BIBLIOS

Tipo
Artigos em Conferência

Tipo de Documento
Artigo Completo

Título
Generating Tests for the Discovery of Security Flaws in Product Variants

Participantes na publicação
Francisco Araújo (Author)
Ibéria Medeiros (Author)
Dep. Informática
LASIGE
Nuno Neves (Author)

Resumo
Industrial products, like vehicles and trains, integrate embedded systems implementing diverse and complicated functionalities. Such functionalities are programmable by software and contain a multitude of parameters necessary for their configuration, which have been increasing due to the market diversification and customer demand. In addition, industrial products are often built by aggregating different software parts (components), constituting thus product variants. Product variants with such variability need to be tested adequately, in particular if one is concerned with security vulnerabilities. While efficient automated testing approaches already exist, such as fuzzing, no tool is able to use results from previous testing campaigns to increase the efficiency of security testing the next product variant that shares certain functionalities. This paper presents an approach that can ignore already covered functionalities by previous tests and give more importance to blocks of code that have yet to be checked. The benefit is to avoid repeating unnecessary work, hence increasing the speed and the coverage in the new variant. The approach was implemented in a tool based on the AFL fuzzer and was validated with a set of programs of different versions. The experimental results show that the tool can perform better than AFL in our testing scenario.


Instituição
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA

Evento
2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)

Identificadores da Publicação
ISSN - 9781728110752

Editora
IEEE

Identificadores do Documento
DOI - https://doi.org/10.1109/ICSTW50294.2020.00033