SCL: a language for security testing of network applications
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
An empirical study of the robustness of MacOS applications using random testing
Proceedings of the 1st international workshop on Random testing
An empirical study of the robustness of MacOS applications using random testing
ACM SIGOPS Operating Systems Review
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A Formal Approach to Robustness Testing of Network Protocol
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
An empirical evaluation of a language-based security testing technique
CASCON '09 Proceedings of the 2009 Conference of the Center for Advanced Studies on Collaborative Research
Network protocol discovery and analysis via live interaction
EvoApplications'12 Proceedings of the 2012t European conference on Applications of Evolutionary Computation
Hi-index | 0.00 |
Many security holes stem from the defects in network protocol implementations. This paper presents an industry best practice of integrated TCP/IP network protocol testing that targets software robustness vulnerabilities. The deployed test system consists of a versatile test engine, a protocol data unit generator and a few auxiliary tools. The specially designed kernel test engine supporting IP/TCP/UDP as carrier protocols drives predefined fault-injected PDUs to the network unit under test. Its novel callback mechanism and virtual network device connection capability cost-effectively enhance user controlled testing intelligence for verifyingprotocols with complicated state transitions. The PDU generator aims to provide a systematic solution for rapid testcase creation, which is based on new Strengthened BNF language for protocol specification mutation and fault injection. Established on this system, we propose anintegrated industry test environment for network protocol code assessment. Initial experiments and case studies with multicast protocols unveiled several robustness violations, which have significant security impacts.