• Title/Summary/Keyword: 소프트웨어 결함 주입 테스트

Search Result 5, Processing Time 0.025 seconds

Vulnerability Testing of Software using Fault Injection (결함 주입 방법을 이용한 소프트웨어 보안 취약점 검출)

  • Cho Byoung-Min;Yun Young-Min;Choi Jong-Cheon;Cho Seong-Je;Yoo Hae-Young
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2006.06a
    • /
    • pp.795-798
    • /
    • 2006
  • 최근 소프트웨어의 복잡도가 증가되어감에 따라 소프트웨어 취약점 검출에 대한 정형화된 방법과 자동화된 도구가 필요하게 되었다. 본 논문에서는 기존의 소프트웨어 테스트에서 고려되지 않았던 보안을 고려한 테스트라는 측면에서 자동화된 도구를 이용하여 소스가 없고 바이너리 코드만 있는 경우 결함 주입 기법을 통해 취약점 분석 방법을 보여주며, 윈도우즈 환경에서 사용되는 응용프로그램에 대한 상호 비교를 통해 향후 발생할 취약점에 대한 예방과 회피에 활용 될 사례를 보여주고 있다.

  • PDF

Software Fault Injection Test Methodology for the Software Verification of ISO 26262 Standards-based (ISO 26262 표준 기반의 소프트웨어 검증을 위한 소프트웨어 결함 주입 기법)

  • Lee, Sangho;Shin, Seunghwan
    • Transactions of the Korean Society of Automotive Engineers
    • /
    • v.22 no.3
    • /
    • pp.68-74
    • /
    • 2014
  • As the number of ECUs (Electronic control units) are increasing, reliability and functional stability of a software in an ECU is getting more important. Therefore the application of functional safety standards ISO 26262 is making the software more reliable. Software fault injection test (SFIT) is required as a verification technique for the application of ISO 26262. In case of applying SFIT, an artificial error is injected to inspect the vulnerability of the system which is not easily detected during normal operation. In this paper, the basic concept of SFIT will be examined and the application of SIFT based on ISO26262 will be described.

The Implementation of Hardware Verification System Using Fault Injection Method (결함 주입 방법을 이용한 하드웨어 검증시스템 구현)

  • Yoon, Kyung-Shub;Song, Myoung-Gyu;Lee, Jae-Heung
    • Journal of IKEEE
    • /
    • v.15 no.4
    • /
    • pp.267-273
    • /
    • 2011
  • In hardware design, its stability and reliability are important, because a hardware error can cause serious damages or disaster. To improve stability and reliability, this paper presents the implementation of the hardware verification system using the fault injection method in PC environment. This paper presents a verification platform that can verify hardware system reliably and effectively, through a process to generate faults as well as insert input signals into the actual running system environment. The verification system is configured to connect a PC with a digital I/O card, and it can transmit or receive signals from the target system, as a verifier's intention. In addition, it can generate faults and inject them into the target system. And it can be monitored by displaying the received signals from the target system to the graphical wave signals. We can evaluate its reliability by analyzing the graphical wave signals. In this paper, the proposed verification system has been applied to the FPGA firmware of a nuclear power plant control system. As a result, we found its usefulness and reliability.

Fault Injection Based Indirect Interaction Testing Approach for Embedded System (임베디드 시스템의 결함 주입 기반 간접 상호작용 테스팅 기법)

  • Hossain, Muhammad Iqbal;Lee, Woo Jin
    • KIPS Transactions on Software and Data Engineering
    • /
    • v.6 no.9
    • /
    • pp.419-428
    • /
    • 2017
  • In an embedded system, modules exchange data by interacting among themselves. Exchanging erroneous resource data among modules may lead to execution errors. The interacting resources produce dependencies between the two modules where any change of the resources by one module affects the functionality of another module. Several investigations of the embedded systems show that interaction faults between the modules are one of the major cause of critical software failure. Therefore, interaction testing is an essential phase for reducing the interaction faults and minimizing the risk. The direct and indirect interactions between the modules generate interaction faults. The direct interaction is the explicit call relation between the modules, and the indirect interaction is the remaining relation that is made underneath the interface that possesses data dependence relationship with resources. In this paper, we investigate the errors that are based on the indirect interaction between modules and introduce a new test criterion for identifying the errors that are undetectable by existing approaches at the integration level. We propose a novel approach for generating the interaction model using the indirect interaction pattern and design test criteria that are based on different interaction errors to generate test cases. Finally, we use the fault injection technique to evaluate the feasibility and effectiveness of our approach.

A Study on Validation Testing for Input Files of MS Word-Processor (MS 워드프로세서의 입력 파일에 대한 유효성 테스팅 방법에 관한 연구)

  • Yun, Young-Min;Choi, Jong-Cheon;Yoo, Hae-Young;Cho, Seong-Je
    • The KIPS Transactions:PartC
    • /
    • v.14C no.4
    • /
    • pp.313-320
    • /
    • 2007
  • In this paper, we propose a method to analyze security vulnerabilities of MS word-processor by checking the validation of its input files. That is, this study is to detect some vulnerabilities in the input file of the word processor by analyzing the header information of its input file. This validation test can not be conducted by the existing software fault injection tools including Holodeck and CANVAS. The proposed method can be also applied to identify the input file vulnerabilities of Hangul and Microsoft Excel which handle a data file with a header as an input. Moreover, our method can provide a means for assessing the fault tolerance and trustworthiness of the target software.