This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
27th International Conference on Distributed Computing Systems (ICDCS '07)
Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach
Toronto, Canada
June 25-June 27
ISBN: 0-7695-2837-3
Guoqiang Shu, Ohio State University
David Lee, Ohio State University
Security and reliability of network protocol implementations are essential for communication services. Most of the approaches for verifying security and reliability, such as formal validation and black-box testing, are limited to checking the specification or conformance of implementation. However, in practice, a protocol implementation may contain engineering details, which are not included in the system specification but may result in security flaws. We propose a new learning-based approach to systematically and automatically test protocol implementation security properties. Protocols are specified using Symbolic Parameterized Extended Finite State Machine (SP-EFSM) model, and an important security property - message confidentiality under the general Dolev-Yao attacker model - is investigated. The new testing approach applies black-box checking theory and a supervised learning algorithm to explore the structure of an implementation under test while simulating the teacher with a conformance test generation scheme. We present the testing procedure, analyze its complexity, and report experimental results.
Citation:
Guoqiang Shu, David Lee, "Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach," icdcs, pp.25, 27th International Conference on Distributed Computing Systems (ICDCS '07), 2007
Usage of this product signifies your acceptance of the Terms of Use.