Annual Review 2010 > Centers

University-Business Innovation Center

Mizuo Kansen

Assistant Professor

Takanobu Watanabe

Assistant Lecturer

Refereed Proceedings Papers


Takanobu Watanabe, Zixue Cheng, Mizuo Kansen, and Masayuki Hisada. A New Security Testing Method for Detecting Flash Vulnerabilities by Generating Test Patterns. In 13th International Conference on NetworkBased Information Systems (NBiS 2010), pages 469-474, 2010.

Flash has a number of security defects even though Flash Player is installed on most of world's PC. Protection using sandbox has limitation to protect a user from vulnerabilities of Flash application because an attacker can attack a vulnerable Flash application when a sandbox can't work if an engineer or a web administrator set sandbox permission wrongly. Another way to solve it is testing. As a testing, penetration testing is useful for detecting vulnerability of Flash Application. Existing penetration testing performs penetration test through UI manually, which is inefficient and time consuming. In this paper, to overcome a problem of existing penetration test, we design a new penetration testing, which enables to generate as many test patterns as possible from VM inputs, inputting test patterns into VM, and checks the existence of vulnerabilities from VM outputs automatically. We demonstrate our testing method using an example, which can detect Flash Parameter Injection that is a one kind of vulnerability of Flash application.

Ph.D., Master and Graduation Theses


Sasada Kota. Graduation thesis, School of Computer Science and Engineering, March 2011.

Thesis Adviser: Mizuo Kansen