A Negative Input Space Complexity Metric as Selection Criterion for Fuzz Testing

Abstract : Fuzz testing is an established technique in order to find zero-day-vulnerabilities by stimulating a system under test with invalid or unexpected input data. However, fuzzing techniques still generate far more test cases than can be executed. Therefore, different kinds of risk-based testing approaches are used for test case identification, selection and prioritization. In contrast to many approaches that require manual risk analysis, such as fault tree analysis, failure mode and effect analysis, and the CORAS method, we propose an automated approach that takes advantage of an already shown correlation between interface complexity and error proneness. Since fuzzing is a negative testing approach, we propose a complexity metric for the negative input space that measures the boundaries of the negative input space of primitive types and complex data types. Based on this metric, the assumed most error prone interfaces are selected and used as a starting point for fuzz test case generation. This paper presents work in progress.
Type de document :
Communication dans un congrès
Khaled El-Fakih; Gerassimos Barlas; Nina Yevtushenko. 27th IFIP International Conference on Testing Software and Systems (ICTSS), Nov 2015, Sharjah and Dubai, United Arab Emirates. Lecture Notes in Computer Science, LNCS-9447, pp.257-262, 2015, Testing Software and Systems. 〈10.1007/978-3-319-25945-1_17〉
Liste complète des métadonnées

Littérature citée [5 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01470152
Contributeur : Hal Ifip <>
Soumis le : vendredi 17 février 2017 - 10:25:40
Dernière modification le : vendredi 17 février 2017 - 10:37:07
Document(s) archivé(s) le : jeudi 18 mai 2017 - 14:03:32

Fichier

385214_1_En_17_Chapter.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Martin Schneider, Marc-Florian Wendland, Andreas Hoffmann. A Negative Input Space Complexity Metric as Selection Criterion for Fuzz Testing. Khaled El-Fakih; Gerassimos Barlas; Nina Yevtushenko. 27th IFIP International Conference on Testing Software and Systems (ICTSS), Nov 2015, Sharjah and Dubai, United Arab Emirates. Lecture Notes in Computer Science, LNCS-9447, pp.257-262, 2015, Testing Software and Systems. 〈10.1007/978-3-319-25945-1_17〉. 〈hal-01470152〉

Partager

Métriques

Consultations de la notice

15