| Title | Learning-Based Fuzzing of IoT Message Brokers |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Aichernig, Bernhard K., Muškardin, Edi, Pferscher, Andrea |
| Conference Name | 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST) |
| Date Published | apr |
| Keywords | active automata learning, Collaboration, composability, conformance testing, fuzzing, IoT, learning automata, Manuals, middleware security, model inference, MQTT, policy-based governance, Protocols, pubcrawl, security, Software algorithms, Software systems, stateful fuzzing |
| Abstract | The number of devices in the Internet of Things (IoT) immensely grew in recent years. A frequent challenge in the assurance of the dependability of IoT systems is that components of the system appear as a black box. This paper presents a semi-automatic testing methodology for black-box systems that combines automata learning and fuzz testing. Our testing technique uses stateful fuzzing based on a model that is automatically inferred by automata learning. Applying this technique, we can simultaneously test multiple implementations for unexpected behavior and possible security vulnerabilities.We show the effectiveness of our learning-based fuzzing technique in a case study on the MQTT protocol. MQTT is a widely used publish/subscribe protocol in the IoT. Our case study reveals several inconsistencies between five different MQTT brokers. The found inconsistencies expose possible security vulnerabilities and violations of the MQTT specification. |
| DOI | 10.1109/ICST49551.2021.00017 |
| Citation Key | aichernig_learning-based_2021 |
Learning-Based Fuzzing of IoT Message Brokers