Protection of Systems Against Fuzzing Attacks

  • Léopold OuairyEmail author
  • Hélène Le-Bouder
  • Jean-Louis Lanet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11358)


A fuzzing attack enables an attacker to gain access to restricted resources by exploiting a wrong specification implementation. Fuzzing attack consists in sending commands with parameters out of their specification range. This study aims at protecting Java Card applets against such attacks. To do this, we detect prior to deployment an unexpected behavior of the application without any knowledge of its specification. Our approach is not based on a fuzzing technique. It relies on a static analysis method and uses an unsupervised machine-learning algorithm on source codes. For this purpose, we have designed a front end tool fetchVuln that helps the developer to detect wrong implementations. It relies on a back end tool Chucky-ng which we have adapted for Java. In order to validate the approach, we have designed a mutant applet generator based on LittleDarwin. The tool chain has successfully detected the expected missing checks in the mutant applets. We evaluate then the tool chain by analyzing five applets which implement the OpenPGP specification. Our tool has discovered both vulnerabilities and optimization problems. These points are then explained and corrected.


Unsupervised machine-learning k-Nearest-Neighbors Vulnerability detection Fuzzing attacks Java Card Chucky 

Supplementary material


  1. 1.
    OWASP enterprise security API (2009)Google Scholar
  2. 2.
    Burdy, L., Requet, A., Lanet, J.-L.: Java applet correctness: a developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003). Scholar
  3. 3.
    Jones, C.: Systematic Software Development Using VDM, vol. 2. Prentice-Hall, Englewood Cliffs (1986)zbMATHGoogle Scholar
  4. 4.
    Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: a static analysis tool for detecting web application vulnerabilities. In: IEEE Symposium on Security and Privacy (2006)Google Scholar
  5. 5.
    Kamel, N.: Sécurité des cartes à puce à serveur web embarqué. Ph.D. thesis, Université of Limoges (2012)Google Scholar
  6. 6.
    Kuhn, A., Ducasse, S., Girba, T.: Semantic clustering: identifying topics in source codeGoogle Scholar
  7. 7.
    Luckow, K., et al.: JDart: a dynamic symbolic analysis frameworkGoogle Scholar
  8. 8.
    Maier, A.: Assisted discovery of vulnerabilities in source code by analyzing program slicesGoogle Scholar
  9. 9.
    OWASP: Xss (cross site scripting) prevention cheat sheet.
  10. 10.
    Parsai, A., Demeyer, S., Murgia, A.: LittleDarwin: a feature-rich and extensible mutation testing framework for large and complex Java systemsGoogle Scholar
  11. 11.
    Pietig, A.: Functional specification of the OpenPGP application on ISO smart card operating systemsGoogle Scholar
  12. 12.
  13. 13.
    Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text miningGoogle Scholar
  14. 14.
    Spivey, J.: Understanding Z: A Specification Language and Its Semantics, vol. 3. Cambridge University Press, Cambridge (1988)zbMATHGoogle Scholar
  15. 15.
    Tairas, R., Gray, J.: Phoenix-based clons detection using suffix treesGoogle Scholar
  16. 16.
    Yamaguchi, F.: Joern.
  17. 17.
    Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discoveryGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Léopold Ouairy
    • 1
    Email author
  • Hélène Le-Bouder
    • 2
  • Jean-Louis Lanet
    • 1
  1. 1.INRIARennesFrance
  2. 2.IMT-AtlantiqueRennesFrance

Personalised recommendations