Syntax-based Security Testing for Text-based Communication Protocols

We introduce a novel Syntax-based Security Testing (SST) framework that uses a protocol specification to effectively perform security testing on text-based communication protocols. A protocol specification of a particular text-based protocol under-tested (TPUT) represents its syntactic grammar and s...

Full description

Bibliographic Details
Main Author: Kam, Ben W. Y.
Other Authors: Queen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))
Language:en
en
Published: 2010
Subjects:
Online Access:http://hdl.handle.net/1974/5652
id ndltd-LACETR-oai-collectionscanada.gc.ca-OKQ.1974-5652
record_format oai_dc
spelling ndltd-LACETR-oai-collectionscanada.gc.ca-OKQ.1974-56522013-12-20T03:39:30ZSyntax-based Security Testing for Text-based Communication ProtocolsKam, Ben W. Y.security testingmutation testingtext-based communication protocolWe introduce a novel Syntax-based Security Testing (SST) framework that uses a protocol specification to effectively perform security testing on text-based communication protocols. A protocol specification of a particular text-based protocol under-tested (TPUT) represents its syntactic grammar and static semantic contracts on the grammar. Mutators written in TXL break the syntactic and semantic constraints of the protocol specification to generate test cases. Different protocol specification testing strategies can be joined together to yield a compositional testing approach. SST is independent of any particular text-based protocols. The power of SST stems from the way it obtains test cases from the protocol specifications. We also use the robust parsing technique with TXL to parse a TPUT. SST has successfully revealed security faults in different text-based protocol applications such as web applications and kOganizer. We also demonstrate SST can mimic the venerable PROTOS Test-Suite: co-http-reply developed by University of Oulu.Thesis (Ph.D, Computing) -- Queen's University, 2010-04-30 16:01:18.048Queen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))2010-04-30 16:01:18.0482010-04-30T20:39:28Z2010-04-30T20:39:28Z2010-04-30T20:39:28ZThesishttp://hdl.handle.net/1974/5652enenCanadian thesesThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
collection NDLTD
language en
en
sources NDLTD
topic security testing
mutation testing
text-based communication protocol
spellingShingle security testing
mutation testing
text-based communication protocol
Kam, Ben W. Y.
Syntax-based Security Testing for Text-based Communication Protocols
description We introduce a novel Syntax-based Security Testing (SST) framework that uses a protocol specification to effectively perform security testing on text-based communication protocols. A protocol specification of a particular text-based protocol under-tested (TPUT) represents its syntactic grammar and static semantic contracts on the grammar. Mutators written in TXL break the syntactic and semantic constraints of the protocol specification to generate test cases. Different protocol specification testing strategies can be joined together to yield a compositional testing approach. SST is independent of any particular text-based protocols. The power of SST stems from the way it obtains test cases from the protocol specifications. We also use the robust parsing technique with TXL to parse a TPUT. SST has successfully revealed security faults in different text-based protocol applications such as web applications and kOganizer. We also demonstrate SST can mimic the venerable PROTOS Test-Suite: co-http-reply developed by University of Oulu. === Thesis (Ph.D, Computing) -- Queen's University, 2010-04-30 16:01:18.048
author2 Queen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))
author_facet Queen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))
Kam, Ben W. Y.
author Kam, Ben W. Y.
author_sort Kam, Ben W. Y.
title Syntax-based Security Testing for Text-based Communication Protocols
title_short Syntax-based Security Testing for Text-based Communication Protocols
title_full Syntax-based Security Testing for Text-based Communication Protocols
title_fullStr Syntax-based Security Testing for Text-based Communication Protocols
title_full_unstemmed Syntax-based Security Testing for Text-based Communication Protocols
title_sort syntax-based security testing for text-based communication protocols
publishDate 2010
url http://hdl.handle.net/1974/5652
work_keys_str_mv AT kambenwy syntaxbasedsecuritytestingfortextbasedcommunicationprotocols
_version_ 1716621141932507136