مرکز منطقه ای اطلاع رساني علوم و فناوري - Protocol Security Testing with SPIN and TTCN-3

DocumentCode :

2303444

Title :

Protocol Security Testing with SPIN and TTCN-3

Author :

Zhou, Li ; Yin, Xia ; Wang, Zhiliang

Author_Institution :

Tsinghua Nat. Lab. for Inf. Sci. & Technol., Beijing, China

fYear :

2011

fDate :

21-25 March 2011

Firstpage :

511

Lastpage :

519

Abstract :

Protocol security testing is an important technique to ensure the security of communication protocols. However, methods considering both effective detection to specification vulnerabilities and efficient testing on protocol implementations are not well developed. In this paper, we present a general method for protocol security testing including protocol verification with SPIN model checker and protocol testing with formal testing language TTCN-3. We use threat model to model malicious entities and import the classification of information security to achieve a complete analysis of security requirements for protocol verification. We also develop a SPIN Trail to TTCN-3(st2ttcn) conversion tool to generate test cases automatically from counter examples obtained from model checking. As a case study, we apply our approach to the security testing of Source Address Validation Improvements (SAVI) protocol. We test two versions of SAVI-DHCP protocol. Security vulnerabilities have been found and tested in corresponding implementations.

Keywords :

formal specification; program testing; programming languages; protocols; security of data; SAVI-DHCP protocol; SPIN model checker; TTCN-3; automatic test case generation; communication protocol; formal testing language; information security; malicious entity model; protocol security testing; protocol verification; security requirement; security vulnerability; source address validation improvement; specification vulnerability; testing and test control notation; threat model; Analytical models; IP networks; Protocols; Radiation detectors; Security; Switches; Testing; TTCN-3; model checking; protocol security testing;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Software Testing, Verification and Validation Workshops (ICSTW), 2011 IEEE Fourth International Conference on

Conference_Location :

Berlin

Print_ISBN :

978-1-4577-0019-4

Electronic_ISBN :

978-0-7695-4345-1

Type :

conf

DOI :

10.1109/ICSTW.2011.18

Filename :

5954456

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2303444