Software security assessment through specification mutations and fault injection

IFIP Advances in Information and Communication Technology

Volumn 64, Issue , 2001, Pages 173-183

  Kaksonen, Rauli ^a   Laakso, Marko ^b   Takanen, Ari ^b  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

^b UNIVERSITY OF OULU   (Finland)

Author keywords

Fault injection; Protocol specification; Security assessment; Syntax testing; Wireless Application Protocol

Indexed keywords

CELLULAR TELEPHONE SYSTEMS; SPECIFICATIONS; WIRELESS TELECOMMUNICATION SYSTEMS;

FAULT INJECTION; PROTOCOL SPECIFICATIONS; SECURITY ASSESSMENT; SECURITY IMPLICATIONS; SECURITY VULNERABILITIES; SOFTWARE PRODUCTS; SOFTWARE SECURITY; WIRELESS APPLICATION PROTOCOLS;

SECURITY OF DATA;

EID: 84867398444     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-35413-2     Document Type: Conference Paper

References (13)

1. Aho, A. V., Sethi, R. and Ullman, J. D. (1985). Compilers: Principles, Techniques, and Tools. Addison-Wesley, 1985, ISBN 0-201-10088-6.
2. Baumgarten, B. and Giessler, A. (1994). OSI Conformance Testing Methodology and TTCK Elsevier Science B.V., 1994, ISBN 0-444-89712-7.
3. Beizer B. (1990). Software Testing Techniques Second Edition, Van Nos-trand Reinhold, 1990, ISBN 0-442-20672-0.
4. Koopman, R and De Vale, J. (2000). The Exception Handling Effectiveness of the POSIX Operating Systems IEEE Transactions on Software Engineering, Vol. 26, No. 9, September 2000, pp. 837-848.
5. Maurer, R M. (1990) Generating Test Data with Enhanced Context-Free Grammars. IEEE Software, Vol. 7, No. 4, July 1990, pp. 50-56.
6. Miller, B. R, et al. (1995)Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services. Technical report, Computer Sciences Department, University of Wisconsin, 1995.
7. Project: Security Testing of Protocol Implementations (PROTOS) http://www.ee.oulu.fi/research/ouspg/protos/.
8. Takanen, A., Laakso, M., Eronen, J. and Roning, J. (2000) Running Malicious Code By Exploiting Buffer Overflows: A Survey Of Publicly Available Exploits. EICAR 2000 Best Paper Proceedings.
9. The Source for Java™ Technology http://java.sun.com/.
10. Voas, J. M. and McGraw Gary. (1998) Software Fault Injection. John Wiley & Sons, 1998, ISBN 0-471-18381-4.
11. WAP Forum http://www.wapforum.com/.
12. WAP Forum. (1998). WAP Architecture Specification. 20-Apr-1998.
13. WAP Forum. (2000). WAP WSP Specification. Approved 4-May-2000.