System Security Assessment through Specification Mutations and Fault Injection

Numerous information security vulnerabilities exist in contemporary software products. The purpose of this paper is to present a practical approach for software security assessment based on fault injection. The approach has been introduced and applied in a real world case, Wireless Application Protocol gateways. The approach has been effective in systematically uncovering robustness problems in the components tested. The main impact is expected from early elimination of trivial vulnerabilities and elevated awareness in robustness problems and their security implications.