This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
2009 WRI World Congress on Computer Science and Information Engineering
T3FAH: A TTCN-3 Based Fuzzer with Attack Heuristics
Los Angeles, California USA
March 31-April 02
ISBN: 978-0-7695-3507-4
Fuzzing is an effective approach to detect vulnerabilities. Unfortunately, the existing fuzzing approach suffers from some limitations, especially lacking support for automation in extracting the SUT specific knowledge and generating test script. In this paper, by combining fuzzing with TTCN-3 technique, we present T3FAH: a TTCN-3 based Fuzzer with Attack Heuristics. The approach automatically extracts the input syntax of SUT from existing test data definitions in TTCN-3 conformance test suite, generates invalid inputs based on the attack heuristic generation algorithm, and automatically constructs fuzzing test script via reusing the conformance test case. We conducted a case study on three popular SIP terminals with different SIP protocol implementations. In the case study, our approach detected several different vulnerabilities in all three SIP terminals, which may damage user experience in the practical use. It proves that our approach can be effectively used for testing real world applications.
Index Terms:
Fuzzing, TTCN-3, Attack Heuristics, Security Testing, SIP
Citation:
Luo Xu, Ji Wu, Chao Liu, "T3FAH: A TTCN-3 Based Fuzzer with Attack Heuristics," csie, vol. 7, pp.744-749, 2009 WRI World Congress on Computer Science and Information Engineering, 2009
Usage of this product signifies your acceptance of the Terms of Use.