Data Fuzzing with TTCN-3 - PowerPoint PPT Presentation

urian
data fuzzing with ttcn 3 n.
Skip this Video
Loading SlideShow in 5 Seconds..
 Data Fuzzing with TTCN-3 PowerPoint Presentation
Download Presentation
 Data Fuzzing with TTCN-3

play fullscreen
1 / 13
Download Presentation
 Data Fuzzing with TTCN-3
139 Views
Download Presentation

 Data Fuzzing with TTCN-3

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Data Fuzzing with TTCN-3 Stephan Pietsch, BogdanStanca-Kaposta, Dr. Jacob Wieland, Dirk Tepelmann, JürgenGroßmann, Martin Schneider TTCN-3 User Conference 2012, Bangalore

  2. Authors • Testing Technologies • Stephan Pietsch • BogdanStanca-Kaposta • Dr. Jacob Wieland • Dirk Tepelmann • Fraunhofer FOKUS • JürgenGroßmann • Martin Schneider • This proposal was developed in the ITEA2 project DIAMONDS – Development and Industrial Application of Multi-Domain Security Testing Technologieshttp://www.itea2-diamonds.org

  3. Introduction • TTCN-3 • Is widely accepted in functional (protocol) testing in telecommunications • Is pushed into new areas like Intelligent Transport Systems (ITS) or Internet of Things (IoT) • Is pretty new to security testing • Fuzzing • Automated and efficient black-box testing method for finding software flaws • Monitors a system for exceptional behavior (such as crashes, memory leaks) while stimulating it with large amounts of anomalous input data (random, invalid or unexpected) • If the program fails, it indicates a bug in the software • Is widely used for security testing • Security testing aspects get more and more important in traditional TTCN-3 domains  Proposal of a Fuzz Extension Package for TTCN-3

  4. Proposal – Fuzz Extension Package • Concentration on data fuzzing, i.e. generation of multiple variants to be sent, can be realized via loop constructs • New construct fuzz function instance • Similar to external function, but call is delayed until a specific value selected via send or valueof • Fuzz function may declare formal parameters • Fuzz function must declare a return type fuzz function zf_UnicodeUtf8ThreeCharMutator(in template charstringparam1) return charstring; fuzz function zf_RandomSelect(in template integer param1) return integer;

  5. Proposal – Fuzz Extension Package • Fuzz function instance denotes a set of values • Can only occur in value templates • Used like a normal matching mechanism “instead of values” • Single value will be selected in the event of • Sending operation • Invocation of valueof() operation templatemyTypemyData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } myPort.send(myData); myPort.send(zf_UnicodeUtf8ThreeCharMutator(?)); varmyTypemyVar := valueof(myData);

  6. Seed • Optional seed for the generation of random numbers • Used to determine random selection • To allow repeatability of fuzzed test cases • One seed per test component • Two new predefined functions • To set the seed • To read the current seed value setseed(in float initialSeed) return float; getseed() return float;

  7. TCI Extension – tciFuzzySelect • Fuzz function implemented as a runtime extension in TTCN-3 Test Control Interface (TCI)  tciFuzzySelect() • Called by the Test Environment (TE) for each fuzz function instance at the moment a template is sent or evaluated by use of valueof() • To compute the concrete value a randomized approach could be used using the given seed • External data fuzzers might be used to achieve better results  intelligent application/protocol based fuzzing with Data Fuzzing Library

  8. tciFuzzySelect Synopsis

  9. Data Fuzzing Library • Makes traditional data fuzzing widely available • Eases integration into tools without deep knowledge about fuzz data generation • Allows data fuzzing without the need for • Making familiar with a specific fuzzing tool • Integrating further fuzzing tools into the test process • Approach • Don’t reinvent the wheel, use the potential of existing fuzzing tools Peach Sulley OWASP WebScarab • Extract their fuzzing generators and operators into a library (reimplementation in Java)

  10. Architecture

  11. Generators and Operators G – Generator O – Operator

  12. Summary • Fuzz testing is a commonly used method to test for security problems • The purpose of fuzzing is to reveal implementation vulnerabilities by triggering failure modes • Light-weight extension to the TTCN-3 standard supports fuzzing while maximizing its usability for existing TTCN-3 users • While simple dump random fuzzing often causes poor results, intelligent application/protocol based fuzzing is much more powerful • To support application/protocol based fuzz generators a TCI extension allows integration of external data fuzzers

  13. Thank you! Questions?