Options
2012
Conference Paper
Titel
Model-based fuzz testing
Abstract
The European ITEA2 project DIAMONDS (Development and Industrial Application of Multi-Domain Security Testing Technologies) develops under the direction of Fraunhofer FOKUS, Berlin efficient and automated security test methods for security-critical, networked systems in various industrial domains such as industrial automation, banking and telecommunications. DIAMONDS develops methods to design objective, transparent, repeatable, and automated security tests that focus on system specifications and related risks. The project goals include the development of a security test pattern catalogue and the development of model-based security testing techniques such as risk-based testing and model-based fuzz testing. The project results are made available through publications and contributions to the standardization at ETSI and other standardization bodies. The presentation focusses on model-based fuzz testing, reviews the state of the art, compare it to similar approaches such as mutation testing, and presents first results on behaviour fuzzing for security testing.