Xie Lei,Xi Quansheng,Wei Jiaolong,Zhu Guangxi

DOI: https://doi.org/10.16526/j.cnki.11-4762/tp.2011.01.049

2011-01-01

Abstract:In protocol engineering area,protocol testing is a very important task.The multi-port Finite State Machine(np-FSM) model is usually used in distributed protocol testing.As a result of controllability and observability problems,synchronization and coordination of test sequence of distributed protocol is needed.In this paper,an improved distributed test model is introduced.The virtual multi-port test method can greatly simplify the synchronization and coordination problems,and improve the test efficiency.

Xia Yin,Jiangyuan Yao,Zhiliang Wang,Xingang Shi,Jun Bi,Jianping Wu

DOI: https://doi.org/10.1587/transinf.2015pap0013

2015-01-01

IEICE Transactions on Information and Systems

Abstract:The researches on model-based testing mainly focus on the models with single component, such as FSM and EFSM. For the network protocols which have multiple components communicating with messages, CFSM is a widely accepted solution. But in some network protocols, parallel and data-shared components maybe exist in the same network entity. It is infeasible to precisely specify such protocol by existing models. In this paper we present a new model, Parallel Parameterized Extended Finite State Machine (PaP-EFSM). A protocol system can be modeled with a group of PaP-EFSMs. The PaP-EFSMs work in parallel and they can read external variables form each other. We present a 2-stage test generation approach for our new models. Firstly, we generate test sequences for internal variables of each machine. They may be non-executable due to external variables. Secondly, we process the external variables. We make the sequences for internal variables executable and generate more test sequences for external variables. For validation, we apply this method to the conformance testing of real-life protocols. The devices from different vendors are tested and implementation faults are exposed.

D Lee,DL Chen,RB Hao,RE Miller,JP Wu,X Yin

DOI: https://doi.org/10.1109/icnp.2002.1181393

2002-01-01

Abstract:Passive testing is a process of detecting faults in a system under test by passively observing its input/output behaviors only without interrupting its normal operations, and proves to be a promising technique for network fault management. We study passive testing of data portions of network protocols and present two algorithms, using an Event-driven Extended Finite State Machine model. Experimental results on the Internet routing protocol OSPF are reported.

Baohua Zhao,Wei Zhang,Huahui Lin,Peilong Li

DOI: https://doi.org/10.3321/j.issn:0253-987X.2007.06.003

2007-01-01

Abstract:Focusing on the problem that the existing methods of passive testing can not accomplish the fault detection of embedded communication systems, a passive testing approach to fault detection is proposed, in which an observer is placed in external channel, global states are used to describe the possible states of the system, the observed input and output information is employed and combined with model conversion to presume the system state transitions. Based on the approach, a hierarchical method of fault diagnosis is further designed, in which the system conversion trace are recorded in passive testing, then mutant analysis method is utilized to generate fault candidates. The size of fault set can be reduced by passive observations, and distinguishing sequence and cross verification are used to locate the fault. Experiments of a real protocol H. 245 shows that the proposed approach can detect the fault in embedded communication systems in limited steps and can locate the system fault effectively. Its backtracing algorithm can reduce the length of the fault symptom sequence significantly.

Jianxin Xu,Dongqin Feng

DOI: https://doi.org/10.1155/2017/2430835

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

Xiaoping Che,Stephane Maag,Hwee-Xian Tan,Hwee-Pink Tan,Zhangbing Zhou

DOI: https://doi.org/10.3390/s151129250

IF: 3.9

2015-01-01

Sensors

Abstract:Smart systems are today increasingly developed with the number of wireless sensor devices drastically increasing. They are implemented within several contexts throughout our environment. Thus, sensed data transported in ubiquitous systems are important, and the way to carry them must be efficient and reliable. For that purpose, several routing protocols have been proposed for wireless sensor networks (WSN). However, one stage that is often neglected before their deployment is the conformance testing process, a crucial and challenging step. Compared to active testing techniques commonly used in wired networks, passive approaches are more suitable to the WSN environment. While some works propose to specify the protocol with state models or to analyze them with simulators and emulators, we here propose a logic-based approach for formally specifying some functional requirements of a novel WSN routing protocol. We provide an algorithm to evaluate these properties on collected protocol execution traces. Further, we demonstrate the efficiency and suitability of our approach by its application into common WSN functional properties, as well as specific ones designed from our own routing protocol. We provide relevant testing verdicts through a real indoor testbed and the implementation of our protocol. Furthermore, the flexibility, genericity and practicability of our approach have been proven by the experimental results.

