模糊测试
计算机科学
黑匣子
有状态防火墙
安全性测试
白盒测试
可靠性
代码覆盖率
测试用例
程序设计语言
机器学习
人工智能
计算机安全
软件工程
操作系统
软件
云计算
安全信息和事件管理
软件建设
回归分析
云安全计算
网络数据包
软件系统
作者
Andrea Pferscher,Bernhard K. Aichernig
标识
DOI:10.1007/978-3-031-06773-0_20
摘要
AbstractFuzzing (aka fuzz testing) shows promising results in security testing. The advantage of fuzzing is the relatively simple applicability compared to comprehensive manual security analysis. However, the effectiveness of black-box fuzzing is hard to judge since the internal structure of the system under test is unknown. Hence, in-depth behavior might not be covered by fuzzing. This paper aims at overcoming the limitations of black-box fuzzing. We present a stateful black-box fuzzing technique that uses a behavioral model of the system under test. Instead of manually creating the model, we apply active automata learning to automatically infer the model. Our framework generates a test suite for fuzzing that includes valid and invalid inputs. The goal is to explore unexpected behavior. For this, we test for conformance between the learned model and the system under test. Additionally, we analyze behavioral differences using the learned state information. In a case study, we evaluate implementations of the Bluetooth Low Energy (BLE) protocol on physical devices. The results reveal security and dependability issues in the tested devices leading to crashes of four out of six devices.KeywordsAutomata learningFuzz testingModel-based fuzzingBluetooth Low Energy
科研通智能强力驱动
Strongly Powered by AbleSci AI