1 / 13

 Data Fuzzing with TTCN-3

 Data Fuzzing with TTCN-3. Stephan Pietsch, Bogdan Stanca-Kaposta , Dr. Jacob Wieland, Dirk Tepelmann , Jürgen Großmann , Martin Schneider. TTCN-3 User Conference 2012, Bangalore. Authors. Testing Technologies Stephan Pietsch Bogdan Stanca- Kaposta Dr . Jacob Wieland

urian
Download Presentation

 Data Fuzzing with TTCN-3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Fuzzing with TTCN-3 Stephan Pietsch, BogdanStanca-Kaposta, Dr. Jacob Wieland, Dirk Tepelmann, JürgenGroßmann, Martin Schneider TTCN-3 User Conference 2012, Bangalore

  2. Authors • Testing Technologies • Stephan Pietsch • BogdanStanca-Kaposta • Dr. Jacob Wieland • Dirk Tepelmann • Fraunhofer FOKUS • JürgenGroßmann • Martin Schneider • This proposal was developed in the ITEA2 project DIAMONDS – Development and Industrial Application of Multi-Domain Security Testing Technologieshttp://www.itea2-diamonds.org

  3. Introduction • TTCN-3 • Is widely accepted in functional (protocol) testing in telecommunications • Is pushed into new areas like Intelligent Transport Systems (ITS) or Internet of Things (IoT) • Is pretty new to security testing • Fuzzing • Automated and efficient black-box testing method for finding software flaws • Monitors a system for exceptional behavior (such as crashes, memory leaks) while stimulating it with large amounts of anomalous input data (random, invalid or unexpected) • If the program fails, it indicates a bug in the software • Is widely used for security testing • Security testing aspects get more and more important in traditional TTCN-3 domains  Proposal of a Fuzz Extension Package for TTCN-3

  4. Proposal – Fuzz Extension Package • Concentration on data fuzzing, i.e. generation of multiple variants to be sent, can be realized via loop constructs • New construct fuzz function instance • Similar to external function, but call is delayed until a specific value selected via send or valueof • Fuzz function may declare formal parameters • Fuzz function must declare a return type fuzz function zf_UnicodeUtf8ThreeCharMutator(in template charstringparam1) return charstring; fuzz function zf_RandomSelect(in template integer param1) return integer;

  5. Proposal – Fuzz Extension Package • Fuzz function instance denotes a set of values • Can only occur in value templates • Used like a normal matching mechanism “instead of values” • Single value will be selected in the event of • Sending operation • Invocation of valueof() operation templatemyTypemyData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } myPort.send(myData); myPort.send(zf_UnicodeUtf8ThreeCharMutator(?)); varmyTypemyVar := valueof(myData);

  6. Seed • Optional seed for the generation of random numbers • Used to determine random selection • To allow repeatability of fuzzed test cases • One seed per test component • Two new predefined functions • To set the seed • To read the current seed value setseed(in float initialSeed) return float; getseed() return float;

  7. TCI Extension – tciFuzzySelect • Fuzz function implemented as a runtime extension in TTCN-3 Test Control Interface (TCI)  tciFuzzySelect() • Called by the Test Environment (TE) for each fuzz function instance at the moment a template is sent or evaluated by use of valueof() • To compute the concrete value a randomized approach could be used using the given seed • External data fuzzers might be used to achieve better results  intelligent application/protocol based fuzzing with Data Fuzzing Library

  8. tciFuzzySelect Synopsis

  9. Data Fuzzing Library • Makes traditional data fuzzing widely available • Eases integration into tools without deep knowledge about fuzz data generation • Allows data fuzzing without the need for • Making familiar with a specific fuzzing tool • Integrating further fuzzing tools into the test process • Approach • Don’t reinvent the wheel, use the potential of existing fuzzing tools Peach Sulley OWASP WebScarab • Extract their fuzzing generators and operators into a library (reimplementation in Java)

  10. Architecture

  11. Generators and Operators G – Generator O – Operator

  12. Summary • Fuzz testing is a commonly used method to test for security problems • The purpose of fuzzing is to reveal implementation vulnerabilities by triggering failure modes • Light-weight extension to the TTCN-3 standard supports fuzzing while maximizing its usability for existing TTCN-3 users • While simple dump random fuzzing often causes poor results, intelligent application/protocol based fuzzing is much more powerful • To support application/protocol based fuzz generators a TCI extension allows integration of external data fuzzers

  13. Thank you! Questions?

More Related