ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A lightweight approach to state based security testing
Full text HtmlHtml (1 KB),  PdfPdf (125 KB)
Source IBM Centre for Advanced Studies Conference archive
Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research table of contents
Toronto, Ontario, Canada
SESSION: K table of contents
Article No. 28  
Year of Publication: 2006
Authors
Songtao Zhang  Queen's University
Thomas Dean  Queen's University
Scott Knight  Royal Military College of Canada
Sponsors
: IBM Toronto Lab
: CAS
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 44,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1188966.1189004
What is a DOI?

ABSTRACT

State based protocols are protocols in which the handling of one message depends on the contents of previous messages. Testing such protocols, for security or for other purposes usually means specifying the state space of the protocol in some manner. This paper introduces a novel method of using an existing client to explore the state space. The messages exchanged between the client and test system are captured and mutated. To send the mutated test messages, the previous messages must be resent. Constraints expressed in an extended version of the Security Constraints Language are used to automatically derive the data dependencies between the messages.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Apple Computer, Inc. Apple Filing Protocol Programming Guide Version 3.2
 
2
Boris Beizer, Software testing techniques (2nd ed.), Van Nostrand Reinhold Co., New York, NY, 1990
 
3
J. R. Cordy, "TXL - A Language for Programming Language Tools and Applications", Proc. LDTA 2004, ACM 4th International Workshop on Language Descriptions, Tools and Applications, Edinburg, Scotland, January 2005, pp. 3--31
 
4
Dean, T. R. Knight, G. S. N, "Applying Software Transformation Techniques to Security Testing", International Workshop on Software Evolution and Transformation, Delft, Netherlands, November 2004, pp 49--52
 
5
Olivier Dubuisson , Philippe Fouquart, ASN.1: communication between heterogeneous systems, Morgan Kaufmann Publishers Inc., San Francisco, CA, 2001
 
6
Holt R., TA: The Tuple Attribute Language, Department of Computer Science, University of Waterloo, July 2002 http://plg.uwaterloo.ca/~holt/papers/ta-intro.htm last accessed Aug 10, 2006.
 
7
Holt, R., Introduction to the Grok Language, 5 May 2002 http://plg.uwaterloo.ca/~holt/papers/grok-intro.doc, accessed Aug 10, 2006
 
8
Kaksonen, R. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). Espoo. Technical Research Centre of Finland, VTT Publications 447. ISBN 951-38-5873-1
 
9
D. Lee, K. Sabnani, D. Kristol, and S. Paul, "Conformance Testing of Protocols Specified as Communicating Finite State Machines - A Guided Random Walk Based Approach," IEEE Transactions on Communications vol. 44, no. 5, pp. 631--640, 1996.
 
10
D. Lee and M. Yannakakis, "Principles and Methods of Testing Finite State Machines - A Survey," Proceedings of The IEEE, vol. 84, no.8, pp. 1090--1123.
 
11
Sylvain Marquis , Thomas R. Dean , Scott Knight, SCL: a language for security testing of network applications, Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research, p.155-164, October 17-20, 2005, Toranto, Ontario, Canada
 
12
Open Group, The, Protocols for X/Open PC Interworking: SMB, Version 2, ISBN 1-872630-45-6, October 1992.
 
13
SNORT web site at http://www.snort.org, accessed Aug 10, 2006.
 
14
Shu Xiao , Sheng Li , Xiangrong Wang , Lijun Deng, Fault-oriented Software Robustness Assessment for Multicast Protocols, Proceedings of the Second IEEE International Symposium on Network Computing and Applications, p.223, April 16-18, 2003

INDEX TERMS

Primary Classification:
  E. Data
  E.4 CODING AND INFORMATION THEORY


General Terms:
Security

Collaborative Colleagues:
Songtao Zhang: colleagues
Thomas Dean: colleagues
Scott Knight: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player