On the Adequacy of Statecharts as a Source of Tests for Cryptographic Protocols

CC
COMPSAC
2008
2008 32nd Annual IEEE International Computer Software and Applications Conference
Abstract - On the Adequacy of Statecharts as a Source of Tests for Cryptographic Protocols

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by K. R. Jayaram Articles by Aditya P. Mathur

2008 32nd Annual IEEE International Computer Software and Applications Conference

July 28-August 01

ISBN: 978-0-7695-3262-2

	ASCII Text	x
	K. R. Jayaram, Aditya P. Mathur, "On the Adequacy of Statecharts as a Source of Tests for Cryptographic Protocols," Computer Software and Applications Conference, Annual International, pp. 937-942, 2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008.

	BibTex	x
	@article{ 10.1109/COMPSAC.2008.203, author = {K. R. Jayaram and Aditya P. Mathur}, title = {On the Adequacy of Statecharts as a Source of Tests for Cryptographic Protocols}, journal ={Computer Software and Applications Conference, Annual International}, volume = {0}, year = {2008}, issn = {0730-3157}, pages = {937-942}, doi = {http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2008.203}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Software and Applications Conference, Annual International TI - On the Adequacy of Statecharts as a Source of Tests for Cryptographic Protocols SN - 0730-3157 SP937 EP942 A1 - K. R. Jayaram, A1 - Aditya P. Mathur, PY - 2008 KW - Statechart KW - Security protocol KW - TLS protocol KW - MC/DC coverage KW - Security Vulnerability VL - 0 JA - Computer Software and Applications Conference, Annual International ER -

K. R. Jayaram

Aditya P. Mathur

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2008.203

The effectiveness of statecharts as a tool to express the desired behavior of security protocols and a source of tests for their implementations was investigated. Specifically, TLS protocol was modeled as a statechart and tests generated from its flattened version. The GnuTLS implementation of the protocol??was then tested against the generated tests.??The MC/DC coverage of different components of the implementation varied from 51% to 81%. A??"what if" analysis revealed that while some defects in the uncovered code will not lead to any security vulnerability due to in-built fault tolerance, others might lead to improper authentication, integrity failure, session hijacking,??denial of service, and loss of confidentiality. The analysis suggests that statecharts alone might not be an adequate tool as a source of tests for implementations of security protocols and that tests so generated must be augmented through other formal means such as random testing, stress testing, and code coverage analysis.

Index Terms:

Statechart, Security protocol, TLS protocol, MC/DC coverage, Security Vulnerability

Citation:

K. R. Jayaram, Aditya P. Mathur, "On the Adequacy of Statecharts as a Source of Tests for Cryptographic Protocols," compsac, pp.937-942, 2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.