When time meets test

One of the main challenges in system’s development is to give a proof of evidence that its functionalities are correctly implemented. This objective is mostly achieved via testing techniques, which include software testing to check whether a system meets its functionalities, or security testing to express what should not happen. For the latter case, fuzzing is considered as first class citizen. It consists in exercising the system with (randomly) generated and eventually modified inputs in order to test its resistance. While fuzzing is definitively the fastest and the easiest way for testing applications, it suffers from severe limitations. Indeed, the precision of the model used for input generation: a random and/or simple model cannot reach all states and significant values. Moreover, a higher model precision can result in a combinatorial explosion of test cases. In this paper, we suggest a new approach whose main ingredient is to combine timing attacks with fuzzing techniques. This new approach, which is dedicated to work on Java Card, allows not only reducing the test space explosion, but also to simplify the fuzzing process configuration. The technique has been implemented, and we present the results obtained on two applets loaded in a Java Card.