Aim and approach
The IntelliSecTest project will combine the commonly used techniques of static analysis and dynamic analysis in order to allow for more comprehensive testing. Both procedures individually pose problems: With the static analysis, the source code of the test system is checked for possible vulnerabilities. However, this is also accompanied by the occurrence of false-positive results, i. e. errors and security holes are reported where there actually are none. In contrast, dynamic testing – the testing of running systems using predefined inputs, often produces false-negative results, i. e. errors are overlooked. Within the IntelliSecTest project, the two procedures are going to be combined: The results of an initial static test are subsequently checked and further developed in the second step of dynamic testing. The obtained test results are now made available to the static analysis in order to identify further possible weaknesses, which are then checked again. This circle is then repeated until a predefined termination condition – e.g. no newly detected vulnerabilities for a number of repetitions of cycles - is reached. Within the scope of the project, the process is to be extended by artificial intelligence methods in order to further optimize dynamic testing in particular.
The developed procedure will be implemented in the context of a user-friendly tool, also allowing non-experts to benefit from this tool through the intuitive presentation of the analyses. With its expertise in the area of dynamic testing, Fraunhofer FOKUS is going to contribute mainly to this part of the project. The FOKUS fuzzing tool Fuzzino is going to be used and further developed. Fuzzino allows the detection of unknown security holes by confronting the test system with random, invalid, or unexpected inputs.
Project partners and funding
IntelliSecTest is a research project, funded by an internal support program of the Fraunhofer Gesellschaft. The Fraunhofer Institute for Mechatronic Systems Designs (Fraunhofer IEM) is responsible for the project management. Besides Fraunhofer FOKUS, the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), as well as the Fraunhofer Institute for Applied and Integrated Security (AISEC) are involved. The project starts on 1 June, 2020 and runs for three years.