June 25, 2007 to June 27, 2007
Guoqiang Shu , Ohio State University
David Lee , Ohio State University
Security and reliability of network protocol implementations are essential for communication services. Most of the approaches for verifying security and reliability, such as formal validation and black-box testing, are limited to checking the specification or conformance of implementation. However, in practice, a protocol implementation may contain engineering details, which are not included in the system specification but may result in security flaws. We propose a new learning-based approach to systematically and automatically test protocol implementation security properties. Protocols are specified using Symbolic Parameterized Extended Finite State Machine (SP-EFSM) model, and an important security property - message confidentiality under the general Dolev-Yao attacker model - is investigated. The new testing approach applies black-box checking theory and a supervised learning algorithm to explore the structure of an implementation under test while simulating the teacher with a conformance test generation scheme. We present the testing procedure, analyze its complexity, and report experimental results.
Guoqiang Shu, David Lee, "Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach", ICDCS, 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07), 27th International Conference on Distributed Computing Systems (ICDCS '07) 2007, pp. 25, doi:10.1109/ICDCS.2007.147