Shu Xiao,Lijun Deng,Sheng Li,Xiangrong Wang

DOI: https://doi.org/10.1109/ICCNMC.2003.1243061

2003-01-01

Abstract:Many security holes stem from the defects in network protocol implementations. This paper presents an industry best practice of integrated TCP/IP network protocol testing that targets software robustness vulnerabilities. The deployed test system consists of a versatile test engine, a protocol data unit generator and a few auxiliary tools. The specially designed kernel test engine supporting IP/TCP/UDP as carrier protocols drives predefined fault-injected PDU (protocol data unit) to the network unit under test. Its novel callback mechanism and virtual network device connection capability cost-effectively enhance user controlled testing intelligence for verifying protocols with complicated state transitions. The PDU generator aims to provide a systematic solution for rapid test case creation, which is based on new strengthened BNF (Backus-Naur form) language for protocol specification mutation and fault injection. Established on this system, we propose an integrated industry test environment for network protocol code assessment. Initial experiments and case studies with multicast protocols unveiled several robustness violations, which have significant security impacts.

Shengquan Liao,Xiaoyan Hong,Chunming Wu,Bin Wang,Ming Jiang

DOI: https://doi.org/10.1109/softcom.2014.7039117

2014-01-01

Abstract:Multicast, transmitting packets from one source to a group of destinations, is a popular service in Internet and now in the datacenter network. However, a unified multicast algorithm cannot satisfy the diverse performance requirements from different users. Hence customized multicast services are proposed in software defined networks (SDN) in this paper. We tackle a few associated technical challenges, and introduce a prototype with OpenFlow1.3 and RYU controller. Our contributions are: (1) we present the modules in detail and explain why they are demanded to implement multicast services in SDN, independent of current Internet-based IGMP protocols and the multicast address; (2) our prototype could sliced multicast trees in the substrate network in accordance to different embedded multicast algorithms; (3) the last hop translation is proposed in access switches to guarantee the multicast flow to be forwarded through the calculated multicast tree and be consumed in end points. Simulation experiments evaluate these performances. And two applications (namely, multicast text transfer service and streaming media application) further validate the feasibility and operability of our customized prototype for multicast services in the real world.

Dong Xiang,Krishnendu Chakrabarty,Hideo Fujiwara

DOI: https://doi.org/10.1109/test.2016.7805827

2016-01-01

Abstract:We present a unified test technique that targets all the components of a network-on-chip design. The proposed technique targets faults in links, routers, and cores. Link faults are first located using built-in self-test hardware inserted in the routers. Test packets for routers are delivered to the routers via the fault-free links and routers identified in the previous steps. A test packet can be corrupted by faulty links or routers, therefore, it is delivered across only previously identified fault-free routers/links. Test packet delivery for routers is implemented as a fault-tolerant unicast-based multicast scheme within the tested part of the network-on-chip. After all faulty routers are identified, a new fault-tolerant unicast-based multicast routing technique is proposed to deliver test packets for the cores. Identical cores share the same test set, and they are tested within the same test session. Simulation results highlight the effectiveness of the proposed method in reducing test time.

Dong Xiang,Krishnendu Chakrabarty,Hideo Fujiwara

DOI: https://doi.org/10.1145/3243214

IF: 1.447

2018-01-01

ACM Transactions on Design Automation of Electronic Systems

Abstract:We present a unified test technique that targets faults in links, routers, and cores of a network-on-chip design based on test sessions. We call an entire procedure, that delivers test packets to the subset of routers/cores, a test session. Test delivery for router/core testing is formulated as two fault-tolerant multicast algorithms. Test packet delivery for routers is implemented as a fault-tolerant unicast-based multicast scheme via the fault-free links and routers that were identified in the previous test sessions to avoid packet corruption. A new fault-tolerant routing algorithm is also proposed for the unicast-based multicast core test delivery in the whole network. Identical cores share the same test set, and they are tested within the same test session. Simulation results highlight the effectiveness of the proposed method in reducing test time.

