Title :
Using Behavioral Profiles to Detect Software Flaws in Network Servers
Author :
Antunes, João ; Neves, Nuno Ferreira
Author_Institution :
Fac. of Sci., Univ. of Lisboa, Lisbon, Portugal
fDate :
Nov. 29 2011-Dec. 2 2011
Abstract :
Some software faults, namely security vulnerabilities, tend to elude conventional testing methods. Since the effects of these faults may not be immediately perceived nor have a direct impact on the server´s execution (e.g., a crash), they can remain hidden even if exercised by the test cases. Our detection approach consists in inferring a behavioral profile of a network server that models its correct execution by combining information about the implemented state machine protocol and the server´s internal execution. Flaws are automatically detected if the server´s behavior deviates from the profile while processing the test cases. This approach was implemented in a tool, which was used to analyze several FTP vulnerabilities, showing that it can effectively find various kinds of flaws.
Keywords :
distributed processing; finite state machines; program diagnostics; program testing; protocols; security of data; software fault tolerance; FTP vulnerabilities; behavioral profiles; distributed systems; network servers; security vulnerabilities; software faults; software flaw detection; state machine protocol; testing methods; Automata; Data models; Monitoring; Network servers; Protocols; Servers; Testing; Behavior Inference; Behavioral Profile; Network Security; Vulnerability Discovery;
Conference_Titel :
Software Reliability Engineering (ISSRE), 2011 IEEE 22nd International Symposium on
Conference_Location :
Hiroshima
Print_ISBN :
978-1-4577-2060-4
DOI :
10.1109/ISSRE.2011.35
