Integrated TCP/IP Protocol Software Testing for Vulnerability Detection

Authors:
Shu Xiao;Lijun Deng;Sheng Li;Xiangrong Wang
Affiliations:
-;-;-;-
Venue:
ICCNMC '03 Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing
Year:
2003

Citing 0
Cited 7

SCL: a language for security testing of network applications

CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
An empirical study of the robustness of MacOS applications using random testing

Proceedings of the 1st international workshop on Random testing
An empirical study of the robustness of MacOS applications using random testing

ACM SIGOPS Operating Systems Review
Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A Formal Approach to Robustness Testing of Network Protocol

NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
An empirical evaluation of a language-based security testing technique

CASCON '09 Proceedings of the 2009 Conference of the Center for Advanced Studies on Collaborative Research
Network protocol discovery and analysis via live interaction

EvoApplications'12 Proceedings of the 2012t European conference on Applications of Evolutionary Computation

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many security holes stem from the defects in network protocol implementations. This paper presents an industry best practice of integrated TCP/IP network protocol testing that targets software robustness vulnerabilities. The deployed test system consists of a versatile test engine, a protocol data unit generator and a few auxiliary tools. The specially designed kernel test engine supporting IP/TCP/UDP as carrier protocols drives predefined fault-injected PDUs to the network unit under test. Its novel callback mechanism and virtual network device connection capability cost-effectively enhance user controlled testing intelligence for verifyingprotocols with complicated state transitions. The PDU generator aims to provide a systematic solution for rapid testcase creation, which is based on new Strengthened BNF language for protocol specification mutation and fault injection. Established on this system, we propose anintegrated industry test environment for network protocol code assessment. Initial experiments and case studies with multicast protocols unveiled several robustness violations, which have significant security impacts.