Skip to Main content Skip to Navigation
Journal articles

When Time Meets Test

Abstract : One of the main challenges in system's development is to give a proof of evidence that its func-tionalities are correctly implemented. This objective is mostly achieved via testing techniques, which include software testing to check whether a system meets its functionalities, or security testing to express what should not happen. For the latter case, fuzzing is considered as first class citizen. It consists in exercising the system with (randomly) generated and eventually modified inputs in order to test its resistance. While fuzzing is definitively the fastest and the easiest way for testing applications, it suffers from severe limitations. Indeed, the precision of the model used for input generation: a random and/or simple model cannot reach all states and significant values. Moreover, a higher model precision can result in a combinatorial explosion of test cases. In this paper, we suggest a new approach whose main ingredient is to combine timing attacks with fuzzing techniques. This new approach, which is dedicated to work on Java Card, allows not only reducing the test space explosion, but also to simplify the fuzzing process configuration. The technique has been implemented and we present the results obtained on two applets loaded in a Java Card.
Document type :
Journal articles
Complete list of metadata

Cited literature [31 references]  Display  Hide  Download
Contributor : Hélène Le Bouder Connect in order to contact the contributor
Submitted on : Tuesday, June 19, 2018 - 3:27:45 PM
Last modification on : Friday, August 5, 2022 - 2:54:52 PM
Long-term archiving on: : Monday, September 24, 2018 - 3:14:50 PM


Files produced by the author(s)



Jean-Louis Lanet, Hélène Le Bouder, Mohammed Benattou, Axel Legay. When Time Meets Test. International Journal of Information Security, Springer Verlag, 2017, pp.1-15. ⟨10.1007/s10207-017-0371-3⟩. ⟨hal-01818793⟩



Record views


Files downloads