A Model-Based Fuzz Framework to the Security Testing of TCG Software Stack Implementations

Author

Yang, Yang ; Zhang, Huanguo ; Pan, Mi ; Yang, Jian ; He, Fan ; Li, Zhide

Author_Institution

Sch. of Comput., Wuhan Univ., Wuhan, China

Volume

1

fYear

2009

fDate

18-20 Nov. 2009

Firstpage

149

Lastpage

152

Abstract

Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally fuzz testing tools use random inputs and watch the resulting values. In this paper, we present a model-based fuzz framework for systematic automated testing of a TCG trusted software stack implementation. This framework is based on blackbox fuzz testing methods, integrated with target profiling, data modeling and test algorithm etc. With the generation of smart, semantic-aware test cases, a more complete and deep testing can be provided. We also demonstrate the use of our model-based fuzz framework which can identity several vulnerabilities in some form of TSS implementation.

Keywords

program testing; security of data; software tools; TCG trusted software stack implementation; blackbox fuzz testing methods; data modeling; fuzz testing tools; model-based fuzz framework; security testing; security vulnerabilities; semantic-aware test cases; systematic automated testing; target profiling; test algorithm; Aerospace testing; Automatic testing; Computer networks; Computer security; Cryptography; Information security; Libraries; Simple object access protocol; Software quality; Software testing; Trusted computing; fault injection; fuzz framework; software security testing; syntax model;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia Information Networking and Security, 2009. MINES '09. International Conference on

Conference_Location

Hubei

Print_ISBN

978-0-7695-3843-3

Electronic_ISBN

978-1-4244-5068-8

Type

conf

DOI

10.1109/MINES.2009.111

Filename

5368443