Results 11  20
of
56
A Modelbased Approach to Security Flaw Detection of Network Protocol Implementations
"... Abstract — A lot of efforts have been devoted to the analysis of network protocol specification for reliability and security properties using formal techniques. However, faults can also be introduced during system implementation; it is indispensable to detect protocol implementation flaws, yet due t ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
(Show Context)
Abstract — A lot of efforts have been devoted to the analysis of network protocol specification for reliability and security properties using formal techniques. However, faults can also be introduced during system implementation; it is indispensable to detect protocol implementation flaws, yet due to the blackbox nature of protocol implementation and the unavailability of protocol specification most of the approaches resort to random or manual testing. In this paper we propose a modelbased approach for security flaw detection of protocol implementation with a high fault coverage, measurability, and automation. Our approach first synthesizes an abstract behavioral model from a protocol implementation and then uses it to guide the testing process for detecting security and reliability flaws. For protocol specification synthesis we reduce the problem a trace minimization with a Finite State Machine model and an efficient algorithm is presented for state space reduction. Our method is implemented and applied to real network protocols. Guided by the synthesized model our testing tool reveals a number of unknown reliability and security issues by automatically crashing the implementations of the Microsoft MSN instant messaging (MSNIM) protocol. Analytical comparison between our modelbased and prevalent syntaxbased flaw detection schemes is also provided with the support of experimental results. Index Terms — formal model, fuzz testing, protocol implementation, and security flaw W I.
Learning and integration of parameterized components through testing
 In TestCom/FATES
, 2007
"... Abstract. We investigate the use of parameterized state machine models to drive integration testing, in the case where the models of components are not available beforehand. Therefore, observations from tests are used to learn partial models of components, from which further tests can be derived for ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate the use of parameterized state machine models to drive integration testing, in the case where the models of components are not available beforehand. Therefore, observations from tests are used to learn partial models of components, from which further tests can be derived for integration. We have extended previous algorithms to the case of finite state models with predicates on input parameters and observable nondeterminism. We also propose a new strategy where integration tests can be derived from the data collected during the learning process. Our work typically addresses the problem of assembling telecommunication services from black box COTS. 1
Integrating Formal Verification and Conformance Testing for Reactive Systems
, 2007
"... In this paper, we describe a methodology integrating verification and conformance testing. A specification of a system— an extended inputoutput automaton, which may be infinitestate—and a set of safety properties (“nothing bad ever happens”) and possibility properties (“something good may happen” ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
(Show Context)
In this paper, we describe a methodology integrating verification and conformance testing. A specification of a system— an extended inputoutput automaton, which may be infinitestate—and a set of safety properties (“nothing bad ever happens”) and possibility properties (“something good may happen”) are assumed. The properties are first tentatively verified on the specification using automatic techniques based on approximated statespace exploration, which are sound, but, as a price to pay for automation, are not complete for the given class of properties. Because of this incompleteness and of statespace explosion, the verification may not succeed in proving or disproving the properties. However, even if verification did not succeed, the testing phase can proceed and provide useful information about the implementation. Test cases are automatically and symbolically generated from the specification and the properties and are executed on a blackbox implementation of the system. The test execution may detect violations of conformance between implementation and specification; in addition, it may detect violation/satisfaction of the properties by the implementation and by the specification. In this sense, testing completes verification. The approach is illustrated on simple examples and on a Bounded Retransmission Protocol.
Learning to Verify Safety Properties
 In LNCS 3308, Proc. of ICFEM’04
, 2004
"... We present a novel approach for verifying safety properties of finite state machines communicating over unbounded FIFO channels that is based on applying machine learning techniques. We assume that we are given a model of the system and learn the set of reachable states from a sample set of exec ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
(Show Context)
We present a novel approach for verifying safety properties of finite state machines communicating over unbounded FIFO channels that is based on applying machine learning techniques. We assume that we are given a model of the system and learn the set of reachable states from a sample set of executions of the system, instead of attempting to iteratively compute the reachable states. The learnt set of reachable states is then used to either prove that the system is safe or to produce a valid execution of the system leading to an unsafe state (i.e. a counterexample). We have implemented this method for verifying FIFO automata in a tool called Lever that uses a regular language learning algorithm called RPNI. We apply our tool to a few case studies and report our experience with this method. We also demonstrate how this method can be generalized and applied to the verification of other infinite state systems.
