A Model-based Approach to the Security Testing of Network Protocol Implementations

Author

Allen, William H. ; Dou, Chin ; Marin, Gerald A.

Author_Institution

Dept. of Comput. Sci., Florida Inst. of Technol., Melbourne, FL

fYear

2006

Firstpage

1008

Lastpage

1015

Abstract

Software is inherently buggy and those defects can lead to security breaches in applications. For more than a decade, buffer overflows have been the most common bugs found "in the wild" and they often lead to critical security issues. Several techniques have been developed to defend against these types of security flaws, all with different rates of success. In this paper, we present a systematic approach for the automated testing of network protocol server implementations. The technique is based on established black-box testing methods (such as finite-state model-based testing and fault-injection) enhanced by the generation of intelligent, semantic-aware test cases that provide a more complete coverage of the code space. We also demonstrate the use of a model-based testing tool that can reliably detect vulnerabilities in server applications

Keywords

network servers; program testing; protocols; software fault tolerance; black-box testing; buffer overflow; fault-injection; finite-state model-based testing; model-based testing tool; network protocol server; security flaw; security testing; Application software; Automatic testing; Buffer overflow; Computer security; Network servers; Protocols; Software testing; System testing; Test pattern generators; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Local Computer Networks, Proceedings 2006 31st IEEE Conference on

Conference_Location

Tampa, FL

ISSN

0742-1303

Print_ISBN

1-4244-0418-5

Electronic_ISBN

0742-1303

Type

conf

DOI

10.1109/LCN.2006.322216

Filename

4116693