AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


OIOFuzz: A Guided Model-based Blackbox Fuzzer for OIORASP Schematron Validation

Authors

;

Term

4. term

Education

Computer Science, Master

Publication year

2023

Submitted on

Pages

61

Abstract

I dette projekt undersøgte vi, om fuzzing kan styrke OIORASP, en protokol til udveksling af e-forretningsdokumenter, som er en integreret del af den danske it-infrastruktur og bruger OIOUBL-dokumentstandarden. Fuzzing er en automatisk testmetode, hvor man genererer uventede eller fejlformede input og sender dem ind i et system for at se, om det opfører sig uventet. Vi fokuserede på dokumenternes Schematron-validering (regler, der kontrollerer dokumenterne). Vi udviklede OIOFuzz, en proof-of-concept implementering af en styret, modelbaseret black-box fuzzer målrettet OIORASP's Schematron-validering. OIOFuzz fandt en fejl i Schematron-valideringen. Det viser, at tilgangen fungerer, men der er plads til forbedringer.

In this project, we examined whether fuzzing can strengthen OIORASP, a protocol used to exchange e-business documents in Denmark. OIORASP relies on the OIOUBL document standard and is an integral part of the Danish IT infrastructure. Fuzzing is an automated testing technique that generates unexpected or malformed inputs and feeds them to a system to see whether it behaves incorrectly. We focused on the Schematron validation of the documents (rules that check the documents). We built OIOFuzz, a proof-of-concept guided, model-based, black-box fuzzer targeting OIORASP's Schematron validation. OIOFuzz found an error in the Schematron validation, showing that the approach is functional, though it still has room for improvement.

[This summary has been rewritten with the help of AI based on the project's original abstract]

Keywords

Fuzzing

Documents

Download
View record in AAU Student Projects