Integrating Mayhem With Simulink: How to Test Simulink Model Using Mayhem
In this blog post, we'll explore how Mayhem can be seamlessly integrated with Matlab's Simulink. Mayhem can be used to test Simulink models and create more secure applications.
Here's a summary of the steps to test your Simulink model using Mayhem:
- Generate C Code.
- Install Mayhem and configure testing parameters.
- Compile the code using your compiler of choice.
- Map inputs for testing.
- Mayhem automatically generates a suite of tests to ensure the security of your model or application.
To demonstrate this Simulink integration, we've prepared an example repository that showcases the process. Let's dive right in.
Generating C Code
There are a few files that we’ll look at throughout this process, the first being 'run_mcode.sh.' This script automates the process of building your Simulink model over the command line. Alternatively, you can use the MATLAB GUI to do this.
The Simulink model used in this example is simple, consisting of just one transfer function block.
If you want to generate C code on your own, you also have the option of using MATLAB's Embedded Coder app.
Installing Mayhem and Configuring Testing Parameters
Once you have your generated C code, the next step is to install Mayhem and configure Mayhem’s testing parameters using the 'Mayhemfile.yml.' This file allows us to specify various settings, such as the duration of testing (in this case, 90 seconds).
We're going to expose a couple of different things that we want to test, including exploitability factors, regression tests, behavior tests and coverage.
Generating and Compiling Code
With the configuration in place, we can start the testing process. Running the 'mcode.sh' script initiates the code generation and compilation.
So there are two stages here. Once we have the generated code from MATLAB, we're going to compile it using our compiler of choice. In this case, GCC. And then we're going to take that compiled code and stick it into a Docker image, which will be uploaded to Mayhem’s servers and ultimately tested.
Mapping Inputs for Testing
To effectively test our Simulink model with Mayhem, we need to map Mayhem's inputs to what the model accepts. A critical piece of this mapping is the 'main' file located in the resources folder.
This file acts as a test harness and performs two crucial functions:
- Reading data from a file generated by Mayhem as a test case and converting it into a signal compatible with Simulink.
- Reading the input values, converting them into a signal, and initializing the model.
Once the model's been initialized, we're going to send the values that are inside of the file one by one to simulate a signal coming in over the wire. And then finally, when we're done, we're going to terminate the model.
Viewing the Simulink Test Results
Once the testing is complete, Mayhem provides detailed results that can be accessed by clicking on the generated URL. These results include information about the test cases generated and the code paths explored during the testing process.
In this example, the application that we tested didn’t happen to have any vulnerabilities. But we can see what happened in the test results dashboard, including the test cases that were generated over time. Even though it was just a simple transfer function block, there's a lot of unique code paths that we were testing.
Test Your Simulink Models With Mayhem
Integrating Mayhem with MATLAB's Simulink can greatly enhance the security of your applications. By automating security testing and providing a comprehensive suite of tests, Mayhem simplifies the process of identifying vulnerabilities and ensuring the integrity of your Simulink models.
{{code-cta}}
Add Mayhem to Your DevSecOps for Free.
Get a full-featured 30 day free trial.