1 / 11

Modeling, Analysis and Testing of System Vulnerabilities

Modeling, Analysis and Testing of System Vulnerabilities Fevzi Belli 1 , Nimal Nissanke 2 , Christof J. Budnik 1 1 Dept. of Computer Science, Electrical Engineering and Mathematics, University of Paderborn, Germany {belli, cb}@adt.upb.de

Télécharger la présentation

Modeling, Analysis and Testing of System Vulnerabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Modeling, Analysis and Testing of System Vulnerabilities Fevzi Belli1, Nimal Nissanke2 , Christof J. Budnik1 1 Dept. of Computer Science, Electrical Engineering and Mathematics, University of Paderborn, Germany {belli, cb}@adt.upb.de 2 School of Computing, Information Systems and Mathematics, South Bank University, London, UK nissanke@sbu.ac.uk Content Introduction Finite-State Modeling of System Vulnerabilities Testing of Event Sequences for Revealing Threats Validation of the Approach Conclusion

  2. State Transition Diagram (STD) of the FSA Event Sequence Graph (ESG) of the FSA • Merging inputs and states leads to more efficient algorithms for analysis and test. • We focus on input sequences, generated as strings of L(G), or L(R). • The result is a simplified version of the statetransition diagram (STD) of the FSA that we call an Event Sequence Graph (ESG) [Myhill]. Introduction Finite-State Modeling of System Vulnerabilities Testing of Event Sequences for Revealing Threats Validation of the Approach Conclusion • For representing GUI we will interpret theinput set as objects that can be controlled and perceived by input/output devices, i.e., elements of WIMPs (Windows, Icons, Menus and Pointers). • Test inputs for GUI are generally sequences of user activities that interact with system behavior.

  3. Play Record Pause Jump Begin Rew FF Stop Modeling of Realjukebox - Event Sequence: Play - Rew - FF - Stop Play Rew FF Stop Play Rew FF Stop Event Sequence Graph (ESG) - System Function (Complete Event Sequence): Playing a Track

  4. An Event Pair(EP) consists of a legal input in a correct state and a legal output in a correct state upon this input,e.g.,LS, LR, SP, SM, SR, PS, PP, PR, PM, MP, MS, MM, MR, RL, RM. • An ES that leads to a final event which is in accordance with the user expectations will be called a Complete Event Sequence (CES), e.g.,LSR, LR, LSPR, LSMR, LSPSR, LSPPR, LSPMR, LSMPR, LSMSR, LSMMR, LSMR, LRLR, LRMR.. • Sub-sequences of the CES: Partial Event Sequences (PES). • PES of length n define n-tuples of events, i.e.: Event Triple (ETr), Event Quadruple (EQr), etc. Event Sequence Graph (ESG) (GUI of the RealJukebox, the uppermost layer) Introduction Finite-State Modeling of System Vulnerabilities Testing of Event Sequences for Revealing Threats Validation of the Approach Conclusion

  5. „Jump to the Beginning“ does not place the position indicator at the beginning of the current track. At the same time, „Play“ is on although „Pause“ is still active! Testing a Legal Event Sequence - Event Sequence: Play - Pause - Jump to the Beginning Play Pause Jump to the Beginning Play Play Record Pause Pause Jump Begin Jump Begin Rew FF Stop

  6. Completed ESG (CESG) as the complement of the modeled system. • We construct now Faulty EP (FEP) for testing the robustness, safety issues, etc. of the system, e.g., LL, SL, LP, PL, LM, ML, SS, RP, RR, RS. • A FEP is already faulty, and a faulty state cannot be “faultier”, i.e., in a faulty state the system cannot accept an additional illegal input. Thus, a FEP cannot be extended to the right by any FEP. • To exercise a FEP, we extend it to the left, i.e., an ES will be used as a prefix to execute a FEP, e.g.,LL, LP, LM, LSL, LSPL, LSPML, LSS, LSPMRP, LSPMRR, LSPMRS. Introduction Finite-State Modeling of System Vulnerabilities Testing of Event Sequences for Revealing Threats Validation of the Approach Conclusion

  7. Activating the „Record“ after „Play“ and „Pause“ causes the loss of the track position! Testing aFaultyEvent Sequence Play - Faulty Event Sequence: Play - Pause - Record Pause Record Play Play Record Record Pause Pause Jump Begin Rew FF Stop

  8. Coverage of the edges of the ESG is a meaningful criterion to systematize the test process and judge the efficiency of the test cases (Belli) in the following way: • + Define walksof the length n through the ESG as sequences of n adjacent events starting at the entry and ending at the exit of the ESG. • + Construct a set of walks subject - to cover all sequences of events of a given length, e.g., to cover all EP, and/or ETr, EQr, etc., and • - the total length of all of the walks is minimal. • This minimization problem is a special case of the Chinese Postman Problem (Aho, Sabnani, Dahbura, Ü. Uyar, etc. (MUIO Sequences)). Its complexity is, however, less than the original one’s (our first approach: O(n²) ). Introduction Finite-State Modeling of System Vulnerabilities Testing of Event Sequences for Revealing Threats Validation of the Approach Conclusion

  9. FES ES • Detected Faults by ES and FES vs. the length of the ES, e.g. EP, ETr, EQr, ...: Introduction Finite-State Modeling of System Vulnerabilities Testing of Event Sequences for Revealing Threats Validation of the Approach Conclusion

  10. The cumulated number of detected faults in relation to the number of test executions: Introduction Finite-State Modeling of System Vulnerabilities Testing of Event Sequences for Revealing Threats Validation of the Approach Conclusion

  11. We introducedacomplementaryview for detection and handling of undesirable events in following steps: • + Construct the sequences of legal and illegal events of different lengths n. • + Input those sequences to the system under test (SUT). • + Observe the output and determine whether a desirable behavior, or an undesirable, faulty event occurs. • The latter case should invoke an error message, or a defense activity of the SUT (exception handling). • Rule of thumb: The user is always right, i.e., there are no user errors! • The test costs are scalable (length/number of the event sequences as test cases). • The approach is black box-oriented, i.e., requires the system specification prior to testing. • The specification can be, however, incrementally produced, even during testing. Introduction Finite-State Modeling of System Vulnerabilities Testing of Event Sequences for Revealing Threats Validation of the Approach Conclusion

More Related