Software fault injection: inoculating programs against errors
Software fault injection: inoculating programs against errors
Partition Testing vs. Random Testing: The Influence of Uncertainty
IEEE Transactions on Software Engineering
ACM SIGSOFT Software Engineering Notes
Software design based on operational modes
Software design based on operational modes
Experiments with high volume test automation
ACM SIGSOFT Software Engineering Notes
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
This note describes a method of testing software for response to malicious data streams. Systems that process data streams obtained from an external source such as the Internet are vulnerable to security issues if malicious data is not processed correctly. This note describes a testing method that creates malicious data streams, applies them to a software application and checks the appropriateness of the application response.The note begins with a description of the problem: inade-quate testing of software response to malicious data streams. I present a method of testing the response to malicious data streams and introduce the concepts of lexical, syntactic and semantic data stream deformation. I provide a description of a system that produces and applies such tests. This descrip-tion divides the testing system into components and provides some detail about each component. This system applied to Adobe Acrobat Reader version 5.0.1 provides a case study. The study applied 141,306 unique test cases and revealed 11 distinct indications of buffer overrun, numerous program lock-ups, and four steganographic possibilities.Research is on-going in the following areas: generalized buffer overrun exploitation, maliciously testing protocols and testing with encoded or encrypted data streams.