Data Fuzzing with TTCN-3 Stephan Pietsch, Bogdan Stanca-Kaposta, Dr. Jacob Wieland, Dirk Tepelmann, Ju ̈ rgen Großmann, Martin Schneider TTCN-3 User.

Slides:

Advertisements

Similar presentations

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.

Advertisements

TTCN-3 Test Case Generation from arbitrary traces Capture & Replay Bogdan Stanca-Kaposta & Theofanis Vassiliou-Gioles (Testing Technologies)

Coding Standards for Java An Introduction. Why Coding Standards are Important? Coding Standards lead to greater consistency within your code and the code.

The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University

Tam Vu Remote Procedure Call CISC 879 – Spring 03 Tam Vu March 06, 03.

Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.

Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.

Introduction To System Analysis and Design

Fall 2007CS 225 Introduction to Software Design Chapter 1.

Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Testing Components in the Context of a System CMSC 737 Fall 2006 Sharath Srinivas.

CSE 219 COMPUTER SCIENCE III PROPERTIES OF HIGH QUALITY SOFTWARE.

Systems Analysis and Design in a Changing World, 6th Edition

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

Software Testing Introduction. Agenda Software Testing Definition Software Testing Objectives Software Testing Strategies Software Test Classifications.

Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.

Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.

Windows Server 2008 Chapter 11 Last Update

Testing RAVEN Helmut Neukirchen Faculty of Industrial Engineering, Mechanical Engineering and Computer Science University of Iceland, Reykjavík, Iceland.

Włodzimierz Funika, Filip Szura Automation of decision making for monitoring systems.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

The Design Discipline.

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

Why Analysis Process Refer to earlier chapters Models what the system will do makes it easier for understanding no environment considered (hence, system.

These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e (McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman.1.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

1 Chapter Eight Exception Handling. 2 Objectives Learn about exceptions and the Exception class How to purposely generate a SystemException Learn about.

© 2012 WIPRO LTD | 1 Version 1.0a, 23 rd April 2012 TTCN-3 Users Conference Practical integration of TTCN-3 with Robot test automation framework.

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Other Topics RPC & Middleware.

1 Chapter 38 RPC and Middleware. 2 Middleware  Tools to help programmers  Makes client-server programming  Easier  Faster  Makes resulting software.

 CS 5380 Software Engineering Chapter 8 Testing.

Slide 1 UML Review Chapter 2: Introduction to Object-Oriented Systems Analysis and Design with the Unified Modeling Language, Version 2.0 Alan Dennis,

Unified Modeling Language, Version 2.0

OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.

Interfacing Registry Systems December 2000.

11 Chapter 11 Object-Oriented Databases Database Systems: Design, Implementation, and Management 4th Edition Peter Rob & Carlos Coronel.

1 Cisco Unified Application Environment Developers Conference 2008© 2008 Cisco Systems, Inc. All rights reserved.Cisco Public Introduction to Etch Scott.

The complexity of modern software packages make exhaustive testing difficult. Automated testing can help to improve efficiency of the testing process.

TTCN-3 MOST Challenges Maria Teodorescu

Overview of Form and Javascript fundamentals. Brief matching exercise 1. This is the software that allows a user to access and view HTML documents 2.

S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.

16/11/ Semantic Web Services Language Requirements Presenter: Emilia Cimpian

SEG 4110 – Advanced Software Design and Reengineering Topic T Introduction to Refactoring.

1 Chapter 38 RPC and Middleware. 2 Middleware  Tools to help programmers  Makes client-server programming  Easier  Faster  Makes resulting software.

1 Lecture 15: Chapter 19 Testing Object-Oriented Applications Slide Set to accompany Software Engineering: A Practitioner’s Approach, 7/e by Roger S. Pressman.

International Telecommunication Union © ITU-T Study Group 17 Integrated Application of SDL Amardeo Sarma NEC Europe Ltd.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB Markus.

Chapter 11: Advanced Inheritance Concepts. Objectives Create and use abstract classes Use dynamic method binding Create arrays of subclass objects Use.

1 The Software Development Process ► Systems analysis ► Systems design ► Implementation ► Testing ► Documentation ► Evaluation ► Maintenance.

1 Software Engineering: A Practitioner’s Approach, 6/e Chapter 14b: Software Testing Techniques Software Engineering: A Practitioner’s Approach, 6/e Chapter.

Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results.

Execution ways of program References: www. en.wikipedia.org/wiki/Integrated_development_environment  You can execute or run a simple java program with.

Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.

TTCN-3 Testing and Test Control Notation Version 3.

Topic 4: Distributed Objects Dr. Ayman Srour Faculty of Applied Engineering and Urban Planning University of Palestine.

Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.

Anytype – what does it mean? Currently, anytype is a union of all known types in the context of the reference to the type anytype (excluding imported name-clashing.

Fuzzing Machine By Nikolaj Tolkačiov.

SE-1021 Software Engineering II

Managing The Internet of Things

Extension Package: Behaviour Types

Lecture 2 of Computer Science II

The role of the test organization in a Security Sensitive project

(Computer fundamental Lab)

Overview Activities from additional UP disciplines are needed to bring a system into being Implementation Testing Deployment Configuration and change management.

