Fuzzing Java-Implementations of Medical Protocols


Supervision: Dominik Noß

More details:


Software in the medical sector is part of the critical infrastructure. Vulnerabilities pose a threat for the operation in clinics and medical centers, which can result in physical harm to patients.

Goal of this thesis:
  • Survey existing fuzzers and the fuzzing strategies they use. Evaluate efficiency of different fuzzers and fuzzing strategies in application to HL7 implementations such as Mirth connect
  • Find software bugs and responsibly report them to the creator

The fuzzing and the consequential fixing of bugs shall improve stability of the software and prevent their use for attacks on the medical sector.

Java Fuzzing:

Overview: https://en.wikipedia.org/wiki/Health_Level_7

All relevant standards. Registration is required, but disposable email addresses work fine. Start with “HL7 Version 2.9 Messaging Standard”: http://www.hl7.org/implement/standards/product_brief.cfm?product_id=185

HL7 Browser (to fiddle with HL7 Messages): http://www.nule.org/?page_id=62

Mirth Connect HL7 Server: https://www.nextgen.com/products-and-services/nextgen-connect-integration-engine-downloads