CEBIT 2018: Intelligent mass testing for greater IT security

(PresseBox) ( Saarbrücken, )
To find an unlocked car it is often enough to test several doors of cars parked in a car park. Cybercriminals take a similar approach by indiscriminately sending a program strings of letters, figures and special characters, hoping to find a security loophole. To pre-empt these activities, computer scientists at the CISPA Helmholtz Centre (i.G.), are developing software that does this more efficiently. Within minutes the software learns the input format and produces millions of valid program entries, automatically extracting the necessary knowledge from the programs. The researchers are presenting their latest tools at the CEBIT computer expo from 11 June in Hanover, stand F68 in hall 27.

"Modern programs can very quickly generate a huge number of tests. But the wheat is separated from the chaff when it comes to generating valid entries that penetrate deeply into the target program", explains Professor Andreas Zeller, who teaches software engineering at the University of Saarland and carries out research at the CISPA Helmholtz Centre.

He has therefore developed the "Autogram" program together with his PhD students. This automatically identifies the rules that must apply to inputs to ensure they are accepted as being valid. The computer scientists refer to these rules collectively as "context-free grammar". These are in turn processed by "tribble", another piece of software produced by the computer scientists at Saarbrücken, and thus millions of random, but valid, inputs are generated for the software system under investigation. "This allows us to check the software system down to the very last detail", explains Zeller. The large number of tested entries considerably reduces the probability of overlooking a security loophole. In a global first, the test system from Saarbrücken only requires the program being tested in order to perform its work, while the competition is dependent upon comprehensive example entries.

"Our Autogram and tribble tools point to a future in which fully automated testing for security loopholes is possible for every program that processes input data", says Zeller. In 2012 during his professorial chair, Zeller had already presented the grammar-based "Langfuzz" test generator for the JavaScript programming language. He is engaged on a daily basis with companies such as Mozilla and Google and has uncovered several thousand errors and security loopholes in the Firefox and Chrome web browsers.

Background: Saarland Informatics Campus (SIC)

1,800 students from 81 nations are studying 15 computer-science-related courses across three established faculties at the Saarland Informatics Campus (SIC) of the University of Saarland. At two graduate schools and six globally respected research institutes more than 800 scientists are researching the entire spectrum of computer science related subjects and furthering progress particularly in IT security, artificial intelligence, visual computing, bioinformatics and the semantic web – from the fundamentals right through to innovative applications. The SIC cooperates with international groups such as Google, Microsoft and Facebook, promotes a large number of business start-ups with its IT incubator (ITI) and acts as a driver for further developments through industrial, research and development laboratories. The overall potential of the site is leveraged in order to take advantage of scientific publications, prizes, patent applications and technological innovations. Thanks to the excellent levels of expertise and competitiveness, joint success at the Saarland Informatics Campus is guaranteed.
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an service@pressebox.de.