D Lee,DL Chen,RB Hao,RE Miller,JP Wu,X Yin

DOI: https://doi.org/10.1109/tnet.2006.872572

2006-01-01

Abstract:We study network protocol system monitoring for fault detection using a formal technique of passive testing that is a process of detecting system faults by passively observing its input/output behaviors without interrupting its normal operations. After describing a formal model of event-driven extended finite state machines, we present two algorithms for passive testing of protocol system control and data portions. Experimental results on OSPF and TCP are reported.

WANG Chen-ling,LV Miao,CHEN Xue

DOI: https://doi.org/10.3969/j.issn.1002-5561.2007.09.001

2007-01-01

Abstract:With gradually increasing scale of the deployment of EPON, the test solutions for EPON become more and more important. MPCP is the core control protocol for EPON protocol suite. The conformance test for MPCP implements is essential for EPON devices' interoperation and runtime management. The research in this thesis focus on the design and implement of MPCP conformance test. By analyzing several typical state machine model, we adopt NFSM model to describe the MPCP protocol, then design and implement the algorithm of MPCP conformance test. The algorithm have been applied in the prototype of EPON passive analyzer, and test activities on normal conversation and typical exceptions of MPCP protocol have been performed.

Yahui Yang,Yunfei Chen,Min Xia,Juan Ma

DOI: https://doi.org/10.1109/IAS.2009.224

2009-01-01

Abstract:Aiming at automated security test on communication protocols, this paper proposes an automated manipulation mechanism of testing procedure based on FSM (Finite State Machine), and designs an automated packet generation mechanism based on a protocol template library. The practical experiments and applications show that the automated security testing platform of communication protocols based on this mechanism can implement the correct evaluations, be convenient to construct the testing procedure, generate automatically test packet sequence and have smaller packet control granularity. It can be used for the systematic and efficient infiltrative security test.

Xiaoping Che,Felipe Lalanne,Stephane Maag

DOI: https://doi.org/10.1007/978-3-642-45422-6_6

2013-01-01

Abstract:Formal approaches provide many keys to efficiently test the conformance of communicating protocols. Active and passive testing techniques are two main sets of these approaches. Compare to active testing, passive testing techniques are used whenever the system cannot be interrupted, or its interfaces are unavailable to access. Under such conditions, communication traces are extracted from points of observation and compared with the expected conformance requirements formally specified as properties. This paper presents a novel monitoring approach, aiming at formally specifying protocol properties in order to check them on real execution traces. A prototype is developed and experienced based on the algorithms defined in a previous paper. Experiments are presented through a set of IMS/SIP properties and numerous execution traces in order to evaluate and assess our technique. The relevant verdicts and discussions are provided at the end.

Jiangyuan Yao,Zhiliang Wang,Xia Yin,Xingang Shi,Jianping Wu

DOI: https://doi.org/10.1109/ICCCN.2013.6614178

2013-01-01

Abstract:Current researches on model-based testing mainly focus on the single component model, such as FSM (Finite State Machine) and EFSM (Extended FSM). To model and test parallelism and concurrency among different protocol components, traditional CFSM (Communicating FSMs) models communication as asynchronous message exchange, which is not suitable for the scenario that parallel protocol components read shared variables from each other. We have developed Parallel Parameterized Extended Finite State Machine (PaP-EFSM) to handle this situation. In this paper, we present a hierarchical test generation approach for PaP-EFSMs based on reachability graphs. The combination of bottom-up reachability graph generation and top-down test sequence generation ensures the executability of the test sequences and alleviates state explosion. We apply this method to the conformance testing of SAVI, a real protocol for anti-spoofing of IP source addresses. We build a set of PaP-EFSMs for SAVI and derive the executable test sequences, which expose many implementation faults when applied to real devices from 4 different vendors.

