T3FAH: A TTCN-3 Based Fuzzer with Attack Heuristics

Fuzzing is an effective approach to detect vulnerabilities. Unfortunately, the existing fuzzing approach suffers from some limitations, especially lacking support for automation in extracting the SUT specific knowledge and generating test script. In this paper, by combining fuzzing with TTCN-3 technique, we present T3FAH: a TTCN-3 based Fuzzer with Attack Heuristics. The approach automatically extracts the input syntax of SUT from existing test data definitions in TTCN-3 conformance test suite, generates invalid inputs based on the attack heuristic generation algorithm, and automatically constructs fuzzing test script via reusing the conformance test case. We conducted a case study on three popular SIP terminals with different SIP protocol implementations. In the case study, our approach detected several different vulnerabilities in all three SIP terminals, which may damage user experience in the practical use. It proves that our approach can be effectively used for testing real world applications.

[1]  Dave Aitel,et al.  The Advantages of Block - Based Protocol Analysis for Security Testing , 2002 .

[2]  Barton P. Miller,et al.  An empirical study of the robustness of MacOS applications using random testing , 2006, RT '06.

[3]  Peter Oehlert,et al.  Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..

[4]  Barton P. Miller,et al.  An empirical study of the robustness of Windows NT applications using random testing , 2000 .

[5]  Martin Vuagnoux,et al.  Autodafé: an Act of Software Torture , 2005 .

[6]  Farnam Jahanian,et al.  Testing of fault-tolerant and real-time distributed systems via protocol fault injection , 1996, Proceedings of Annual Symposium on Fault Tolerant Computing.

[7]  Barton P. Miller,et al.  Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services , 1995 .

[8]  Ravishankar K. Iyer,et al.  NFTAPE: a framework for assessing dependability in distributed systems with lightweight fault injectors , 2000, Proceedings IEEE International Computer Performance and Dependability Symposium. IPDS 2000.

[9]  R. Probert,et al.  An Efficient Formal Testing Approach for Web Service with TTCN-3 , 2005 .

[10]  Ina Schieferdecker,et al.  Automated Testing of XML/SOAP based Web Services , 2003, KiVS.

[11]  Ina Schieferdecker,et al.  From U2TP Models to Executable Tests with TTCN-3 - An Approach to Model Driven Testing , 2005, TestCom.

[12]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[13]  Farnam Jahanian,et al.  ORCHESTRA: A Fault Injection Environment for Distributed Systems , 1996 .

[14]  Rauli Kaksonen,et al.  System Security Assessment through Specification Mutations and Fault Injection , 2001, Communications and Multimedia Security.

[15]  Dieter Hogrefe,et al.  An introduction to the testing and test control notation (TTCN-3) , 2003, Comput. Networks.