Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Data Fuzzing with TTCN-3 Stephan Pietsch, Bogdan Stanca-Kaposta, Dr. Jacob Wieland, Dirk Tepelmann, Ju ̈ rgen Großmann, Martin Schneider TTCN-3 User.

Published byVivien Summers Modified over 8 years ago

Similar presentations

Presentation on theme: " Data Fuzzing with TTCN-3 Stephan Pietsch, Bogdan Stanca-Kaposta, Dr. Jacob Wieland, Dirk Tepelmann, Ju ̈ rgen Großmann, Martin Schneider TTCN-3 User."— Presentation transcript:

1  Data Fuzzing with TTCN-3 Stephan Pietsch, Bogdan Stanca-Kaposta, Dr. Jacob Wieland, Dirk Tepelmann, Ju ̈ rgen Großmann, Martin Schneider TTCN-3 User Conference 2012, Bangalore

2 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Authors Testing Technologies Stephan Pietsch Bogdan Stanca-Kaposta Dr. Jacob Wieland Dirk Tepelmann Fraunhofer FOKUS Ju ̈ rgen Großmann Martin Schneider This proposal was developed in the ITEA2 project DIAMONDS – Development and Industrial Application of Multi-Domain Security Testing Technologies http://www.itea2-diamonds.org http://www.itea2-diamonds.org 2

3 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Introduction TTCN-3 Is widely accepted in functional (protocol) testing in telecommunications Is pushed into new areas like Intelligent Transport Systems (ITS) or Internet of Things (IoT) Is pretty new to security testing Fuzzing Automated and efficient black-box testing method for finding software flaws Monitors a system for exceptional behavior (such as crashes, memory leaks) while stimulating it with large amounts of anomalous input data (random, invalid or unexpected) If the program fails, it indicates a bug in the software Is widely used for security testing Security testing aspects get more and more important in traditional TTCN-3 domains  Proposal of a Fuzz Extension Package for TTCN-3 3

4 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Proposal – Fuzz Extension Package Concentration on data fuzzing, i.e. generation of multiple variants to be sent, can be realized via loop constructs New construct fuzz function instance Similar to external function, but call is delayed until a specific value selected via send or valueof Fuzz function may declare formal parameters Fuzz function must declare a return type 4 fuzz function zf_UnicodeUtf8ThreeCharMutator( in template charstring param1) return charstring; fuzz function zf_RandomSelect( in template integer param1) return integer; fuzz function zf_UnicodeUtf8ThreeCharMutator( in template charstring param1) return charstring; fuzz function zf_RandomSelect( in template integer param1) return integer;

5 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Proposal – Fuzz Extension Package Fuzz function instance denotes a set of values Can only occur in value templates Used like a normal matching mechanism “instead of values” Single value will be selected in the event of Sending operation Invocation of valueof() operation 5 template myType myData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } myPort.send(myData); myPort.send(zf_UnicodeUtf8ThreeCharMutator(?)); var myType myVar := valueof(myData); template myType myData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } myPort.send(myData); myPort.send(zf_UnicodeUtf8ThreeCharMutator(?)); var myType myVar := valueof(myData);

6 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Examples 6 template myType myData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } template myType myData := { field1 := zf_UnicodeUtf8ThreeCharMutator(?), field2 := '12AB'O, field3 := zf_RandomSelect((1, 2, 3)) } Used as “instead of values” in template declaration myPort.send(myData); Specific value selection at send time var myType myVar := valueof(myData); Specific value selection at invocation time of valueof() function myPort.send(zf_UnicodeUtf8ThreeCharMutator(?)); Immediate value selection as inline template Fuzz function declaration fuzz function zf_UnicodeUtf8ThreeCharMutator(in template charstring param1) return charstring; fuzz function zf_RandomSelect(in template integer param1) return integer; fuzz function zf_UnicodeUtf8ThreeCharMutator(in template charstring param1) return charstring; fuzz function zf_RandomSelect(in template integer param1) return integer;

7 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Seed Optional seed for the generation of random numbers Used to determine random selection To allow repeatability of fuzzed test cases One seed per test component Two new predefined functions To set the seed To read the current seed value 7 setseed(in float initialSeed) return float; getseed() return float; setseed(in float initialSeed) return float; getseed() return float;

8 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © TCI Extension – tciFuzzySelect Fuzz function implemented as a runtime extension in TTCN-3 Test Control Interface (TCI)  tciFuzzySelect() Called by the Test Environment (TE) for each fuzz function instance at the moment a template is sent or evaluated by use of valueof() To compute the concrete value a randomized approach could be used using the given seed External data fuzzers might be used to achieve better results  intelligent application/protocol based fuzzing with Data Fuzzing Library 8

9 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © tciFuzzySelect Synopsis 9

10 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Data Fuzzing Library Makes traditional data fuzzing widely available Eases integration into tools without deep knowledge about fuzz data generation Allows data fuzzing without the need for Making familiar with a specific fuzzing tool Integrating further fuzzing tools into the test process Approach Don’t reinvent the wheel, use the potential of existing fuzzing tools Peach Sulley OWASP WebScarab Extract their fuzzing generators and operators into a library (reimplementation in Java) 10

11 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Architecture 11

12 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Generators and Operators 12 G – Generator O – Operator

13 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Summary Fuzz testing is a commonly used method to test for security problems The purpose of fuzzing is to reveal implementation vulnerabilities by triggering failure modes Light-weight extension to the TTCN-3 standard supports fuzzing while maximizing its usability for existing TTCN-3 users While simple dump random fuzzing often causes poor results, intelligent application/protocol based fuzzing is much more powerful To support application/protocol based fuzz generators a TCI extension allows integration of external data fuzzers 13

14 Copyright Testing Technologies 2012. Confidential Information. All Rights Reserved. More Information at www.testingtech.com. © Thank you! Questions? 14

Download ppt " Data Fuzzing with TTCN-3 Stephan Pietsch, Bogdan Stanca-Kaposta, Dr. Jacob Wieland, Dirk Tepelmann, Ju ̈ rgen Großmann, Martin Schneider TTCN-3 User."

Similar presentations

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.
TTCN-3 Test Case Generation from arbitrary traces Capture & Replay Bogdan Stanca-Kaposta & Theofanis Vassiliou-Gioles (Testing Technologies)

TTCN-3 Test Case Generation from arbitrary traces Capture & Replay Bogdan Stanca-Kaposta & Theofanis Vassiliou-Gioles (Testing Technologies)
Coding Standards for Java An Introduction. Why Coding Standards are Important? Coding Standards lead to greater consistency within your code and the code.

Coding Standards for Java An Introduction. Why Coding Standards are Important? Coding Standards lead to greater consistency within your code and the code.
The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University

The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University
Tam Vu (tvu@mail.eecis.udel.edu) Remote Procedure Call CISC 879 – Spring 03 Tam Vu (tvu@mail.eecis.udel.edu) March 06, 03.

Tam Vu Remote Procedure Call CISC 879 – Spring 03 Tam Vu March 06, 03.
Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.

Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.
Introduction To System Analysis and Design

Introduction To System Analysis and Design
Fall 2007CS 225 Introduction to Software Design Chapter 1.

Fall 2007CS 225 Introduction to Software Design Chapter 1.
Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.

Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Testing Components in the Context of a System CMSC 737 Fall 2006 Sharath Srinivas.

Testing Components in the Context of a System CMSC 737 Fall 2006 Sharath Srinivas.
CSE 219 COMPUTER SCIENCE III PROPERTIES OF HIGH QUALITY SOFTWARE.

CSE 219 COMPUTER SCIENCE III PROPERTIES OF HIGH QUALITY SOFTWARE.
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
Software Testing Introduction. Agenda Software Testing Definition Software Testing Objectives Software Testing Strategies Software Test Classifications.

Software Testing Introduction. Agenda Software Testing Definition Software Testing Objectives Software Testing Strategies Software Test Classifications.
Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.

Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.
Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.

Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.

Similar presentations

Ads by Google