학술논문
A Model-based Approach to the Security Testing of Network Protocol Implementations
Document Type
Conference
Author
Source
Proceedings. 2006 31st IEEE Conference on Local Computer Networks Local Computer Networks, Proceedings 2006 31st IEEE Conference on. :1008-1015 Nov, 2006
Subject
Language
ISSN
0742-1303
Abstract
Software is inherently buggy and those defects can lead to security breaches in applications. For more than a decade, buffer overflows have been the most common bugs found "in the wild" and they often lead to critical security issues. Several techniques have been developed to defend against these types of security flaws, all with different rates of success. In this paper, we present a systematic approach for the automated testing of network protocol server implementations. The technique is based on established black-box testing methods (such as finite-state model-based testing and fault-injection) enhanced by the generation of intelligent, semantic-aware test cases that provide a more complete coverage of the code space. We also demonstrate the use of a model-based testing tool that can reliably detect vulnerabilities in server applications.