Fan Zhang,Qianmei Wu,Bohan Xuan,Yuqi Chen,Wei Lin,Christopher M. Poskitt,Jun Sun,Binbin Chen

DOI: https://doi.org/10.1109/tse.2023.3309330

2020-01-01

Abstract:Cyber-physical systems (CPSs) automating critical public infrastructure face a pervasive threat of attack, motivating research into different types of countermeasures. Assessing the effectiveness of these countermeasures is challenging, however, as benchmarks are difficult to construct manually, existing automated testing solutions often make unrealistic assumptions, and blindly fuzzing is ineffective at finding attacks due to the enormous search spaces and resource requirements. In this work, we propose active sensor fuzzing , a fully automated approach for building test suites without requiring any a prior knowledge about a CPS. Our approach employs active learning techniques. Applied to a real-world water treatment system, our approach manages to find attacks that drive the system into 15 different unsafe states involving water flow, pressure, and tank levels, including nine that were not covered by an established attack benchmark. Furthermore, we successfully generate targeted multi-point attacks which have been long suspected to be possible. We reveal that active sensor fuzzing successfully extends the attack benchmarks generated by our previous work, an ML-guided fuzzing tool, with two more kinds of attacks. Finally, we investigate the impact of active learning on models and the reason that the model trained with active learning is able to discover more attacks.

Lei Xie,Jiaolong Wei,Guangxi Zhu

DOI: https://doi.org/10.1109/ICCCAS.2008.4657835

2008-01-01

Abstract:In protocol engineering area, conformance testing is a very important step. The purpose of conformance testing is to determine to what extent a single implementation of a particular standard conforms to the individual requirements of that standard. The Finite State Machine (FSM) model is usually used in protocol conformance testing. In this paper, an improved FSM-based method is introduced to generate the conformance test sequences of BGP protocol. This FSM-based method is a mixture version of Unique Input Output (UIO) method and T method. The UIO method has better capability than T method, but the length of conformance test sequences of that is much longer. The simulation results have shown that the improved method has better fault coverage than UIO method, while the length of die test sequences is close to T method.

Hong Luo,Wenchang Gao

1999-01-01

Abstract:In order to test communication protocols with activity, AFSM model and its fault model for these protocols are established first. Two testing methods are preferred then. The first is establishing software tester and hardware test. The second is transforming AFSM to FSM by adding activity messages, then testing activities with signals. Test system's framework of using the second method are analyzed. At last, an application in CDMA BSC tester is described.

Xiaoping Che,Stephane Maag,Hwee-Xian Tan,Hwee-Pink Tan

DOI: https://doi.org/10.1109/UIC-ATC-ScalCom-CBDCom-IoP.2015.59

2015-01-01

Abstract:Smart systems are today increasingly developed with the number of wireless sensor devices that drastically increases. They are implemented within several contexts through our environment. Thus, sensed data transported in ubiquitous systems are important and the way to carry them must be efficient and reliable. For that purpose, several routing protocols have been proposed to wireless sensor networks (WSN). However, one stage that is often neglected before their deployment, is the conformance testing process, a crucial and challenging step. Active testing techniques commonly used in wired networks are not suitable to WSN and passive approaches are needed. While some works propose to specify the protocol with state models or to analyze them with simulators and emulators, we here propose a logic based approach for formally specifying some functional requirements of a novel WSN routing protocol. We provide an algorithm to evaluate these properties on collected protocol execution traces. Further, we demonstrate the efficiency and suitability of our approach by its application into common WSN functional properties as well as specific ones designed from our own routing protocol. We provide relevant testing verdicts through a real indoor test bed and the implementation of our protocol. We show that our approach may model and passively test common and particular test objectives illustrating its flexibility, genericity and practicability. As far as we know, this is the first work on formal passive testing of routing protocols in wireless sensor networks.

