Introducing probabilities within grey-box fuzzing / Hänsynstagande till sannolikheter inom grey-box fuzzing

Sletmo, Patrik

January 2019

Over the recent years, the software industry has faced a steady increase in the number of exposed and exploited software vulnerabilities. With more software and devices being connected to the internet every day, the need for proactive security measures has never been more important. One promising new technology for making software more secure is fuzz testing. This automated testing technique is based around generating a large number of test cases with the intention of revealing dangerous bugs and vulnerabilities. In this thesis work, a new direction within grey-box fuzz testing is evaluated against previous work. The presented approach uses sampled probability data in order to guide the fuzz testing towards program states that are expected to be easy to reach and beneficial for the discovery of software vulnerabilities. Evaluation of the design shows that the suggested approach provides no obvious advantage over existing solutions, but also indicates that the performance advantage could be dependent on the structure of the system under test. However, analysis of the design itself highlights several design decisions that could benefit from more extensive research. While the design proposed in this thesis work is insufficient for replacing current state of the art fuzz testing software, it provides a solid foundation for future research within the field. With the many insights gained from the design and implementation work, this thesis work aims to both inspire others and showcase the challenges of creating a probability-based approach to grey-box fuzz testing.

Fuzz Testing

Fuzzing

Grey-box Fuzz Testing

Vulnerability Testing

Probabilities

Security

ROI

SpareFuzz

Computer Engineering

Datorteknik

Mutation-based testing of buffer overflows, SQL injections, and format string bugs

Shahriar, Hossain

20 August 2008

Testing is an indispensable mechanism for assuring software quality. One of the key issues in testing is to obtain a test data set that is able to effectively test an implementation. An adequate test data set consists of test cases that can expose faults in a software implementation. Mutation-based testing can be employed to obtain adequate test data sets, and numerous mutation operators have been proposed to date to measure the adequacy of test data sets that reveal functional faults. However, implementations that pass functionality tests are still vulnerable to malicious attacks. Despite the rigorous use of various existing testing techniques, many vulnerabilities are discovered after the deployment of software implementations, such as buffer overflows (BOF), SQL injections, and format string bugs (FSB). Successful exploitations of these vulnerabilities may result in severe consequences such as denial of services, application state corruptions, and information leakage. Many approaches have been proposed to detect these vulnerabilities. Unfortunately, very few approaches address the issue of testing implementations against vulnerabilities. Moreover, these approaches do not provide an indication whether a test data set is adequate for vulnerability testing or not. We believe that bringing the idea of traditional functional test adequacy to vulnerability testing can help address the issue of test adequacy. In this thesis, we apply the idea of mutation-based adequate testing to perform vulnerability testing of buffer overflows, SQL injections, and format string bugs. We propose mutation operators to force the generation of adequate test data sets for these vulnerabilities. The operators mutate source code to inject the vulnerabilities in the library function calls and unsafe implementation language elements. The mutants generated by the operators are killed by test cases that expose these vulnerabilities. We propose distinguishing or killing criteria for mutants that consider varying symptoms of exploitations. Three prototype tools are developed to automatically generate mutants and perform mutation analysis with input test cases and the effectiveness of the proposed operators is evaluated on several open source programs containing known vulnerabilities. The results indicate that the proposed operators are effective for testing the vulnerabilities, and the mutation-based vulnerability testing process ensures the quality of the applications against these vulnerabilities. / Thesis (Master, Computing) -- Queen's University, 2008-08-18 13:53:04.036

Vulnerability testing

Buffer overflow

SQL injection

Format string bug

Test adequacy

On the assessment of Denial of Service vulnerabilities affecting smart home systems

Andersson, Sebastian, Josefsson, Oliver

January 2019

IoT is an abbreviation of the term Internet of Things. The term describes everydayitems such as light bulbs that are connected to the Internet. IoT is a field that isgrowing very quickly with some researchers and industry leaders predicting thatthere will be up to 200 billion connected IoT devices in the world by 2020. Many IoTdevices are developed by smaller companies looking to capitalize on a specific needin the market. Because of this, the companies may favor launching a product as fastas possible which could mean that the devices may have not been adequately testedfor different vulnerabilities.The IoT and Smart Home market is currently experiencing rapid growth and all signspoint towards that continuing in the future. This thesis focuses on testing forvulnerabilities to Denial of Service attacks in common-off-the-shelf IoT devices thatcan be found in a smart home environment. The purpose of this thesis is to createmore knowledge about the vulnerabilities that can be found in Internet connecteddevices that are used daily.This thesis includes experiments using OpenVAS, which is a vulnerability scannerdeveloped by Greenbone Security used to test for vulnerabilities to Denial of Serviceattacks in IoT devices. The devices that are tested are Sony PlayStation 4, IKEATrådfri Smart Lighting, Google Chromecast (First Generation), Apple TV (ThirdGeneration) and D-Link DCS-930LB Wi-Fi IP-Camera. The firmware/software of allthe devices are updated as of April of 2019.The results of the conducted experiments show that all the tested devices besidesChromecast and IKEA Trådfri had vulnerabilities to Denial of Service attacks.PlayStation 4 was the device with the highest amount of vulnerabilities (9) and thevulnerability with highest possible severity (10.0). The effects of a Denial of Serviceattack range from an annoyance, when a gaming console is unavailable, to a securityrisk when an IP camera can be temporarily disabled.

Internet of Things (IoT)

IoT

IoT Vulnerability

Vulnerability Testing

OpenVAS

Availability

Denial of Service

Smart Home

Engineering and Technology

Teknik och teknologier

A pattern-driven and model-based vulnerability testing for Web applications / Une approche à base de modèles et de patterns pour le test de vulnérabilités d'applications Web

Vernotte, Alexandre

29 October 2015

Cette thèse propose une approche originale de test de vulnérabilité Web à partir de modèles etdirigée par des patterns de tests, nommée PMVT. Son objectif est d’améliorer la capacité de détectionde quatre types de vulnérabilité majeurs, Cross-Site Scripting, Injections SQL, Cross-Site RequestForgery, et Privilege Escalation. PMVT repose sur l’utilisation d’un modèle comportemental del’application Web, capturant ses aspects fonctionnels, et sur un ensemble de patterns de test devulnérabilité qui adressent un type de vulnérabilité de manière générique, quelque soit le type del’application Web sous test.Par l’adaptation de technologies MBT existantes, nous avons développé une chaîne outillée complèteautomatisant la détection des quatre types de vulnérabilité. Ce prototype a été exprimenté et évaluésur deux applications réelles, actuellement utiliseés par plusieurs dizaines de milliers d’utilisateurs.Les résultats d’expérimentation démontrent la pertinence et de l’efficience de PMVT, notamment enaméliorant de façon significative la capacité de détection de vulnérabilités vis à vis des scannersautomatiques d’applications Web existants. / This thesis proposes an original approach, dubbed PMVT for Pattern-driven and Model-basedVulnerability Testing, which aims to improve the capability for detecting four high-profile vulnerabilitytypes, Cross-Site Scripting, SQL Injections, CSRF and Privilege Escalations, and reduce falsepositives and false negatives verdicts. PMVT relies on the use of a behavioral model of theapplication, capturing its functional aspects, and a set of vulnerability test patterns that addressvulnerabilities in a generic way. By adapting existing MBT technologies, an integrated toolchain that supports PMVT automates thedetection of the four vulnerability types in Web applications. This prototype has been experimentedand evaluated on two real-life Web applications that are currently used by tens of thousandsusers. Experiments have highlighted the effectiveness and efficiency of PMVT and shown astrong improvement of vulnerability detection capabilities w.r.t. available automated Web applicationscanners for these kind of vulnerabilities.

Test de Vulnérabilité

Test à partir de Modèles

Patterns de Test de Vulnérabilité

Applications Web

Cross-Site Scripting

Injections SQL

Cross-Site Request Forgery

Privilege Escalation

Vulnerability Testing

Model-Based Testing

Vulnerability Test Patterns

Web applications

Cross- Site Scripting

SQL Injections

Cross-Site Request Forgery

Privilege Escalation

004.678