Presentation | 2016-11-25 A fuzz testing method cooperated with threat modeling Yasuhiko Nishio, Tadashi Shiroma, Hiroyuki Inoue, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | The purpose of this study is to develop a fuzz testing method that can ensure the IoT security especially automotive system security. To ensure the system security, it is important to expose the system threats and to test along with them. We propose a fuzz testing method cooperated with threat modeling. Our study have two merits. First, engineer can learn the knowledge of threat modeling smoothly. Second, researcher can exchange their threat model to test data, especially, fuzzing data. We can derive the merits to develop a procedure that exchange the threat model to fuzz data via a threat meta-model made by XML format. Finally, we applied our method to real device and system, car navigation system and vulnerable Web system as two case study. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Threat Modeling / Fuzzing / Meta model / XML / Automotive system / Reverse engineering |
Paper # | ICSS2016-41 |
Date of Issue | 2016-11-18 (ICSS) |
Conference Information | |
Committee | ICSS |
---|---|
Conference Date | 2016/11/25(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | Institute of Information Security |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | Information and Communication System Security, etc. |
Chair | Yutaka Miyake(KDDI R&D Labs.) |
Vice Chair | Yoshiaki Shiraishi(Kobe Univ.) / Takeshi Ueda(Mitsubishi Electric) |
Secretary | Yoshiaki Shiraishi(NII) / Takeshi Ueda(Yokohama National Univ.) |
Assistant | Kazunori Kamiya(NTT) / Takahiro Kasama(NICT) |
Paper Information | |
Registration To | Technical Committee on Information and Communication System Security |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | A fuzz testing method cooperated with threat modeling |
Sub Title (in English) | |
Keyword(1) | Threat Modeling |
Keyword(2) | Fuzzing |
Keyword(3) | Meta model |
Keyword(4) | XML |
Keyword(5) | Automotive system |
Keyword(6) | Reverse engineering |
1st Author's Name | Yasuhiko Nishio |
1st Author's Affiliation | Connected Consumer Device Security Council(CCDS) |
2nd Author's Name | Tadashi Shiroma |
2nd Author's Affiliation | Connected Consumer Device Security Council(CCDS) |
3rd Author's Name | Hiroyuki Inoue |
3rd Author's Affiliation | Connected Consumer Device Security Council/Hiroshima City University(CCDS/HCU) |
Date | 2016-11-25 |
Paper # | ICSS2016-41 |
Volume (vol) | vol.116 |
Number (no) | ICSS-328 |
Page | pp.pp.15-20(ICSS), |
#Pages | 6 |
Date of Issue | 2016-11-18 (ICSS) |