Guangwei Liu,Jian Xu,Mengmeng Cao,Fucai Zhou,Bin Zhang

DOI: https://doi.org/10.1109/nswctc.2009.273

2009-01-01

Abstract:As multicasting is increasingly used as an efficient communication mechanism for group-oriented applications in the Internet, the research of the multicast key management is becoming a hot issue. Firstly, we analyze the n-party GDH.2 multicast key management protocol and point out that it has the following flaws: lack of certification, vulnerability to man-in-the-middle attacks, and a single-point failure. In order to settle the issues mentioned above, a fault-tolerant and secure multicast key management protocol (FTS, for short) with using the fault-tolerant algorithm and the password authentication mechanism is proposed in this paper. In our protocol, legal members are able to agree on a key despite failures of other members. The protocol can also prevent man-in-the-middle attacks. Finally, we evaluate the security of FTS, and compare our protocol with the FTKM through performance analysis. The analytic results show that the protocol not only avoids the single-point failure but also improves the comprehensive performance.

FAN Wen-hao,MA Jie-zhong,SUN Jiang-yan

DOI: https://doi.org/10.3969/j.issn.1000-8829.2011.04.026

2011-01-01

Abstract:A common software fault injection method for VxWorks-based systems is given.It has framework of fault injection tool and fault model.The fault injection tool uses TCP/IP protocol to communication and injects fault by property of interruption.It resides a part of program in target system.Experiments are done on VMware virtual machine.The result indicates that the method can inject fault effectively into VxWorks-based equipment for evaluation and improvement of fault tolerance.

Yu Zhang,Tim Humernbrum,Sergei Gorlatch

DOI: https://doi.org/10.1007/978-3-030-52988-8_24

2019-01-01

Abstract:The great variety of modern networked applications, e.g., online computer games, cloud host backups, video conferencing, etc. bring significant differences in their usage scenarios. Therefore, they impose very different QoS (Quality of Service) requirements on network communication. In particular, traditional multicast implementations cannot react adequately to the potentially very dynamic application requirements at run time. In this paper, we suggest a novel Plug-in Multicast Framework (PiMF) placed on top of an existing multicast framework. PiMF can modify the topology of the multicast tree during the application’s run time, thus providing QoS guarantees for multicast communication. We design our plug-in framework using the emerging SDN (Software-Defined Networking) technology, and we especially address the challenge of non-interfering behavior of PiMF with respect to the underlying multicast implementation. We evaluate the correctness and performance of our plug-in framework in detailed simulation experiments.

Xiaojun Yu,Gaoxi Xiao,Tee Hiang Cheng

DOI: https://doi.org/10.1016/j.yofte.2015.01.007

IF: 2.8

2015-01-01

Optical Fiber Technology

Abstract:Recent advances in wavelength division multiplexing (WDM) networks have helped enhance the popularity of multicasting services. However, as a single network failure may disrupt the information transmission to multiple end-users, protecting multicast requests against network failures becomes an important issue in network operation. This paper investigates the sub-wavelength level protection for dynamic multicast traffic grooming. A new method named lightpath-fragmentation based segment shared protection (LF-SSP) scheme is proposed. By carefully splitting primary/backup lightpaths into segments to improve resource sharing for both traffic grooming and protection, LF-SSP aims to minimize the network resources allocated for request protection. Extensive simulations are carried out to compare the performance of LF-SSP to some existing approaches, on sub-wavelength-level as well as wavelength-level multicast protections in different cases. Results show that LF-SSP steadily outperforms these existing methods as long as the network resources are not too limited. Influences of the add/drop port resources and the average number of destinations per connection request on the LF-SSP performance are also evaluated. (C) 2015 Elsevier Inc. All rights reserved.

SUN Zhi-gang,LI Zha,WANG Yu-ying

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.04.020

2005-01-01

Abstract:Testing is an important way to improve robustness. For network applications, security and robustness are essential qualities. This article presents a new testing method which focuses on the behaviours of network interfaces when they receive abnormal data. Through the load testing and fault tolerance testing on network interfaces, we can inspect the robust performances of them. It assures us of dealing with abnormal inputs correctly and improving system's security and reliability.

GC Wang,J Chen

2003-01-01

Abstract:In this paper, a new unicast-based fault-tolerant multicast routing algorithm is presente for mesh-connected multicomputers. The fault tolerant multicast routing algorithm is local-information-based, and distributed. The algorithm based on the concept of k-submesh for mesh networks. The mesh is divided into some disjoint k-submeshes in this scheme. Multicast message route and all operations are completed in k-submesh each other The running time of the algorithm is in liner Simulation results show that the time steps of the algorithm are very close to the optimum in practice.

