Skip to Main Content
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally fuzz testing tools use random inputs and watch the resulting values. In this paper, we present a model-based fuzz framework for systematic automated testing of a TCG trusted software stack implementation. This framework is based on blackbox fuzz testing methods, integrated with target profiling, data modeling and test algorithm etc. With the generation of smart, semantic-aware test cases, a more complete and deep testing can be provided. We also demonstrate the use of our model-based fuzz framework which can identity several vulnerabilities in some form of TSS implementation.