Presentation is loading. Please wait.

Presentation is loading. Please wait.

School of Information Technology Centre for Software Assurance Enabling Security Testing from Specification to Code Shane Bracher and Padmanabhan Krishnan.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "School of Information Technology Centre for Software Assurance Enabling Security Testing from Specification to Code Shane Bracher and Padmanabhan Krishnan."— Presentation transcript:

1 School of Information Technology Centre for Software Assurance Enabling Security Testing from Specification to Code Shane Bracher and Padmanabhan Krishnan Fifth International Conference on Integrated Formal Methods (IFM 2005) 29 November – 2 December 2005 Eindhoven, The Netherlands

2 School of Information Technology Centre for Software Assurance 2Enabling Security Testing from Specification to Code Problem Statement Formal models: Usually created for verifying key properties. The more abstract, the easier to verify. But for testing, they are too far removed from the implementation. Possible testing approaches: Exhaustive testing – all possible behaviour. Bounded exhaustive testing – all possible behaviour to a certain depth. Fault injection testing – reaction under faulty environments. Model based testing – aims to reduce the testing effort.

3 School of Information Technology Centre for Software Assurance 3Enabling Security Testing from Specification to Code Objective We have a formal model of a protocol. We want to use this model to derive test sequences. In particular, we are interested in testing the security properties. How can we use model based techniques to automatically generate test sequences for testing the security properties of protocols? Test sequences generated from: the formal model are too abstract. (too far from the implementation) the implementation are too concrete. (not reusable)

4 School of Information Technology Centre for Software Assurance 4Enabling Security Testing from Specification to Code Methodology Translate the “high-level” formal specification into an intermediary model: less abstract closer to an implementation Now we can generate test sequences from the intermediary model (which was derived from the formal model). For testing the security properties: The security goals are already stated in the high-level model. We can specify these goals within the intermediary model as annotations.

5 School of Information Technology Centre for Software Assurance 5Enabling Security Testing from Specification to Code “Bridging the gap” High Level Protocol Specification Language (HLPSL) Bandera Intermediate Representation (BIR) Bogor Model Checking Framework

6 School of Information Technology Centre for Software Assurance 6Enabling Security Testing from Specification to Code Case Study Internet Open Trading Protocol (IOTP) Objectives of case study: 1.Verify the ability to translate a high-level model into an intermediary model. 2.Using annotations, determine the possibility of deriving test sequences from the intermediary model.

7 School of Information Technology Centre for Software Assurance 7Enabling Security Testing from Specification to Code Internet Open Trading Protocol Merchant (M) Payment Processor (P) Delivery Agent (D) Offer BrandList, Offer Select, Offer Pay, Offer, Sig_M(Pay) Offer, Pay, Merchant, Sig_C(Pay) Receipt, Sig_P(Pay, Receipt, Offer) Sig_P(Pay, Receipt, Offer), Pay, Receipt, Offer Data, Sig_D(Data) Customer (C)

8 School of Information Technology Centre for Software Assurance 8Enabling Security Testing from Specification to Code Intermediary Model record (|Customer|) extends (|Role|) { (|Agent|) /|Customer.C|\; /* All agents */ (|PublicKey|) /|Customer.Kc|\; /* All keys */ (|Channel|) /|Customer.SND_CM|\; /* All channels */ /* snipped */ loc loc1: live { [|brandlist|], [|offer|], [|select|] } when [|this|]./|Customer.RCV_CM|\.read do invisible { [|brandlist|] := ((|BrandList|)) [|this|]./|Customer.RCV_CM|\./|Channel.payload|\[0]; [|offer|] := ((|Offer|)) [|this|]./|Customer.RCV_CM|\./|Channel.payload|\[1]; [|this|]./|Customer.RCV_CM|\.read := false; [|select|] := new (|Select|); [|this|]./|Customer.SND_CM|\./|Channel.payload|\[0] := [|select|]; [|this|]./|Customer.SND_CM|\./|Channel.payload|\[1] := [|offer|]; [|this|]./|Customer.SND_CM|\.read := true; } goto loc2;

9 School of Information Technology Centre for Software Assurance 9Enabling Security Testing from Specification to Code Deriving Test Sequences Security properties tested: Authentication – Customer authenticates Merchant on Pay. Secrecy – Pay is to remain secret from the Delivery Agent (hypothetical). Sessions: Authentic Customer – Authentic Merchant Authentic Customer – Intruder acting as Merchant Intruder acting as Customer – Authentic Merchant Test sequences produced as counter examples. But to get a counter example, we need a violation to occur. Solution: negate the security goals.

10 School of Information Technology Centre for Software Assurance 10Enabling Security Testing from Specification to Code Results Concurrent sessions: 480 test sequences returned. Reason: violation found in large number of interleavings. Too many for the Bogor Counter Example Environment to display. Therefore, it was necessary to identify a sufficiently simple interleaving in order for a test sequence trace to be returned.

11 School of Information Technology Centre for Software Assurance 11Enabling Security Testing from Specification to Code Conclusion Demonstrated the practicability of using an intermediary model for automatically deriving test sequences for testing the security properties of protocols. The derived test sequences are both suitable and reusable for testers to apply to a working protocol implementation.

12 School of Information Technology Centre for Software Assurance 12Enabling Security Testing from Specification to Code Thank you for your attention. Shane Bracher sbracher@student.bond.edu.au sbracher@student.bond.edu.au Padmanabhan Krishnan pkrishna@staff.bond.edu.au pkrishna@staff.bond.edu.au Centre for Software Assurance School of Information Technology, Bond University Gold Coast, Queensland, 4229, AUSTRALIA www.sand.bond.edu.au

Download ppt "School of Information Technology Centre for Software Assurance Enabling Security Testing from Specification to Code Shane Bracher and Padmanabhan Krishnan."

Similar presentations

An Institutionally Secure Integrated Data Environment (INSIDE) By University of St Andrews & University of Durham Original Aims –the development of a sustainable.

An Institutionally Secure Integrated Data Environment (INSIDE) By University of St Andrews & University of Durham Original Aims –the development of a sustainable.
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Constraint Semantics for Abstract Read Permissions 28 th July 2014, FTfJP, Uppsala John Tang Boyland (UW-Milwaukee/ETH Zurich) Peter Müller, Malte Schwerhoff,

Constraint Semantics for Abstract Read Permissions 28 th July 2014, FTfJP, Uppsala John Tang Boyland (UW-Milwaukee/ETH Zurich) Peter Müller, Malte Schwerhoff,
Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str. 546 24 Thessaloniki Greece.

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.

Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.

Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.
Alternate Software Development Methodologies

Alternate Software Development Methodologies
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Formal Specification of Topological Relations Erika Asnina, Janis Osis and Asnate Jansone Riga Technical University The 10th International Baltic Conference.

Formal Specification of Topological Relations Erika Asnina, Janis Osis and Asnate Jansone Riga Technical University The 10th International Baltic Conference.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:

Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.

Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.

Similar presentations

Ads by Google