Title :
A Model-Based Fuzz Framework to the Security Testing of TCG Software Stack Implementations
Author :
Yang, Yang ; Zhang, Huanguo ; Pan, Mi ; Yang, Jian ; He, Fan ; Li, Zhide
Author_Institution :
Sch. of Comput., Wuhan Univ., Wuhan, China
Abstract :
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally fuzz testing tools use random inputs and watch the resulting values. In this paper, we present a model-based fuzz framework for systematic automated testing of a TCG trusted software stack implementation. This framework is based on blackbox fuzz testing methods, integrated with target profiling, data modeling and test algorithm etc. With the generation of smart, semantic-aware test cases, a more complete and deep testing can be provided. We also demonstrate the use of our model-based fuzz framework which can identity several vulnerabilities in some form of TSS implementation.
Keywords :
program testing; security of data; software tools; TCG trusted software stack implementation; blackbox fuzz testing methods; data modeling; fuzz testing tools; model-based fuzz framework; security testing; security vulnerabilities; semantic-aware test cases; systematic automated testing; target profiling; test algorithm; Aerospace testing; Automatic testing; Computer networks; Computer security; Cryptography; Information security; Libraries; Simple object access protocol; Software quality; Software testing; Trusted computing; fault injection; fuzz framework; software security testing; syntax model;
Conference_Titel :
Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
Conference_Location :
Hubei
Print_ISBN :
978-0-7695-3843-3
Electronic_ISBN :
978-1-4244-5068-8
DOI :
10.1109/MINES.2009.111
