Title | ||
---|---|---|
A model-based approach to security flaw detection of network protocol implementations |
Abstract | ||
---|---|---|
A lot of efforts have been devoted to the analysis of network protocol specification for reliability and security properties using formal techniques. However, faults can also be introduced during system implementation; it is indispensable to detect protocol implementation flaws, yet due to the black-box nature of protocol implementation and the unavailability of protocol specification most of the approaches resort to random or manual testing. In this paper we propose a model-based approach for security flaw detection of protocol implementation with a high fault coverage, measurability, and automation. Our approach first synthesizes an abstract behavioral model from a protocol implementation and then uses it to guide the testing process for detecting security and reliability flaws. For protocol specification synthesis we reduce the problem a trace minimization with a finite state machine model and an efficient algorithm is presented for state space reduction. Our method is implemented and applied to real network protocols. Guided by the synthesized model our testing tool reveals a number of unknown reliability and security issues by automatically crashing the implementations of the Microsoft MSN instant messaging (MSNIM) protocol. Analytical comparison between our model-based and prevalent syntax-based flaw detection schemes is also provided with the support of experimental results. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1109/ICNP.2008.4697030 | ICNP |
Keywords | Field | DocType |
security property,finite state machines,protocols,finite state machine,trace minimization,security flaw,telecommunication network reliability,network protocol implementation,state space reduction,and security flaw,security issue,protocol specification,protocol implementation flaw,computer networks,fuzz testing,microsoft msn instant messaging,network protocol specification,protocol implemen- tation,protocol implementation,reliability flaw,system implementation,real network protocol,telecommunication security,security flaw detection,fault coverage,model-based approach,abstract behavioral model,formal specification,formal model,index terms— formal model,protocol specification synthesis,behavior modeling,color,network protocol,reliability,security,testing | Fuzz testing,Fault coverage,Computer science,Manual testing,Computer network,Finite-state machine,Implementation,Formal specification,Universal composability,Communications protocol,Distributed computing,Embedded system | Conference |
ISSN | ISBN | Citations |
1092-1648 E-ISBN : 978-1-4244-2507-5 | 978-1-4244-2507-5 | 21 |
PageRank | References | Authors |
1.19 | 17 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yating Hsu | 1 | 21 | 1.19 |
Guoqiang Shu | 2 | 21 | 1.19 |
David Lee | 3 | 127 | 15.14 |