Sciweavers

PST
2004

Syntax-based Vulnerability Testing of Frame-based Network Protocols

14 years 2 months ago
Syntax-based Vulnerability Testing of Frame-based Network Protocols
Syntax-based vulnerability testing is a static black-box testing method for protocol implementations. It involves testing the Implementation Under Test (IUT) with a large number of mutated Protocol Data Units (PDUs), built by intentionally disobeying the protocol's syntax. Security vulnerabilities can be discovered by detecting anomalous behaviour or crashes in the IUT (e.g. segmentation faults, buffer, heap or stack overflows, etc.) when it attempts to parse and use a mutated PDU. Previous research has led to the development of a protocol testing framework and methodology for syntax-based testing of protocols, whose syntax is based on ASN.1 (Abstract Syntax Notation), and whose transfer syntax is based on BER or DER (Basic or Distinguished Encoding Rules). These protocols have syntactic structure information embedded in the PDU. However, many protocols are not specified using such standards and do not include embedded syntactic structure information. Instead the byte sequence of...
Oded Tal, Scott Knight, Tom Dean
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where PST
Authors Oded Tal, Scott Knight, Tom Dean
Comments (0)