By Topic

A Model-Based Fuzz Framework to the Security Testing of TCG Software Stack Implementations

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

6 Author(s)
Yang Yang ; Sch. of Comput., Wuhan Univ., Wuhan, China ; Huanguo Zhang ; Mi Pan ; Jian Yang
more authors

Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally fuzz testing tools use random inputs and watch the resulting values. In this paper, we present a model-based fuzz framework for systematic automated testing of a TCG trusted software stack implementation. This framework is based on blackbox fuzz testing methods, integrated with target profiling, data modeling and test algorithm etc. With the generation of smart, semantic-aware test cases, a more complete and deep testing can be provided. We also demonstrate the use of our model-based fuzz framework which can identity several vulnerabilities in some form of TSS implementation.

Published in:

Multimedia Information Networking and Security, 2009. MINES '09. International Conference on  (Volume:1 )

Date of Conference:

18-20 Nov. 2009