Yongkai Zhou,Yi Yuan,Yan Zhu,Fangbiao Li,Xiao Che,Zhi Xue

DOI: https://doi.org/10.1109/iccis.2013.424

2013-01-01

Abstract:In computer network, multicast is an efficient scheme for one-to-many and many-to-many communication. Although research on multicast has begun as early as the rise of Internet, multicast is still not widely deployed in the current backbone Internet. With the coming of Cloud Computing and Internet of Things, the distribution of huge amounts of data relies heavily on communication among multiple parties, and multicast has its inherent advantage dealing with these scenarios. This paper analyses the vulnerabilities and deficiencies of the current multicast implementation and proposes a new model to support reliable transmission and security in multicast. Network service and the pricing model are integrated into the model to best exploit the value of multicast.

WJ Jia,W Zhao,D Xuan,GC Xu

DOI: https://doi.org/10.1109/71.808133

IF: 5.3

1999-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:In this paper, we design and analyze an efficient fault-tolerant multicast routing protocol. Reliable multicast communication is critical for the success of many Internet applications. Multicast routing protocols with core-based tree techniques (CBT) have been widely used because of their scalability and simplicity. We enhance the CBT protocol with fault tolerance capability and improve its efficiency and effectiveness. With our strategy, when a faulty component is detected, some pre-defined backup path(s) is (are) used to bypass the faulty component and enable the multicast communication to continue. Our protocol only requires that routers near the faulty component be reconfigured, thus reducing the runtime overhead without compromising much of the performance. Our approach is in contrast to other approaches that often require relatively large tree reformation when faults occur. These global methods are usually costly and complicated in their attempt to achieve theoretically optimal performance. Our performance evaluation shows that our new protocol performs nearly as well as the best possible global method while utilizing much less runtime overhead and implementation cost.

Yulu Ma,Keping Long,Shiduan Cheng

DOI: https://doi.org/10.1109/ICON.2001.962353

2001-01-01

Abstract:CBT and PIM-SM are two typical intra-domain multicast routing protocols. However, CBT lacks an efficient member management mechanism such as admission control and authentication for senders. In PIM-SM, multicast traffic concentrates on RP which causes network collapse. Frequently the authorization operation tends to overload RP. Furthermore, PIM-SM is single-failure, which means RP failure will destroy the whole multicast tree. We propose a new protocol that can effectively solve all these problems by admitting senders at multiple cores and transporting packets towards uni-direction.

Jianfeng Zou,Guochu Shou,Zhigang Guo,Yihong Hu

DOI: https://doi.org/10.1109/icbnmt.2013.6823928

2013-01-01

Abstract:Multicast communication is an important requirement for many types of applications such as IPTV, video conference. In current IP multicast architecture, any host can join a multicast group without authentication because no host identification information is maintained by routers, which leads to security risks. In addition, the routers need to be involved in both forwarding packets and maintaining route states, which results in massive complexity of the devices and produces a lot of control overheads. This paper proposes a multicast clean-slate scheme based on Software-defined Networking (SDN), aiming to improve security and controllability of multicast networks. A multicast controller logically centralized is designed to be responsible for handling multicast events, calculating multicast tree and authentication the identity of host. A prototype is implemented in our SDN platform. The result proves that our scheme is superior to the traditional IP multicast, which is reflected in two aspects: firstly, the illegal users are prevented from joining multicast group effectively. Secondly, the delay of joining a group is less than the traditional IP multicast.

Zhao Zhang,Qiao-Yan Wen,Wen Tang

DOI: https://doi.org/10.1109/csss.2012.208

2012-01-01

Abstract:Security flaws existed in protocol implementations might be exploited by malicious attackers and the consequences can be very serious. Therefore, detecting vulnerabilities of network protocol implementations is becoming a hot research topic recently. However, protocol security test is a very complex, challenging and error-prone task, as constructing test packets manually or randomly are not practical. This paper presents an efficient mutation-based approach for detecting implementation flaws of network protocol. Compared with other protocol testing tools, our approach divides the procedure of protocol testing into many phases, and flexible design can cover many testing cases for the protocol implementations under testing, and could apply for testing various protocol implementations quite easily. Besides, this approach is more comprehensible that makes the protocol security test easier to carry out. To assess the usefulness of this approach, several experiments are performed on four FTP server implementations and the results showed that our approach can find flaws of protocol implementation very easily. The method is of the important application value and can improve the security of network protocols.

