Abstract
This note describes a method of testing software for response to malicious data streams. Systems that process data streams obtained from an external source such as the Internet are vulnerable to security issues if malicious data is not processed correctly. This note describes a testing method that creates malicious data streams, applies them to a software application and checks the appropriateness of the application response.The note begins with a description of the problem: inade-quate testing of software response to malicious data streams. I present a method of testing the response to malicious data streams and introduce the concepts of lexical, syntactic and semantic data stream deformation. I provide a description of a system that produces and applies such tests. This descrip-tion divides the testing system into components and provides some detail about each component. This system applied to Adobe Acrobat Reader version 5.0.1 provides a case study. The study applied 141,306 unique test cases and revealed 11 distinct indications of buffer overrun, numerous program lock-ups, and four steganographic possibilities.Research is on-going in the following areas: generalized buffer overrun exploitation, maliciously testing protocols and testing with encoded or encrypted data streams.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
