Enabling Security Testing from Specification to Code Shane Bracher and Padmanabhan Krishnan Fifth International Conference on Integrated Formal Methods (IFM 2005) 29 November – 2 December 2005 Eindhoven, The Netherlands
Usually created for verifying key properties.
The more abstract, the easier to verify.
But for testing , they are too far removed from the implementation.
Possible testing approaches:
Exhaustive testing – all possible behaviour.
Bounded exhaustive testing – all possible behaviour to a certain depth.
Fault injection testing – reaction under faulty environments.
Model based testing – aims to reduce the testing effort.
We have a formal model of a protocol.
We want to use this model to derive test sequences.
In particular, we are interested in testing the security properties.
How can we use model based techniques to automatically generate test sequences for testing the security properties of protocols?
Test sequences generated from:
the formal model are too abstract. (too far from the implementation)
the implementation are too concrete. (not reusable)
Translate the “high-level” formal specification into an intermediary model:
closer to an implementation
Now we can generate test sequences from the intermediary model (which was derived from the formal model).
For testing the security properties:
The security goals are already stated in the high-level model.
We can specify these goals within the intermediary model as annotations .
“Bridging the gap” High Level Protocol Specification Language (HLPSL) Bandera Intermediate Representation (BIR) Bogor Model Checking Framework
Internet Open Trading Protocol (IOTP)
Objectives of case study:
Verify the ability to translate a high-level model into an intermediary model.
Using annotations, determine the possibility of deriving test sequences from the intermediary model.