Incremental LearningBased Testing for Reactive Systems
"... Abstract. We show how the paradigm of learningbased testing (LBT) can be applied to automate specificationbased blackbox testing of reactive systems. Since reactive systems can be modeled as Kripke structures, we introduce an efficient incremental learning algorithm IKL for such structures. We sh ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We show how the paradigm of learningbased testing (LBT) can be applied to automate specificationbased blackbox testing of reactive systems. Since reactive systems can be modeled as Kripke structures, we introduce an efficient incremental learning algorithm IKL for such structures. We show how an implementation of this algorithm combined with an efficient model checker such as NuSMV yields an effective learningbased testing architecture for automated test case generation (ATCG), execution and evaluation, starting from temporal logic requirements. 1
Optimized l*based assumeguarantee reasoning
 In (to appear) Proc. of the 19 th Int. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’07
, 2007
"... Abstract. In this paper, we suggest three optimizations to the L*based automated AssumeGuarantee reasoning algorithm for the compositional verification of concurrent systems. First, we use each counterexample from the model checker to supply multiple strings to L*, saving candidate queries. Second ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we suggest three optimizations to the L*based automated AssumeGuarantee reasoning algorithm for the compositional verification of concurrent systems. First, we use each counterexample from the model checker to supply multiple strings to L*, saving candidate queries. Second, we observe that in existing instances of this paradigm, the learning algorithm is coupled weakly with the teacher. Thus, the learner ignores completely the details about the internal structure of the system and specification being verified, which are available already to the teacher. We suggest an optimization that uses this information in order to avoid many unnecessary – and expensive, since they involve model checking – membership and candidate queries. Finally, and most importantly, we develop a method for minimizing the alphabet used by the assumption, which reduces the size of the assumption and the number of queries required to construct it. We present these three optimizations in the context of verifying trace containment for concurrent systems composed of finite state machines. We have implemented our approach and experimented with reallife examples. Our results exhibit an average speedup of over 12 times due to the proposed improvements. 1
Minimization, learning, and conformance testing of boolean programs
 In CONCUR
, 2006
"... Abstract. Boolean programs with recursion are convenient abstractions of sequential imperative programs, and can be represented as recursive state machines (RSMs) or pushdown automata. Motivated by the special structure of RSMs, we define a notion of modular visibly pushdown automata (modular VPA) a ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Boolean programs with recursion are convenient abstractions of sequential imperative programs, and can be represented as recursive state machines (RSMs) or pushdown automata. Motivated by the special structure of RSMs, we define a notion of modular visibly pushdown automata (modular VPA) and show that for the class of languages accepted by such automata, unique minimal modular VPA exist. This yields an efficient approximate minimization theorem that minimizes RSMs to within a factor of k of the minimal RSM, where k is the maximum number of parameters in any module. Using the congruence defined for minimization, we show an active learning algorithm (with a minimally adequate teacher) for context free languages in terms of modular VPAs. We also present an algorithm that constructs complete test suites for Boolean program specifications. Finally, we apply our results on learning and test generation to perform model checking of blackbox Boolean programs. 1
Qu: Greybox checking
 In Proceedings of IFIP FORTE
, 2006
"... Abstract. There are many cases where we want to verify a system that does not have a usable formal model: the model may be missing, out of date, or simply too big to be used. A possible method is to analyze the system while learning the model (black box checking). However, learning may be an expensi ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract. There are many cases where we want to verify a system that does not have a usable formal model: the model may be missing, out of date, or simply too big to be used. A possible method is to analyze the system while learning the model (black box checking). However, learning may be an expensive task, thus it needs to be guided, e.g., using the checked property or an inaccurate model (adaptive model checking). In this paper, we consider the case where some of the system components are completely specified (white boxes), while others are unknown (black boxes), giving rise to a grey box system. We provide algorithms and lower bounds, as well as experimental results for this model. 1
Assumeguarantee reasoning for deadlock
 IN: PROC. OF FMCAD.
, 2006
"... We extend the learningbased automated assume guarantee paradigm to perform compositional deadlock detection. We define Failure Automata, a generalization of finite automata that accept regular failure sets. We develop a learning algorithm L F that constructs the minimal deterministic failure autom ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
We extend the learningbased automated assume guarantee paradigm to perform compositional deadlock detection. We define Failure Automata, a generalization of finite automata that accept regular failure sets. We develop a learning algorithm L F that constructs the minimal deterministic failure automaton accepting any unknown regular failure set using a minimally adequate teacher. We show how L F can be used for compositional regular failure language containment, and deadlock detection, using noncircular and circular assume guarantee rules. We present an implementation of our techniques and encouraging experimental results on several nontrivial benchmarks.
Regular Inference for Communication Protocol Entities
"... Abstract. Existing algorithms for regular inference (aka automata learning) allows to infer a finite state machine model of a system under test (SUT) by observing the output that the SUT produces in response to selected sequences of input. In this paper we present an approach using regular inference ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Existing algorithms for regular inference (aka automata learning) allows to infer a finite state machine model of a system under test (SUT) by observing the output that the SUT produces in response to selected sequences of input. In this paper we present an approach using regular inference to construct models of communication protocol entities. Entities of communication protocols typically take input messages in the format of a protocol data unit (PDU) type together with a number of parameters and produce output of the same format. We assume that parameters from input can be stored in state variables of communication protocols for later use. A model of a communication protocol is usually structured into control states. Our goal is to infer symbolic extended finite state machine models of communication protocol entities with control states in the model that are similar to the control states in the communication protocol. In our approach, we first apply an existing regular inference algorithm to a communication protocol entity to generate a finite state machine model of the entity. Thereafter we fold the generated model into a symbolic extended finite state machine model with locations and state variables. We have applied parts of our approach to an executable specification of the Mobile Arts Advanced Mobile Location Center (AMLC) protocol and evaluated the results. 1