OIOFuzz: A Guided Model-based Blackbox Fuzzer for OIORASP Schematron Validation
In this project we explored the potential for fuzzing OIORASP.OIORASP is an protocol for exchange of e-business documents and is an integral part of the Danish IT Infrastructure.The protocol uses the OIOUBL document standard for the documents sent.Fuzzing is an automatic test method where unexpected inputs are constructed and passed to the target program to observe if it trigger unexpected behavior.The target is narrowed in to the Schematron validation of the documents. We made OIOFuzz which is a prrof-of-concept implementation of a guided model-based blackbox fuzzer targeting OIORASP Schematron validation.OIOFuzz managed to find an error in the Schematron validation.Therefore we concluded that it is functional, but it also has room for improvement.
https://vbn.aau.dk/ws/files/538309774/cs_23_ds_10_06_master_thesis.pdf