Performing Security Auditing In Hardware

Presentation transcript:

Data Fuzzing with TTCN-3 Stephan Pietsch, Bogdan Stanca-Kaposta, Dr. Jacob Wieland, Dirk Tepelmann, Ju ̈ rgen Großmann, Martin Schneider TTCN-3 User Conference 2012, Bangalore

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Authors Testing Technologies Stephan Pietsch Bogdan Stanca-Kaposta Dr. Jacob Wieland Dirk Tepelmann Fraunhofer FOKUS Ju ̈ rgen Großmann Martin Schneider This proposal was developed in the ITEA2 project DIAMONDS – Development and Industrial Application of Multi-Domain Security Testing Technologies 2

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Introduction TTCN-3 Is widely accepted in functional (protocol) testing in telecommunications Is pushed into new areas like Intelligent Transport Systems (ITS) or Internet of Things (IoT) Is pretty new to security testing Fuzzing Automated and efficient black-box testing method for finding software flaws Monitors a system for exceptional behavior (such as crashes, memory leaks) while stimulating it with large amounts of anomalous input data (random, invalid or unexpected) If the program fails, it indicates a bug in the software Is widely used for security testing Security testing aspects get more and more important in traditional TTCN-3 domains  Proposal of a Fuzz Extension Package for TTCN-3 3

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Proposal – Fuzz Extension Package Concentration on data fuzzing, i.e. generation of multiple variants to be sent, can be realized via loop constructs New construct fuzz function instance Similar to external function, but call is delayed until a specific value selected via send or valueof Fuzz function may declare formal parameters Fuzz function must declare a return type 4 fuzz function zf_UnicodeUtf8ThreeCharMutator( in template charstring param1) return charstring; fuzz function zf_RandomSelect( in template integer param1) return integer; fuzz function zf_UnicodeUtf8ThreeCharMutator( in template charstring param1) return charstring; fuzz function zf_RandomSelect( in template integer param1) return integer;

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Proposal – Fuzz Extension Package Fuzz function instance denotes a set of values Can only occur in value templates Used like a normal matching mechanism “instead of values” Single value will be selected in the event of Sending operation Invocation of valueof() operation 5 template myType myData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } myPort.send(myData); myPort.send(zf_UnicodeUtf8ThreeCharMutator(?)); var myType myVar := valueof(myData); template myType myData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } myPort.send(myData); myPort.send(zf_UnicodeUtf8ThreeCharMutator(?)); var myType myVar := valueof(myData);

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Examples 6 template myType myData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } template myType myData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } Used as “instead of values” in template declaration myPort.send(myData); Specific value selection at send time var myType myVar := valueof(myData); Specific value selection at invocation time of valueof() function myPort.send(zf_UnicodeUtf8ThreeCharMutator(?)); Immediate value selection as inline template Fuzz function declaration fuzz function zf_UnicodeUtf8ThreeCharMutator(in template charstring param1) return charstring; fuzz function zf_RandomSelect(in template integer param1) return integer; fuzz function zf_UnicodeUtf8ThreeCharMutator(in template charstring param1) return charstring; fuzz function zf_RandomSelect(in template integer param1) return integer;

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Seed Optional seed for the generation of random numbers Used to determine random selection To allow repeatability of fuzzed test cases One seed per test component Two new predefined functions To set the seed To read the current seed value 7 setseed(in float initialSeed) return float; getseed() return float; setseed(in float initialSeed) return float; getseed() return float;

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © TCI Extension – tciFuzzySelect Fuzz function implemented as a runtime extension in TTCN-3 Test Control Interface (TCI)  tciFuzzySelect() Called by the Test Environment (TE) for each fuzz function instance at the moment a template is sent or evaluated by use of valueof() To compute the concrete value a randomized approach could be used using the given seed External data fuzzers might be used to achieve better results  intelligent application/protocol based fuzzing with Data Fuzzing Library 8

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © tciFuzzySelect Synopsis 9

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Data Fuzzing Library Makes traditional data fuzzing widely available Eases integration into tools without deep knowledge about fuzz data generation Allows data fuzzing without the need for Making familiar with a specific fuzzing tool Integrating further fuzzing tools into the test process Approach Don’t reinvent the wheel, use the potential of existing fuzzing tools Peach Sulley OWASP WebScarab Extract their fuzzing generators and operators into a library (reimplementation in Java) 10

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Architecture 11

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Generators and Operators 12 G – Generator O – Operator

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Summary Fuzz testing is a commonly used method to test for security problems The purpose of fuzzing is to reveal implementation vulnerabilities by triggering failure modes Light-weight extension to the TTCN-3 standard supports fuzzing while maximizing its usability for existing TTCN-3 users While simple dump random fuzzing often causes poor results, intelligent application/protocol based fuzzing is much more powerful To support application/protocol based fuzz generators a TCI extension allows integration of external data fuzzers 13

Copyright Testing Technologies Confidential Information. All Rights Reserved. More Information at © Thank you! Questions? 14