WM Zhang,WJ Jia

DOI: https://doi.org/10.1109/ispan.1999.778916

1999-01-01

Abstract:Multicast (group) communications have been widely recognized by current research and industry. Multicast is very useful for various network applications such as distributed (replicated) database, video/audio conference, information distribution and server locations etc. But design and implementation of such multicast communication systems in networks are complicated tasks, especially when quality of service (QoS) of applications such as real time and reliability are desired. In order to quickly design and implement multicast communication, good tools are crucial and must be facilitated. The paper presents a novel object oriented (OO) QoS driven approach for the quick design and prototyping of multicast communication systems under certain QoS requirements, for multicast message transmission and receptions such as real time, total ordering, atomicity and fault tolerance etc.

Zhengmao Zhou,Yun Zhou,Ming Cai

DOI: https://doi.org/10.1109/iccsnt.2012.6525944

2012-01-01

Abstract:Although Real-Time Operating Systems (RTOS) have already been widely used, the issue regarding their robustness is far from being solved. The Software-implemented fault injection (SWIFI) is widely used to evaluate the robustness of the software components, and many efforts have been made with this method. In this paper, a new model is proposed for the robustness evaluation of RTOS, which is independent of the concrete RTOS. Errors are injected through a public application program interface (API) and a comprehensive robustness metrics system which is based on the public API is proposed. We have evaluated the robustness of Vxwork5.4, Rtems4.10, and Ucos2.62 with our model and found eight bugs in Vxworks5.4, four bugs in Ucos2.62 and one bug in Rtems4.10.

Yulong Fu,Ousmane Kone

DOI: https://doi.org/10.1109/jsyst.2012.2223532

IF: 4.802

2014-01-01

IEEE Systems Journal

Abstract:Network protocols are the basis of network communication, and security concerns about protocol aspects are always important and useful in network systems. For the past two decades, the methods of protocol testing have been used to verify the functional conformance between the network specifications and the implementations. In this paper, we extend protocol testing methods by considering the robustness of the network protocols. We suggest a method for modeling network systems with concurrent components and propose a robustness testing approach to evaluate the system security. A new definition of Glued IOLTS is used to define this kind of system, and an algorithm for robustness test case generation is given. A case study with the RADIUS protocol is presented.

Yang Shunkun,Liu Bin,Wang Shihai,Lu Minyan

DOI: https://doi.org/10.1016/j.cja.2013.05.004

2013-01-01

Abstract:Robustness testing for safety-critical embedded software is still a challenge in its nascent stages. In this paper, we propose a practical methodology and implement an environment by employing model-based robustness testing for embedded software systems. It is a system-level black-box testing approach in which the fault behaviors of embedded software is triggered with the aid of model-based fault injection by the support of an executable model-driven hardware-in-loop (HIL) testing environment. The prototype implementation of the robustness testing environment based on the proposed approach is experimentally discussed and illustrated by industrial case studies based on several avionics-embedded software systems. The results show that our proposed and implemented robustness testing method and environment are effective to find more bugs, and reduce burdens of testing engineers to enhance efficiency of testing tasks, especially for testing complex embedded systems.

Yulong Fu,Ousmane Koné

DOI: https://doi.org/10.1007/978-3-642-33448-1_6

2012-01-01

Abstract:In this paper one type of the security problem of DoS (Denial of Service) is studied and transformed to check the robustness of a multiple components system. The network components like attackers, normal clients and the network devices are modeled as implementations of the testing system. And by evaluating the system’s robustness, the potential design defects can be detected. The methods on robustness testing of multiple components are studied, and a new model of Glued-IOLTS (Labelled Transition System) is given for defining this kind of multiple and networked system. Then a new approach and algorithm are given for generating the robustness test cases automatically.