Xinfang Zhang

2009-01-01

Abstract:Robustness testing for software products,especially for those security-related products has important significance.By modeling software products using finite state machine,and constructing increased complete finite state machine through extending states and state's response to the various unusual events,this model can be used for robustness testing.We use the method to test the secure channel protocol '02'(SCP02) of secure communication in the GlobalPlatform card specification.The result shows that the test case package generated using this method has higher coverage and error detection capability.The generated test cases can be used not only for robustness testing,but also for functional and conformance testing.

Jiangyuan Yao,Zhiliang Wang,Xia Yin,Xingang Shi,Jianping Wu

DOI: https://doi.org/10.1109/ICNP.2014.37

2014-01-01

Abstract:Existing tools for Software-Defined Networking (SDN) data plane testing can be classified into two classes: white box and black-box. For the former, all or part of source codes should be accessed. But for testers outside the manufacturers, the accessing of source code is impossible or very difficult in most cases, especially for hardware devices. For the latter, test cases are manually developed, which cannot ensure the coverage. In this paper, we present a model based black-box systematic testing method for SDN data plane. We propose a new model, Pipelined Extended Finite State Machine (Pi-EFSM), to specify the multiple-level pipeline of SDN data plane. For the Pi-EFSM model, we present a 3-phase systematic test generation approach. By using a hierarchical test generation strategy, the proposed test generation method can alleviate state space explosion to some extent. Our test generation method can achieve the systematic coverage towards the elements of the model. We apply our method in the testing of Open Flow switches (specification version 1.3.0). We build a Pi-EFSM model for Open Flow switches and derive the executable test sequences. Some implementation faults and specification confusions are exposed when we test two switches, Open switch 2.1.0 and CPqD Open Flow 1.3 Software Switch.

Xiaoping CHE,Stephane MAAG

2013-01-01

Abstract:Complementary to performance evaluation, the performance testing of communicating protocols is a qualitative and quantitative test of a system, aiming at verifying whether the performance requirements of the protocol have been satisfied under certain conditions. Conformance testing of communicating protocols is a functional test which verifies whether the behaviours of the protocol satisfy defined requirements. It raises the interesting issue of how to accurately formalize the performance requirements and how to converge these two kinds of tests by using the same formal approach. In this paper, we introduce a novel logic-based approach to test the protocol performance requirements through real execution traces and formally specified properties. And also a distributed testing framework is designed for network protocols. Keywords-Session Initiation Protocol; Formal Methods; Passive Testing; Performance Testing

Zhi-Liang WANG,Jian-Ping WU,Xia YIN

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.11.002

2006-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Protocol testing is one of the important techniques to ensure the quality of implementations of network communication protocols and interoperability testing is a widely-used protocol testing technique. This paper presents an interoperability test generation method based on the formal model, Communicating Multi-port Finite State Machines. Firstly, centralized test sequence can be generated by using existing reachability analysis approach. Then fault coverage of the resulting test suite is analyzed systematically using single fault models; in order to improve the fault coverage, an enhanced test generation method is presented. Finally, the controllability and observability problems in interoperability testing are discussed; suitable distributed test architecture is selected and a formal algorithm is presented to generate the distributed synchronizable test suite according to the distributed test architecture. The experimental results show that comparing with existing methods, the method in this paper can improve the fault coverage of the resulting test suite and is feasible and effective.

Xiaoping Che,Stephane Maag

DOI: https://doi.org/10.5220/0004444000740084

2013-01-01

Abstract:Conformance testing of communicating protocols is a functional test which verifies whether the behaviors of the protocol satisfy defined requirements, while the performance testing of communicating protocols is a qualitative and quantitative test, aiming at checking whether the performance requirements of the protocol have been satisfied under certain conditions. It raises the interesting issue of converging these two kinds of tests by using the same formal approach. In this paper, we present a novel logic-based approach to test the protocol performance through real execution traces and formally specified properties. In order to evaluate and assess our methodology, we have developed a prototype and present experiments with a set of IMS/SIP properties. Finally, the relevant verdicts and discussions are provided.