Queen's University - Utility Bar

QSpace at Queen's University >
Theses, Dissertations & Graduate Projects >
Queen's Theses & Dissertations >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1974/5652

Title: Syntax-based Security Testing for Text-based Communication Protocols
Authors: Kam, Ben W. Y.

Files in This Item:

File Description SizeFormat
Kam_Ben_WY_201004_PhD.pdf589.2 kBAdobe PDFView/Open
Keywords: security testing
mutation testing
text-based communication protocol
Issue Date: 2010
Series/Report no.: Canadian theses
Abstract: We introduce a novel Syntax-based Security Testing (SST) framework that uses a protocol specification to effectively perform security testing on text-based communication protocols. A protocol specification of a particular text-based protocol under-tested (TPUT) represents its syntactic grammar and static semantic contracts on the grammar. Mutators written in TXL break the syntactic and semantic constraints of the protocol specification to generate test cases. Different protocol specification testing strategies can be joined together to yield a compositional testing approach. SST is independent of any particular text-based protocols. The power of SST stems from the way it obtains test cases from the protocol specifications. We also use the robust parsing technique with TXL to parse a TPUT. SST has successfully revealed security faults in different text-based protocol applications such as web applications and kOganizer. We also demonstrate SST can mimic the venerable PROTOS Test-Suite: co-http-reply developed by University of Oulu.
Description: Thesis (Ph.D, Computing) -- Queen's University, 2010-04-30 16:01:18.048
URI: http://hdl.handle.net/1974/5652
Appears in Collections:Queen's Theses & Dissertations
Computing Graduate Theses

Items in QSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

 

  DSpace Software Copyright © 2002-2008  The DSpace Foundation - TOP