DocumentCode :
2303444
Title :
Protocol Security Testing with SPIN and TTCN-3
Author :
Zhou, Li ; Yin, Xia ; Wang, Zhiliang
Author_Institution :
Tsinghua Nat. Lab. for Inf. Sci. & Technol., Beijing, China
fYear :
2011
fDate :
21-25 March 2011
Firstpage :
511
Lastpage :
519
Abstract :
Protocol security testing is an important technique to ensure the security of communication protocols. However, methods considering both effective detection to specification vulnerabilities and efficient testing on protocol implementations are not well developed. In this paper, we present a general method for protocol security testing including protocol verification with SPIN model checker and protocol testing with formal testing language TTCN-3. We use threat model to model malicious entities and import the classification of information security to achieve a complete analysis of security requirements for protocol verification. We also develop a SPIN Trail to TTCN-3(st2ttcn) conversion tool to generate test cases automatically from counter examples obtained from model checking. As a case study, we apply our approach to the security testing of Source Address Validation Improvements (SAVI) protocol. We test two versions of SAVI-DHCP protocol. Security vulnerabilities have been found and tested in corresponding implementations.
Keywords :
formal specification; program testing; programming languages; protocols; security of data; SAVI-DHCP protocol; SPIN model checker; TTCN-3; automatic test case generation; communication protocol; formal testing language; information security; malicious entity model; protocol security testing; protocol verification; security requirement; security vulnerability; source address validation improvement; specification vulnerability; testing and test control notation; threat model; Analytical models; IP networks; Protocols; Radiation detectors; Security; Switches; Testing; TTCN-3; model checking; protocol security testing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Software Testing, Verification and Validation Workshops (ICSTW), 2011 IEEE Fourth International Conference on
Conference_Location :
Berlin
Print_ISBN :
978-1-4577-0019-4
Electronic_ISBN :
978-0-7695-4345-1
Type :
conf
DOI :
10.1109/ICSTW.2011.18
Filename :
5954456
Link To Document :
بازگشت