Title :
A Model-based Approach to the Security Testing of Network Protocol Implementations
Author :
Allen, William H. ; Dou, Chin ; Marin, Gerald A.
Author_Institution :
Dept. of Comput. Sci., Florida Inst. of Technol., Melbourne, FL
Abstract :
Software is inherently buggy and those defects can lead to security breaches in applications. For more than a decade, buffer overflows have been the most common bugs found "in the wild" and they often lead to critical security issues. Several techniques have been developed to defend against these types of security flaws, all with different rates of success. In this paper, we present a systematic approach for the automated testing of network protocol server implementations. The technique is based on established black-box testing methods (such as finite-state model-based testing and fault-injection) enhanced by the generation of intelligent, semantic-aware test cases that provide a more complete coverage of the code space. We also demonstrate the use of a model-based testing tool that can reliably detect vulnerabilities in server applications
Keywords :
network servers; program testing; protocols; software fault tolerance; black-box testing; buffer overflow; fault-injection; finite-state model-based testing; model-based testing tool; network protocol server; security flaw; security testing; Application software; Automatic testing; Buffer overflow; Computer security; Network servers; Protocols; Software testing; System testing; Test pattern generators; Web server;
Conference_Titel :
Local Computer Networks, Proceedings 2006 31st IEEE Conference on
Conference_Location :
Tampa, FL
Print_ISBN :
1-4244-0418-5
Electronic_ISBN :
0742-1303
DOI :
10.1109/LCN.2006.322216
