Font Size: a A A

Research On Theory And Method Of Protocol Security Testing

Posted on:2009-11-22Degree:DoctorType:Dissertation
Country:ChinaCandidate:W L ChenFull Text:PDF
GTID:1118360242495808Subject:Computer software and theory
Abstract/Summary:PDF Full Text Request
Protocol Engineering is an integrated and formalized process of protocol development, including protocol formal description, protocol verification, protocol implementation and protocol testing based on formal description. Protocol testing is an important part of protocol engineering.These days the network becomes more and more complicated, and security threats and exploits emerge in endlessly. Communication protocols, acting as the foundation of the modern computer network, are also faced with multiple kinds of security threats. The protocol conformance testing, which is the basis of protocol testing, generally aims at checking whether the implementation of a protocol conforms to its specification. However, as a traditional functional testing method,it can't ensure the implementation's security. Protocol security testing is gradually becoming one hotspot in protocol testing area.In this paper, protocol security testing is discussed, mainly including protocol attack testing and protocol security mutation testing based on Constructed Type Algebra. Protocol attack testing is in nature a penetration testing method on protocol implementations running on network equipment, which verifies the equipment's resistance ability against known protocol attacks. On the other hand, Construct Type Algebra (CIA) based protocol security mutation testing targets the disclosure of unknown faults and security problems. It first designs imitators based on the formal description model, then uses these mutators on conformance formulas to obtain security testing cases. These security testing cases are then used to verify or evaluate the protocol implementation's security.The work of this paper includes:1. Protocol attack testing model and methodThis paper studies protocol attack testing systematically and holistically, and proposes solutions for each testing phrases.Firstly an protocol attack description model in the view of testing is proposed. This model has the ability of describing multiple attributes of a protocol attack detailedly, including its principle, location, influence, relationship with other attacks, etc. It also helps in attack test cases generation, selection and execution.Secondly, a uniform protocol attack testing framework is brought forward. A network path information based tester selection algorithm is proposed, in order to solve the tester distributing problem in the framework's practical deployment . This algorithm helps in averaging testing data flows and improve test result's reliability.Thirdly, the sequences relationships and causalities between different test cases are discussed. An optimized test execution algorithm is proposed base on these relevancies. It decreases duplicated operations to improve test efficiency.At last a security measurement method based on extended RBD and Criticality model is proposed, which draws quantitive security evaluation of the equipment under testing out of the test results.2. Security mutation testing based on CTAConstruct Type Algebra is a formal description method based on algebraic specification, and is suitable for specifying the data parts and related processes of a protocol. Mutation analysis is a common technique in current security testing area. In this paper, mutation analysis is integrated with CTA specification, while the security vulnerabilities summarized by the above description method and the structural characteristic of CTA are both considered. All these result in a new protocol security testing method which bases on conformance formulas generated out from the conformance test generation algorithm. This method can generate security test cases through performing security related mutations on the formulas. This method has the ability of revealing potential security threats, and helps in evaluating the protocol's security. In addition, it can make full use of conformance testing's intermediate achievements, and organically integrates security testing with normal conformance testing procedure.3. Design and implementation of a security testing systemAt last, a protocol security testing system is designed and implemented in this paper. This system has a distributed architecture and therefore is flexible to multiple environments and different test requirements, and also has considerable expansibility. It is suitable for protocol attack testing, and also can be used in security mutation testing. In this system, the whole security testing procedure can be implemented ,including test cases development and debug, test execution and data collection, results analysis and report generation.
Keywords/Search Tags:protocol security testing, protocol attack testing, Construct Type Algebra, security mutation analysis, distributed protocol security testing system
PDF Full Text Request
Related items