mirror of
https://sharelatex.tu-darmstadt.de/git/681e0e7a3a9c7c9c6b8bb298
synced 2025-12-07 13:18:00 +00:00
Update on Overleaf.
This commit is contained in:
nb72soza Bittner
@@ -269,6 +269,141 @@ The \gls{smdpp} client is primarily used by the \gls{isdr} application to execut
|
||||
% problem: if error occurs we need to restart scenario due to statefulness of euicc and its protocols -> high overhead just for restoring state of euicc
|
||||
%
|
||||
|
||||
% key components are the mutation engine and the operation recorder
|
||||
% mutation engine: mutate a given apdu
|
||||
% operation recorder: records mutation and responses, and takes care of the tree structure
|
||||
% scenario runner executes all scenarios on a given euicc
|
||||
% for each scenario the scenario runner initates a pcsc link with the card and resets the card (processes all notifications, euicc memory reset with all options set)
|
||||
% runs all operations defined in the scenario -> operations invoke euicc commands
|
||||
% euicc commands are called with the send_apdu_with_mutation function -> handles apdu transmission and mutation aswell as recording of data
|
||||
|
||||
% apdu mutation workflow
|
||||
% 1. mutation selection
|
||||
% operation recorder handles recording and the tree structure
|
||||
% operation recorder returns next mutation type to choose
|
||||
% reason: we want to try every mutation for a function but when all are tried check if any of the child nodes have not tried mutations, if child node has not tried mutation: perform mutation so we get to the child node
|
||||
|
||||
% to determine the next mutation: Traverses or expands a mutation tree to decide which mutation to try next.
|
||||
% Each function call (e.g., get_euicc_info_1) becomes a node in the mutation tree.
|
||||
% If untried mutations exist for the current node: Create and move to a new child node with the selected mutation type.
|
||||
% If all mutations are tried: Traverse children to find another node to explore.
|
||||
|
||||
% 2. apdu mutation
|
||||
% selected mutation is applied to the original apdu with the mutation engine
|
||||
% 3. apdu transmission
|
||||
% mutated apdu is send to card
|
||||
% if successful: response is recorded and current node marked as success
|
||||
% if error occured: error is recorded and current node is marked as failed -> no child nodes will be explored
|
||||
% 4. recording mutation
|
||||
|
||||
% error handling and retry logic
|
||||
% errors and exceptions during the scenario execution are handled
|
||||
% runner logs failure to the current node
|
||||
% reset card (process all notifications and perform euicc memory reset with all options set) and mutation engine
|
||||
% check if the card still has any untried mutations or if its fully explored -> continue with scenario or switch to new one
|
||||
|
||||
% saving recording
|
||||
% recordings are saved for response comparison between the cards and also for euicc that might be released in the future
|
||||
% use python pickle to store the whole mutation tree as a ".resim" file
|
||||
% afterwards: clear the recorder, reset the link, reset card -> continue with next scenario
|
||||
|
||||
\begin{tikzpicture}[
|
||||
level distance=3cm,
|
||||
sibling distance=5cm,
|
||||
edge from parent/.style={->, thick, draw},
|
||||
mutation node/.style={rectangle, draw, rounded corners, minimum width=3.5cm, minimum height=1cm, align=center, fill=blue!10},
|
||||
success node/.style={rectangle, draw, rounded corners, minimum width=3.5cm, minimum height=1cm, align=center, fill=green!20, text=black},
|
||||
failure node/.style={rectangle, draw, rounded corners, minimum width=3.5cm, minimum height=1cm, align=center, fill=red!20, text=black},
|
||||
]
|
||||
|
||||
% Root node
|
||||
\node[mutation node] (root) {Root Node \\ func\_name: "root" \\ mutation: NONE}
|
||||
