Learning-Based Fuzzing of IoT Message Brokers

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

The number of devices in the Internet of Things (IoT) immensely grew in recent years. A frequent challenge in the assurance of the dependability of IoT systems is that components of the system appear as a black box. This paper presents a semi-automatic testing methodology for black-box systems that combines automata learning and fuzz testing. Our testing technique uses stateful fuzzing based on a model that is automatically inferred by automata learning. Applying this technique, we can simultaneously test multiple implementations for unexpected behavior and possible security vulnerabilities.We show the effectiveness of our learning-based fuzzing technique in a case study on the MQTT protocol. MQTT is a widely used publish/subscribe protocol in the IoT. Our case study reveals several inconsistencies between five different MQTT brokers. The found inconsistencies expose possible security vulnerabilities and violations of the MQTT specification.
Originalspracheenglisch
TitelProceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021
Seiten47-58
Seitenumfang12
ISBN (elektronisch)978-1-7281-6836-4
DOIs
PublikationsstatusVeröffentlicht - Apr 2021
Veranstaltung2021 IEEE International Conference on Software Testing: ICST 2021 - Virtuell, Brasilien
Dauer: 12 Apr 202116 Apr 2021

Publikationsreihe

NameProceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021

Konferenz

Konferenz2021 IEEE International Conference on Software Testing
KurztitelICST 2021
Land/GebietBrasilien
OrtVirtuell
Zeitraum12/04/2116/04/21

ASJC Scopus subject areas

  • Software
  • Artificial intelligence
  • Sicherheit, Risiko, Zuverlässigkeit und Qualität

Fingerprint

Untersuchen Sie die Forschungsthemen von „Learning-Based Fuzzing of IoT Message Brokers“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren