-Based Whitebox Fuzzing for Program Binaries
    Van-Thuan Pham
    Bohme, Marcel
    Roychoudhury, Abhik
    2016 31ST IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE), 2016, : 543 - 553
  • [4] WinkFuzz: Model-based Script Synthesis for Fuzzing
    Liu, Zian
    Chen, Chao
    Ahmed, Ejaz
    Zhang, Jun
    Liu, Dongxi
    THIRD INTERNATIONAL WORKSHOP ON ADVANCED SECURITY ON SOFTWARE AND SYSTEMS, ASSS 2023, 2023,
  • [5] Model-Based Grey-Box Fuzzing of Network Protocols
    Pan, Yan
    Lin, Wei
    Jiao, Liang
    Zhu, Yuefei
    SECURITY AND COMMUNICATION NETWORKS, 2022, 2022
  • [6] Model-based Behavioral Attestation
    Alam, Masoom
    All, Tamleek
    Zhang, Xinwen
    Seifert, Jean-Pierre
    Nauman, Mohammad
    SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2008, : 175 - 184
  • [7] Model-Based Online Learning With Kernels
    Li, Guoqi
    Wen, Changyun
    Li, Zheng Guo
    Zhang, Aimin
    Yang, Feng
    Mao, Kezhi
    IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS, 2013, 24 (03) : 356 - 369
  • [8] Internal Model-Based Online Optimization
    Bastianello, Nicola
    Carli, Ruggero
    Zampieri, Sandro
    IEEE TRANSACTIONS ON AUTOMATIC CONTROL, 2024, 69 (01) : 689 - 696
  • [9] Model-based online learning of POMDPs
    Shani, G
    Brafman, RI
    Shimony, SE
    MACHINE LEARNING: ECML 2005, PROCEEDINGS, 2005, 3720 : 353 - 364
  • [10] T-Fuzz: Model-Based Fuzzing for Robustness Testing of Telecommunication Protocols
    Johansson, William
    Svensson, Martin
    Larson, Ulf E.
    Almgren, Magnus
    Gulisano, Vincenzo
    2014 IEEE SEVENTH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), 2014, : 323 - 332
12345