ANALYSIS AND COMPARISON OF FUZZ TESTING TOOLS FOR IoT SYSTEMS
DOI:
https://doi.org/10.24867/20BE22KovacevicKeywords:
security, fuzz testing, Internet of Things, toolsAbstract
The Internet, a pillar of society that we can no longer live without, has created a new way of communication, data usage, and information sharing. The rapid development of the Internet has created a new vision of everyday things and enabled the development of a new concept - the Internet of Things (IoT). IoT enables the exchange of a massive amount of useful information but also raises security and privacy concerns. Fuzz testing is one of the more effective methods for testing software security. This master thesis explores the concepts of fuzz testing for IoT and their limitations. Different tools were compared, and a proposal was conducted to solve their shortcomings.
References
[1] J. Gubbi, et al. “Internet of Things (IoT) a vision, architectural elements, and future directions”, 2013
[2] Shashi Rekha, Lingala Thirupathi, Srikanth Renikuntac, Rekha Gangula, “Study of security issues and solutions in Internet of Things (IoT)”, 2021
[3] Sofia Bekrar, Chaouki Bekrar Roland Groz, Laurent Mounier ,“Finding Software Vulnerabilities by Smart Fuzzing“, 2011
[4] Department of telecomunications-Government of India, “Fuzz testing”, https://tec.gov.in (приступљено u августу 2022)
[5] “OWASP Top 10”, https://owasp.org/Top10 (приступљено u сепембру 2022)
[6] Josip Bozic, Franz Wotawa “XSS Pattern for Attack Modeling in Testing”, 2013
[7] George Klees, Andrew Ruef, Shiyi Wei, Michael Hicks, “Evaluating Fuzz Testing“,2018
[8] Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu, “Skyfire: Data-driven seed generation for fuzzing”, 2017
[9] Jiongyi Chen, Wenrui Diao et al. “IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing“, 2018
[10] Xiaotao Feng, Ruoxi Sun, Xiaogang Zhu, “Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference“, 2021
[11] Hangwei Zhang , Kai Lu, Xu Zhou, Qidi Yin, Pengfei Wang and Tai Yue, “SIoTFuzzer: Fuzzing Web Interface in IoT Firmware via Stateful Message Generation”, 2021
[2] Shashi Rekha, Lingala Thirupathi, Srikanth Renikuntac, Rekha Gangula, “Study of security issues and solutions in Internet of Things (IoT)”, 2021
[3] Sofia Bekrar, Chaouki Bekrar Roland Groz, Laurent Mounier ,“Finding Software Vulnerabilities by Smart Fuzzing“, 2011
[4] Department of telecomunications-Government of India, “Fuzz testing”, https://tec.gov.in (приступљено u августу 2022)
[5] “OWASP Top 10”, https://owasp.org/Top10 (приступљено u сепембру 2022)
[6] Josip Bozic, Franz Wotawa “XSS Pattern for Attack Modeling in Testing”, 2013
[7] George Klees, Andrew Ruef, Shiyi Wei, Michael Hicks, “Evaluating Fuzz Testing“,2018
[8] Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu, “Skyfire: Data-driven seed generation for fuzzing”, 2017
[9] Jiongyi Chen, Wenrui Diao et al. “IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing“, 2018
[10] Xiaotao Feng, Ruoxi Sun, Xiaogang Zhu, “Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference“, 2021
[11] Hangwei Zhang , Kai Lu, Xu Zhou, Qidi Yin, Pengfei Wang and Tai Yue, “SIoTFuzzer: Fuzzing Web Interface in IoT Firmware via Stateful Message Generation”, 2021
Downloads
Published
2022-11-06
Issue
Section
Electrotechnical and Computer Engineering
