Home » SHIELDS Tools

Flinder

Tool Details

Tool Name: Flinder
Tool Title Phrase: Automated security testing tool that discovers typical security-relevant programming bugs in software.
Current Version: 1.1
Description: Flinder is an automated security and robustness testing tool developed by SEARCH-LAB for detecting typical security-relevant programming bugs. By automatically executing a vast number of security and robustness tests, Flinder can greatly increase the overall security properties of a system, since it can detect most occurrences of certain types of typical security-relevant programming bugs causing a large amount of exploitable vulnerabilities.Flinder is a robust, easy-to-customise automated testing tool. The required flexibility and special test coverage are provided by algorithmically altering fields in valid messages and feeding the result to the target (deterministic fuzzing [10]). Flinder’s support for different message formats (XML, ASN.1 DER, binary) allows it to parse a large variety of files and messages; Flinder can also process encrypted and compressed messages. It generates test reports automatically, collecting them in an easy-to-navigate hypertext output file.
Architecture: The Figure below shows the main modules of the current version of Flinder, and the connections between them.

Following we present a brief summary of the Flinder modules and their roles in test runs:
  • A valid file or protocol message sent by the Input Generator, or an execution result or protocol reply sent by the Target of Evaluation (e.g. the executable of the application under test) is intercepted by the Capturer, which transforms it into a Binary Message Envelope (BIME).
  • The Parser transforms the BIME into an XML-based message in the Flinder Message Structure Description Language (MSDL) based on a generic description of the incoming message. This description is in the Flinder Message Format Description Language (MFDL) and is also an XML-based file.
  • The Protocol Logic analyses the message and updates its state machine according to the protocol’s description provided in the UML-standard XMI format.
  • The Test Logic module modifies certain fields in the MSDL message according to its transformation rules. These modifications are to uncover security-relevant programming bugs (such as integer overflows and buffer overflows).
  • After the MSDL message has been modified, the Serializer transforms it back into a BIME.
  • Finally, a Dispatcher delivers the modified raw message to the ToE or the IG, depending on the direction of the actual message. The Dispatcher can be generic, but it is typically tailored to the ToE and the IG.
  • Test case verdicts (the actual test results) are generated by the external Actuator module.
List of Features: Flinder is a robust, easy-to-customize automated test-generation, execution and result evaluation framework. The following core features provide the required flexibility and the special test coverage:
  • Fuzzing: Security-relevant test vectors are generated by manipulating correct input messages in a systematic way in order to test values that potentially induce security-relevant programming bugs.
  • Different message format support: Besides some natively supported formats (e.g. XML, ASN.1 DER), Flinder can parse arbitrary binary messages with the help of message format descriptions (MFDLs) specifying the structure and the encoding. Testers only need to provide these MFDL descriptions to Flinder to be able to execute security tests.
  • Reactively iterating test algorithms: Flinder can observe the ToE's reaction to the test vectors and generate the next test cases based on the responses received for the previous messages (e.g. a successively approximating test algorithm can be implemented this way).
  • Generic test plug-ins: For typical security-relevant programming bugs reusable test algorithms can be created, which can operate in the same way in both black-box and white-box modes.
  • Cryptographic and encoding support: Flinder can also handle (decode, modify and then re-encode) encrypted, digitally signed or compressed messages, which is unique feature in its category.
  • Protocol state machine: an internal state machine defined by a UML statechart tracks state transitions of complex protocols.
  • Automatic test report generation: The results of the executed tests are collected in an easy-to-navigate HTML output file.
Web site: http://www.flinder.hu
Contact information: László Szekeres, SEARCH-LAB Ltd
laszlo.szekeres@search-lab.hu
Other informations: SEARCH-LAB offers Flinder currently in an optimized portfolio:
  • Test vectors: SEARCH-LAB offers licensing raw test vectors as a cost-effective way of acquiring security testing capabilities for widely used common file-formats.
  • Testing services: as an upgrade to the test vectors, SEARCH-LAB also offers to carry out the security and robustness testing itself. In this case SEARCH-LAB creates a test framework, which can automatically create, dispatch, execute and assess the test cases, and this way carry out the resource-intensive testing. By outsourcing the testing tasks to SEARCH-LAB, our customers can reduce their costs by benefiting from our expertise and existing test environment.
  • Regression testing tools: Finally, SEARCH-LAB also offers its customers regression testing support – Flinder Test Re-run Tools can be licensed, with which our customers can re-build our test environment and execute the tests on their own. This way Flinder can efficiently be included in the regression testing framework of the development lifecycle.