SCL: a language for security testing of network applications

Authors:
Sylvain Marquis;Thomas R. Dean;Scott Knight
Affiliations:
Royal Military College of Canada, Kingston, Canada;Queen's University, Kingston, Canada;Royal Military College of Canada, Kingston, Canada
Venue:
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
Year:
2005

Citing 6
Cited 8

Software testing techniques (2nd ed.)

Software testing techniques (2nd ed.)
Elements of network protocol design

Elements of network protocol design
ASN.1: communication between heterogeneous systems

ASN.1: communication between heterogeneous systems
System Security Assessment through Specification Mutations and Fault Injection

Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security Issues of the New Century
Using Design Recovery Techniques to Transform Legacy Systems

ICSM '01 Proceedings of the IEEE International Conference on Software Maintenance (ICSM'01)
Integrated TCP/IP Protocol Software Testing for Vulnerability Detection

ICCNMC '03 Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing

An empirical study of the robustness of MacOS applications using random testing

Proceedings of the 1st international workshop on Random testing
Packet decoding using context sensitive parsing

CASCON '06 Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research
A lightweight approach to state based security testing

CASCON '06 Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research
An empirical study of the robustness of MacOS applications using random testing

ACM SIGOPS Operating Systems Review
Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
An empirical evaluation of a language-based security testing technique

CASCON '09 Proceedings of the 2009 Conference of the Center for Advanced Studies on Collaborative Research
Network protocol discovery and analysis via live interaction

EvoApplications'12 Proceedings of the 2012t European conference on Applications of Evolutionary Computation
SETER: Towards Architecture-Model Based Security Engineering

International Journal of Secure Software Engineering

Quantified Score

Hi-index	0.01

Visualization

Abstract

Security of network applications has become increasingly important in the past several years. Syntax-based testing is a black box, data driven testing technique, for applications for which input can be described formally. SCL is a component of Protocol Tester, a project at RMC and Queen's, that uses syntax-based testing to evaluate the security of network applications. As a language, SCL can describe the syntax and the semantic constraints of a given protocol, constraints that pertain to the testing of network application security. This paper describes how SCL captures the input syntax of a network application including both syntax and semantic constraints. Standard reverse engineering and program comprehension techniques are used to extract a detailed model from the description. This model can be used to automate the selection and generation of test cases in Protocol Tester.