Title | ||
---|---|---|
Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach |
Abstract | ||
---|---|---|
Security and reliability of network protocol implementations are essential for communication services. Most of the approaches for verifying security and reliability, such as formal validation and black-box testing, are limited to checking the specification or conformance of implementation. However, in practice, a protocol implementation may contain engineering details, which are not included in the system specification but may result in security flaws. We propose a new learning-based approach to systematically and automatically test protocol implementation security properties. Protocols are specified using symbolic parameterized extended finite state machine (SP-EFSM) model, and an important security property - message confidentiality under the general Dolev-Yao attacker model - is investigated. The new testing approach applies black-box checking theory and a supervised learning algorithm to explore the structure of an implementation under test while simulating the teacher with a conformance test generation scheme. We present the testing procedure, analyze its complexity, and report experimental results. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1109/ICDCS.2007.147 | ICDCS |
Keywords | Field | DocType |
protocols,network protocol security,security flaw,protocol implementation security property,conformance test generation scheme,learning (artificial intelligence),new testing approach,symbolic parameterized extended finite state machine model,network protocol implementation,testing,verifying security,network protocol implementation security property,black-box checking theory,protocol implementations,message confidentiality,protocol implementation,testing procedure,important security property,testing security properties,telecommunication security,machine learning,black-box testing,dolev-yao attacker model,network protocol reliability,supervised learning algorithm,security of data,supervised learning,automation,automata,extended finite state machine,learning artificial intelligence,black box testing,conformance testing,reliability engineering,system testing,network protocol | Parameterized complexity,Confidentiality,Computer science,Computer network,Extended finite-state machine,Implementation,Security properties,System requirements specification,Computer security model,Distributed computing,Communications protocol | Conference |
ISSN | ISBN | Citations |
1063-6927 E-ISBN : 0-7695-2837-3 | 0-7695-2837-3 | 30 |
PageRank | References | Authors |
1.25 | 22 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Guoqiang Shu | 1 | 72 | 6.15 |
David Lee | 2 | 195 | 21.40 |