857 research outputs found
Model-Based Security Testing
Security testing aims at validating software system requirements related to
security properties like confidentiality, integrity, authentication,
authorization, availability, and non-repudiation. Although security testing
techniques are available for many years, there has been little approaches that
allow for specification of test cases at a higher level of abstraction, for
enabling guidance on test identification and specification as well as for
automated test generation.
Model-based security testing (MBST) is a relatively new field and especially
dedicated to the systematic and efficient specification and documentation of
security test objectives, security test cases and test suites, as well as to
their automated or semi-automated generation. In particular, the combination of
security modelling and test generation approaches is still a challenge in
research and of high interest for industrial applications. MBST includes e.g.
security functional testing, model-based fuzzing, risk- and threat-oriented
testing, and the usage of security test patterns. This paper provides a survey
on MBST techniques and the related models as well as samples of new methods and
tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582
Four-quark flux distribution and binding in lattice SU(2)
The full spatial distribution of the color fields of two and four static
quarks is measured in lattice SU(2) field theory at separations up to 1 fm at
beta=2.4. The four-quark case is equivalent to a qbar q qbar q system in SU(2)
and is relevant to meson-meson interactions. By subtracting two-body flux tubes
from the four-quark distribution we isolate the flux contribution connected
with the four-body binding energy. This contribution is further studied using a
model for the binding energies. Lattice sum rules for two and four quarks are
used to verify the results.Comment: 46 pages including 71 eps figures. 3D color figures are available at
www.physics.helsinki.fi/~ppennane/pics
Targeted Greybox Fuzzing with Static Lookahead Analysis
Automatic test generation typically aims to generate inputs that explore new
paths in the program under test in order to find bugs. Existing work has,
therefore, focused on guiding the exploration toward program parts that are
more likely to contain bugs by using an offline static analysis.
In this paper, we introduce a novel technique for targeted greybox fuzzing
using an online static analysis that guides the fuzzer toward a set of target
locations, for instance, located in recently modified parts of the program.
This is achieved by first semantically analyzing each program path that is
explored by an input in the fuzzer's test suite. The results of this analysis
are then used to control the fuzzer's specialized power schedule, which
determines how often to fuzz inputs from the test suite. We implemented our
technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart
contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an
online analysis is particularly suitable for the domain of smart contracts
since it does not require any code instrumentation---instrumentation to
contracts changes their semantics. Our experiments show that targeted fuzzing
significantly outperforms standard greybox fuzzing for reaching 83% of the
challenging target locations (up to 14x of median speed-up)
Harvey: A Greybox Fuzzer for Smart Contracts
We present Harvey, an industrial greybox fuzzer for smart contracts, which
are programs managing accounts on a blockchain. Greybox fuzzing is a
lightweight test-generation approach that effectively detects bugs and security
vulnerabilities. However, greybox fuzzers randomly mutate program inputs to
exercise new paths; this makes it challenging to cover code that is guarded by
narrow checks, which are satisfied by no more than a few input values.
Moreover, most real-world smart contracts transition through many different
states during their lifetime, e.g., for every bid in an auction. To explore
these states and thereby detect deep vulnerabilities, a greybox fuzzer would
need to generate sequences of contract transactions, e.g., by creating bids
from multiple users, while at the same time keeping the search space and test
suite tractable. In this experience paper, we explain how Harvey alleviates
both challenges with two key fuzzing techniques and distill the main lessons
learned. First, Harvey extends standard greybox fuzzing with a method for
predicting new inputs that are more likely to cover new paths or reveal
vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in
a targeted and demand-driven way. We have evaluated our approach on 27
real-world contracts. Our experiments show that the underlying techniques
significantly increase Harvey's effectiveness in achieving high coverage and
detecting vulnerabilities, in most cases orders-of-magnitude faster; they also
reveal new insights about contract code.Comment: arXiv admin note: substantial text overlap with arXiv:1807.0787
FairFuzz: Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage
In recent years, fuzz testing has proven itself to be one of the most
effective techniques for finding correctness bugs and security vulnerabilities
in practice. One particular fuzz testing tool, American Fuzzy Lop or AFL, has
become popular thanks to its ease-of-use and bug-finding power. However, AFL
remains limited in the depth of program coverage it achieves, in particular
because it does not consider which parts of program inputs should not be
mutated in order to maintain deep program coverage. We propose an approach,
FairFuzz, that helps alleviate this limitation in two key steps. First,
FairFuzz automatically prioritizes inputs exercising rare parts of the program
under test. Second, it automatically adjusts the mutation of inputs so that the
mutated inputs are more likely to exercise these same rare parts of the
program. We conduct evaluation on real-world programs against state-of-the-art
versions of AFL, thoroughly repeating experiments to get good measures of
variability. We find that on certain benchmarks FairFuzz shows significant
coverage increases after 24 hours compared to state-of-the-art versions of AFL,
while on others it achieves high program coverage at a significantly faster
rate
Maximal variance reduction for stochastic propagators with applications to the static quark spectrum
We study a new method -- maximal variance reduction -- for reducing the
variance of stochastic estimators for quark propagators. We find that while
this method is comparable to usual iterative inversion for light-light mesons,
a considerable improvement is achieved for systems containing at least one
infinitely heavy quark. Such systems are needed for heavy quark effective
theory. As an illustration of the effectiveness of the method we present
results for the masses of the ground state and excited states of
mesons and baryons. We compare these results with the experimental
spectra involving quarks.Comment: 31 pages with 7 postscript file
A Comprehensive Survey on Database Management System Fuzzing: Techniques, Taxonomy and Experimental Comparison
Database Management System (DBMS) fuzzing is an automated testing technique
aimed at detecting errors and vulnerabilities in DBMSs by generating, mutating,
and executing test cases. It not only reduces the time and cost of manual
testing but also enhances detection coverage, providing valuable assistance in
developing commercial DBMSs. Existing fuzzing surveys mainly focus on
general-purpose software. However, DBMSs are different from them in terms of
internal structure, input/output, and test objectives, requiring specialized
fuzzing strategies. Therefore, this paper focuses on DBMS fuzzing and provides
a comprehensive review and comparison of the methods in this field. We first
introduce the fundamental concepts. Then, we systematically define a general
fuzzing procedure and decompose and categorize existing methods. Furthermore,
we classify existing methods from the testing objective perspective, covering
various components in DBMSs. For representative works, more detailed
descriptions are provided to analyze their strengths and limitations. To
objectively evaluate the performance of each method, we present an open-source
DBMS fuzzing toolkit, OpenDBFuzz. Based on this toolkit, we conduct a detailed
experimental comparative analysis of existing methods and finally discuss
future research directions.Comment: 34 pages, 22 figure
Security Testing: A Survey
Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application
- …