Document Type



This note describes a method of testing software for response to malicious data streams. Systems that process data streams obtained from an external source such as the Internet are vulnerable to security issues if malicious data is not processed correctly. This note describes a testing method that creates malicious data streams, applies them to a software application and checks the appropriateness of the application response. The note begins with a description of the problem: inadequate testing of software response to malicious data streams. I present a method of testing the response to malicious data streams and introduce the concepts of lexical, syntactic and semantic data stream deformation. I provide a description of a system that produces and applies such tests. This description divides the testing system into components and provides some detail about each component. This system applied to Adobe® Acrobat® Reader® version 5.0.1 provides a case study. The study applied 141,306 unique test cases and revealed 11 distinct indications of buffer overrun, numerous program lock-ups, and four steganographic possibilities. Research is on-going in the following areas: generalized buffer overrun exploitation, maliciously testing protocols and testing with encoded or encrypted data streams.

Publication Date