Show simple item record

dc.contributor.authorAboelfotoh, Muhammaden
dc.date2008-09-26 16:31:32.565
dc.date.accessioned2008-09-27T17:48:35Z
dc.date.available2008-09-27T17:48:35Z
dc.date.issued2008-09-27T17:48:35Z
dc.identifier.urihttp://hdl.handle.net/1974/1499
dc.descriptionThesis (Master, Computing) -- Queen's University, 2008-09-26 16:31:32.565en
dc.description.abstractApplication layer protocols have become sophisticated to the level that they have become languages in their own right. Security testing of network applications is indisputably an essential task that must be carried out prior to the release of software to the market. Since factors such as time-to-market constraints limit the scope or depth of the testing performed, it is difficult to carry out exhaustive testing prior to the release of the software. As a consequence, flaws may be left undiscovered by the software vendor, which may be discovered by those of malicious intent. We report the results of an empirical study of testing the Distributed Relational Database Architecture (DRDA®) protocol as implemented by the IBM® DB2® Database for Linux®, Unix®, and Windows® product, using a security testing approach, and a framework which implements that approach, that emerged from the joint work of the Royal Military College of Canada and Queen's University of Kingston. The previous version of the framework was used in the past to test the implementations of several network protocols. Compared to DRDA, these protocols are relatively simple, as they possess a much fewer number of structure types, messages and rules. From our study of the DRDA protocol, several omissions in the framework were uncovered, and were implemented as part of this work. In addition, the framework was automated, a preliminary automated test planner was created and a primitive language was created to provide the ability to describe custom-made test plans. Testing revealed two faults in the DB2 server, one of which was unknown to the vendor, prior to the testing that was carried out as part of this thesis work.en
dc.format.extent795838 bytes
dc.format.mimetypeapplication/pdf
dc.language.isoengen
dc.relation.ispartofseriesCanadian thesesen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjecttestingen
dc.subjectsecurityen
dc.subjectprotocolen
dc.subjectDRDAen
dc.titleAn Empirical Study of a Language - based Security Testing Techniqueen
dc.typethesisen
dc.description.degreeM.Sc.en
dc.contributor.supervisorDean, Thomas R.en
dc.contributor.departmentComputingen
dc.degree.grantorQueen's University at Kingstonen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record