By Topic

Tag-Aware Text File Fuzz Testing for Security of a Software System

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
YoungHan Choi ; Electron. & Telecommun. Res. Inst.(ETRI), Daejeon ; Hyoungchun Kim ; Dohoon Lee

Among various security testing, fuzz testing is useful in finding a security hole in a software system. Fuzz testing is a method that inserts an unexpected data into input of a software system and finds defects of it. Traditionally, fuzz testing generates many errors of a software system because most of fuzz testing doesn't consider formats of input. We propose a novel methodology that performs efficiently fuzz testing for text files by considering types of values in tags. A text file is a human-readable file, and consists of tags and data. When reading a text file, a software system parses values in tags and transfers values into parameters of parsing functions. Thus, we implement the algorithm in the tag-aware text file fuzz testing(TAF) that analyzes automatically types of values in tags of text files and inserts fault data into values with considering types of them. By doing this, TAF can cover all test cases as much as possible using a few fault-inserted file. We apply TAF to HTML document files saved in MS Excel application and evaluate them. Experimental result shows that TAF reduce efficiently the total number of fault-inserted files with covering all test cases.

Published in:

Convergence Information Technology, 2007. International Conference on

Date of Conference:

21-23 Nov. 2007