child { node[success node] (child1) {Mutation Node\\ func\_name: "get\_euicc\_info\_1" \\ mutation: BIT\_FLIP \\ Status: Success }
|
||||
child { node[success node] {Mutation Node\\
|
||||
func\_name: "list\_profiles" \\ mutation: NONE \\ Status: Success }}
|
||||
child { node[failure node] {Mutation Node\\
|
||||
func\_name: "list\_profiles" \\ mutation: RANDOM\_BYTE \\ Status: Failure} }
|
||||
child { node[failure node] {Mutation Node\\
|
||||
func\_name: "list\_profiles" \\ mutation: BIT\_FLIP \\ Status: Failure} }
|
||||
}
|
||||
child { node[failure node] (child2) {Mutation Node\\ func\_name: "get\_euicc\_info\_1" \\ mutation: RANDOM\_BYTE \\ Status: Failure }
|
||||
}
|
||||
child { node[failure node] (child3) {Mutation Node\\ func\_name: "get\_euicc\_info\_1" \\ mutation: NONE \\ Status: Failure}
|
||||
};
|
||||
|
||||
\end{tikzpicture}
|
||||
|
||||
\begin{tikzpicture}[
|
||||
node distance=0.8cm and 1.1cm,
|
||||
box/.style={draw, rounded corners, minimum width=3cm, minimum height=1cm, align=center},
|
||||
arrow/.style={-{Stealth}, thick},
|
||||
decision/.style={diamond, draw, aspect=2, align=center},
|
||||
io/.style={trapezium, trapezium left angle=70, trapezium right angle=110, draw, minimum width=2.5cm, align=center}
|
||||
]
|
||||
|
||||
% Nodes
|
||||
\node[box] (start) {record\_card():\\ Init PcscLink, Card, Recorder};
|
||||
\node[box, below=of start] (scenarioLoop) {For each Scenario\\ Instantiate and Run Scenario.run(card)};
|
||||
\node[box, below=of scenarioLoop] (isdrcall) {Card ISD-R command};
|
||||
|
||||
% Mutation engine path
|
||||
\node[decision, below=of isdrcall] (mutateQ) {Mutation Engine?};
|
||||
|
||||
\node[box, right=1.2cm of mutateQ] (originalAPDU) {Send original APDU};
|
||||
\node[box, left=1.2cm of mutateQ] (mutateAPDU) {Mutate APDU};
|
||||
|
||||
\node[box, below=of mutateQ] (sendAPDU) {Transmit APDU to card};
|
||||
\node[box, below=of sendAPDU] (record) {Record mutation result\\ in OperationRecorder};
|
||||
|
||||
% Error / reset path
|
||||
\node[decision, below=of record] (errorQ) {Exception during scenario?};
|
||||
\node[box, left=of errorQ] (logFail) {Log failure\\ in current mutation node};
|
||||
\node[box, below=of errorQ] (checkTree) {All mutations tried?};
|
||||
|
||||
\node[box, right=of checkTree] (repeatScenario) {Repeat Scenario};
|
||||
\node[box, below=of checkTree] (saveFile) {Save .resim file};
|
||||
\node[box, below=of saveFile] (clearReset) {Clear recorder,\\ Reset card};
|
||||
|
||||
% Arrows
|
||||
\draw[arrow] (start) -- (scenarioLoop);
|
||||
\draw[arrow] (scenarioLoop) -- (isdrcall);
|
||||
\draw[arrow] (isdrcall) -- (mutateQ);
|
||||
|
||||
\draw[arrow] (mutateQ) -- node[above] {No} (originalAPDU);
|
||||
\draw[arrow] (mutateQ) -- node[above] {Yes} (mutateAPDU);
|
||||
|
||||
\draw[arrow] (mutateAPDU) |- (sendAPDU);
|
||||
\draw[arrow] (originalAPDU) |- (sendAPDU);
|
||||
|
||||
\draw[arrow] (sendAPDU) -- (record);
|
||||
\draw[arrow] (record) -- (errorQ);
|
||||
|
||||
\draw[arrow] (errorQ) -- node[above] {Yes} (logFail);
|
||||
\draw[arrow] (logFail) |- (checkTree);
|
||||
|
||||
\draw[arrow] (errorQ) -- node[above] {No} (checkTree);
|
||||
|
||||
\draw[arrow] (checkTree) -- node[above] {No} (repeatScenario);
|
||||
\draw[arrow] (checkTree) -- node[right] {Yes} (saveFile);
|
||||
\draw[arrow] (saveFile) -- (clearReset);
|
||||
|
||||
\end{tikzpicture}
|
||||
|
||||
\begin{figure}
|
||||
\centering
|
||||
\input{Graphics/scenario_runner.tikz}
|
||||
\caption{Main Flow for the scenario runner}
|
||||
\label{fig:scenario_runner}
|
||||
\end{figure}
|
||||
|
||||
\begin{figure}
|
||||
\centering
|
||||
\input{Graphics/scenario_recorder.tikz}
|
||||
\caption{Recorder logic: mutation selection and recording}
|
||||
\label{fig:scenario_runner}
|
||||
\end{figure}
|
||||
|
||||
|
||||
\subsection{Data Fuzzing}
|
||||
\label{subsec:data_fuzzing}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user