Title :
Automated Security Test Approach for SIP-based VoIP Softphones
Author :
Taber, Stefan ; Schanes, Christian ; Hlauschek, Clemens ; Fankhauser, Florian ; Grechenig, Thomas
Author_Institution :
Ind. Software (INSO), Vienna Univ. of Technol., Vienna, Austria
Abstract :
Voice over Internet Protocol based systems become more and more part of business critical IT infrastructures. To increase the robustness of voice applications, automated security testing is required to detect security vulnerabilities in an efficient way. In this paper we present a fuzzer framework to detect security vulnerabilities in Voice over Internet Protocol Softphones, which implement Session Initiation Protocol. The presented approach automates the Graphical User Interface interaction for softphones during fuzzing and also observes the behavior of the softphone Graphical User Interfaces to automatically detect application errors. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented fuzzer and some vulnerabilities were found that are only detectable by using Graphical User Interface observation.
Keywords :
Internet telephony; computer network security; graphical user interfaces; signalling protocols; SIP-based VoIP softphones; automated security test vulnerabilities; fuzzer framework; graphical user interface interaction; session initiation protocol; voice-over-internet protocol; Computer crashes; Graphical user interfaces; Monitoring; Protocols; Robustness; Security; Testing; Computer network security; Fuzzing; Graphical user interfaces; Internet telephony; Software testing;
Conference_Titel :
Advances in System Testing and Validation Lifecycle (VALID), 2010 Second International Conference on
Conference_Location :
Nice
Print_ISBN :
978-1-4244-7784-5
Electronic_ISBN :
978-0-7695-4146-4
DOI :
10.1109/VALID.2010.20
