Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Online model-based behavioral fuzzing

 
: Schneider, Martin; Großmann, Jürgen; Schieferdecker, Ina; Pietschker, Andrej

:

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2013. Proceedings : 18-20 March 2013, Luxembourg, Luxembourg
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2013
ISBN: 978-1-4799-1324-4 (Print)
ISBN: 978-0-7685-4993-4
S.469-475
International Conference on Software Testing, Verification and Validation Workshops (ICSTW) <6, 2013, Luxembourg>
International Workshop on Security Testing (SECTEST) <4, 2013, Luxembourg>
International Workshop on Engineering Safety and Security Systems (ESSS) <2, 2013, Luxembourg>
Workshop on Mutation Analysis (Mutation) <8, 2013, Luxembourg>
Testing - Academic and Industrial Conference - Practice and Research Techniques (TAIC PART) <8, 2013, Luxembourg>
International Workshop on TESTing Techniques and Experimentation Benchmarks for Event-Driven Software (TESTBEDS) <4, 2013, Luxembourg>
Workshop on Advances in Model Based Testing (A-MOST) <9, 2013, Luxembourg>
Workshop on the Constraints in Software Testing, Verification and Analysis (CSTVA) <5, 2013, Luxembourg>
International Workshop on Combinatorial Testing (IWCT) <2, 2013, Luxembourg>
International Workshop on Regression Testing (Regression) <3, 2013, Luxembourg>
International Workshop on Search-Based Software Testing (SBST) <6, 2013, Luxembourg>
Englisch
Konferenzbeitrag
Fraunhofer FOKUS ()

Abstract
Fuzz testing or fuzzing is interface robustness testing by stressing the interface of a system under test (SUT) with invalid input data. It aims at finding security-relevant weaknesses in the implementation that may result in a crash of the system-under-test or anomalous behavior. Fuzzing means sending invalid input data to the SUT, the input space is usually huge. This is also true for behavioral fuzzing where invalid message sequences are submitted to the SUT. Because systems are getting more and more complex, testing a single invalid message sequence becomes more and more time consuming due to startup and initialization of the SUT. We present an approach to make the test execution for behavioral fuzz testing more efficient by generating test cases at runtime instead of before execution, focusing on interesting regions of a message sequence based on a previously conducted risk analysis and reducing the test space by integrating already retrieved test results in the test generation process.

: http://publica.fraunhofer.de/dokumente/N-255182.html