The number of devices in the Internet of Things (IoT) immensely grew in recent years. A frequent challenge in the assurance of the dependability of IoT systems is that components of the system appear as a black box. This paper presents a semi-automatic testing methodology for black-box systems that combines automata learning and fuzz testing. Our testing technique uses stateful fuzzing based on a model that is automatically inferred by automata learning. Applying this technique, we can simultaneously test multiple implementations for unexpected behavior and possible security vulnerabilities.We show the effectiveness of our learning-based fuzzing technique in a case study on the MQTT protocol. MQTT is a widely used publish/subscribe protocol in the IoT. Our case study reveals several inconsistencies between five different MQTT brokers. The found inconsistencies expose possible security vulnerabilities and violations of the MQTT specification.
|Titel||IEEE International Conference on Software Testing, Verification and Validation (ICST) 2021|
|Publikationsstatus||Angenommen/In Druck - 11 Dez 2020|
|Veranstaltung||2021 IEEE International Conference on Software Testing: ICST 2021 - Virtuell|
Dauer: 12 Apr 2021 → 16 Apr 2021
|Konferenz||2021 IEEE International Conference on Software Testing|
|Zeitraum||12/04/21 → 16/04/21|