BIBLIOS

Document type
Conference papers

Document subtype
Full paper

Title
Generating Tests for the Discovery of Security Flaws in Product Variants

Participants in the publication
Francisco Araújo (Author)
Ibéria Medeiros (Author)
Dep. Informática
LASIGE
Nuno Neves (Author)

Summary
Industrial products, like vehicles and trains, integrate embedded systems implementing diverse and complicated functionalities. Such functionalities are programmable by software and contain a multitude of parameters necessary for their configuration, which have been increasing due to the market diversification and customer demand. In addition, industrial products are often built by aggregating different software parts (components), constituting thus product variants. Product variants with such variability need to be tested adequately, in particular if one is concerned with security vulnerabilities. While efficient automated testing approaches already exist, such as fuzzing, no tool is able to use results from previous testing campaigns to increase the efficiency of security testing the next product variant that shares certain functionalities. This paper presents an approach that can ignore already covered functionalities by previous tests and give more importance to blocks of code that have yet to be checked. The benefit is to avoid repeating unnecessary work, hence increasing the speed and the coverage in the new variant. The approach was implemented in a tool based on the AFL fuzzer and was validated with a set of programs of different versions. The experimental results show that the tool can perform better than AFL in our testing scenario.


Institution
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA

Event
2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)

Publication Identifiers
ISSN - 9781728110752

Publisher
IEEE

Document Identifiers
DOI - https://doi.org/10.1109/ICSTW50294.2020.00033