Projects per year
Abstract
Fuzzing (aka fuzz testing) shows promising results in security testing. The advantage of fuzzing is the relatively simple applicability compared to comprehensive manual security analysis. However, the effectiveness of black-box fuzzing is hard to judge since the internal structure of the system under test is unknown. Hence, in-depth behavior might not be covered by fuzzing. This paper aims at overcoming the limitations of black-box fuzzing. We present a stateful black-box fuzzing technique that uses a behavioral model of the system under test. Instead of manually creating the model, we apply active automata learning to automatically infer the model. Our framework generates a test suite for fuzzing that includes valid and invalid inputs. The goal is to explore unexpected behavior. For this, we test for conformance between the learned model and the system under test. Additionally, we analyze behavioral differences using the learned state information. In a case study, we evaluate implementations of the Bluetooth Low Energy (BLE) protocol on physical devices. The results reveal security and dependability issues in the tested devices leading to crashes of four out of six devices.
| Original language | English |
|---|---|
| Title of host publication | NASA Formal Methods |
| Subtitle of host publication | 14th International Symposium, NFM 2022, Pasadena, CA, USA, May 24–27, 2022, Proceedings |
| Editors | Jyotirmoy V. Deshmukh, Klaus Havelund, Ivan Perez |
| Place of Publication | Cham |
| Publisher | Springer |
| Pages | 373-392 |
| Number of pages | 20 |
| ISBN (Electronic) | 978-3-031-06773-0 |
| ISBN (Print) | 978-3-031-06772-3 |
| DOIs | |
| Publication status | Published - 20 May 2022 |
| Event | 14th International Symposium on NASA Formal Methods: NFM 2022 - Caltech, Pasadena, United States Duration: 24 May 2022 → 27 May 2022 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 13260 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | 14th International Symposium on NASA Formal Methods |
|---|---|
| Abbreviated title | NFM 2022 |
| Country/Territory | United States |
| City | Pasadena |
| Period | 24/05/22 → 27/05/22 |
Keywords
- Automata learning
- Fuzz testing
- Model-based testing
- Bluetooth Low Energy
- Model-based fuzzing
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)
Fingerprint
Dive into the research topics of 'Stateful Black-Box Fuzzing of Bluetooth Devices Using Automata Learning'. Together they form a unique fingerprint.-
AIDOaRT - AI-augmented automation for efficient DevOps, a model-based framework for continuous development At RunTime in CPSs
1/04/21 → 30/09/24
Project: Research project
-
LearnTwins - Learning Digital Twins for the Validation and Verification of Dependable Cyber-PhysicalSystems
1/12/20 → 30/11/23
Project: Research project
-
Dependable Internet of Things
Boano, C. A., Kubin, G., Bloem, R., Horn, M., Pernkopf, F., Zakany, N., Mangard, S., Witrisal, K., Römer, K. U., Aichernig, B., Bösch, W., Baunach, M. C., Tappler, M., Malenko, M., Weiser, S., Eichlseder, M., Leitinger, E., Grosinger, J., Großwindhager, B., Ebrahimi, M., Alothman Alterkawi, A. B., Knoll, C., Teschl, R., Saukh, O., Rath, M., Steinberger, M., Steinbauer-Wagner, G. & Tranninger, M.
1/01/16 → 31/03/22
Project: Research project