A Model-based Fuzz Framework to the Security Testing of TCG Software Stack Implementations
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally fuzz testing tools use random inputs and watch the resulting values. In this paper, we present a model-based fuzz framework for systematic automated testing of a TCG Trusted Software Stack implementation. This framework is based on blackbox fuzz testing methods, integrated with target profiling, data modeling and test algorithm etc. With the generation of smart, semanticaware test cases, a more complete and deep testing can be provided. We also demonstrate the use of our model-based fuzz framework which can identity several vulnerabilities in some form of TSS implementation.
Trusted computing software security testing fuzz framework fault injection syntax model
Yang Yang Huanguo Zhang Mi Pan Jian Yang Fan He Zhide Li
1School of Computer, Wuhan University, Wuhan, China 430072 School of Computer, Wuhan University, Wuhan, China 430072 State Key Lab of Software Engineering, Wuh School of Computer, Wuhan University, Wuhan, China 430072 Guangdong Dongguan Supervision Testing Institute of Quality and Metrology,Dongguan,China 523120
国际会议
武汉
英文
149-152
2009-11-18(万方平台首次上网日期,不代表论文的发表时间)