symbolic passive testing - application to an industrial case study (diamonds project)
DESCRIPTION
Work supported by DIAMONDS (ITEA 2) Project. Symbolic Passive Testing - Application to an industrial case study (Diamonds project). Pramila Mouttappa , Stephane Maag and Ana Cavalli Institut Mines-Télécom/Télécom SudParis RCIS 2013 Industrial Day - 31st May, 2013 - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/1.jpg)
Institut Mines-Télécom
Pramila Mouttappa, Stephane Maag and Ana Cavalli Institut Mines-Télécom/Télécom SudParis
RCIS 2013 Industrial Day - 31st May, 2013 Paris, France
Work supported by DIAMONDS (ITEA 2) Project
![Page 2: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/2.jpg)
Institut Mines-Télécom
OverviewMotivationOur approachIOSTS based modelsParametric trace slicingFormal property evaluationPrototype resultsConclusions
Symbolic Passive Testing
![Page 3: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/3.jpg)
Institut Mines-Télécom
Conformance Testing
Télécom SudParis Modèle de présentation
Active Tester Verdict
Test CasesSpecification / Requirements
IUT
Test generation
ACTIVE TESTING
IUT
Specification / Requirements
Passive Tester Verdict
User PASSIVE TESTING
Trace
P.O.
![Page 4: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/4.jpg)
Institut Mines-Télécom
Problem Statement
Limitation of Passive Testing- For checking both the data and control part of the
protocol.- Enumeration of data values.
Symbolic Passive Testing
(i) ONLY CONTROL PART Invariant : Req / Ack Verdict = True
![Page 5: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/5.jpg)
Institut Mines-Télécom
Problem Statement (contd.)
Symbolic Passive Testing
(ii) CONTROL + DATA PART
Invariant : Req(A) / Ack(B) Verdict = False or Inconclusive
![Page 6: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/6.jpg)
Institut Mines-Télécom
Motivations
■To reduce false positive verdicts
■To avoid data enumeration
■To model eventual behavior deviations
■To study the scalability of very long traces (i.e., if the traffic collection is continuous)
Télécom SudParis Modèle de présentation
![Page 7: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/7.jpg)
Institut Mines-Télécom
Our approach ...
■ Functional and Security attacks can be modeled – IOSTS
■ Enumeration of data values is not required – SYMBOLIC
■ Data relationship between messages – REDUCES FALSE POSITIVE VERDICTS
■ New Passive Testing Technique - INTEGRATION of Parametric Trace Slicing and Symbolic Execution
Symbolic Passive Testing
![Page 8: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/8.jpg)
Institut Mines-Télécom
Framework of our approach – Automotive case study
Symbolic Passive Testing
Bluetooth trace
Symbolic execution trace and state
details
Symbolic execution tree
1 2 3
5
6
Specification / Requirement’s
IOSTS model - Functional/Security property
Symbolic Passive Testing Tool : TestSym-P
Verdicts Pass / Fail / Attack – Pass / Inconclusive
7
?
4 Guard-conditions table
![Page 9: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/9.jpg)
Institut Mines-Télécom
Sequence diagram - Bluetooth Connectivity & Bluestabbing attack
Symbolic Passive Testing
[1] “Bluetooth specification version 2.0 + edr [vol 0],” 1999.[2] D. Browning and G. Kessler, “Bluetooth hacking: A case study,” in Proceedings of the Conference on Digital Forensics, Security and Law, 2009, pp. 20–22.
![Page 10: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/10.jpg)
Institut Mines-Télécom
IOSTS Model
Symbolic Passive Testing
S3
S3.1
! hci-change-local-name (loc_name0)
G2:{loc_name ≠vloc_name}
A3: {vloc_name:=loc_name0}
![Page 11: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/11.jpg)
Institut Mines-Télécom
Symbolic Execution (SE) of IOSTS
Symbolic Passive Testing
![Page 12: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/12.jpg)
Institut Mines-Télécom
Parametric Trace Slicing
Trace Monitoring technique
Trace slices – Each parameter instance observed in the trace.
The events corresponding to a particular parameter instance are grouped in the order they appear in the trace in a particular trace slice.
Symbolic Passive Testing
![Page 13: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/13.jpg)
Institut Mines-Télécom
Parametric Trace Slicing - Example
Consider a sample Bluetooth trace,
■ !hci-inquiry ?hci-inquiry-complete !hci-create-connection(bd addr1 ) !hci-create-connection(bd addr2 ) ?hci-connect-complete(bd addr1 )
Symbolic Passive Testing
Slices Data Portion Control Portion
Slice 1 bdaddr1 !hci-inquiry?hci-inquiry-complete!hci-create-connection ?hci-connect-complete
Slice 2 bdaddr2 !hci-inquiry?hci-inquiry-complete!hci-create-connection
![Page 14: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/14.jpg)
Institut Mines-Télécom
Integration of SE and Parametric Trace Slicing
■Symbolic Execution (SE):
The path of the symbolic execution tree – represents the property to be tested on the trace.
Valuation of the parameters – symbolic values.
■Parametric Trace Slicing:
Trace analysis Valuation of the parameters – concrete values. Trace slices put together constitutes the implementation
trace. Path of the SE tree – checked against each trace slice to
obtain the Verdict.
Symbolic Passive Testing
![Page 15: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/15.jpg)
Institut Mines-Télécom
Evaluation - IOSTS property on the trace slices
1. Control portion : Control portion(SE) = Control portion(slice) goto 2.2. Data portion:
• Substitute concrete data values in place of symbolic values.• Satisfiability of each state in path of the SE - Guard condition check.• AttackSeq : 0 (Property Sequence), 1 (Attack Sequence)
Symbolic Passive Testing
AttackSeq Control Portion Data Portion Verdicts Comments
0 Y Y Pass Property satisfied.
0 Y N Fail Property not satisfied.
1 Y Y Attack Pass Attack sequence satisfied.
0 or 1 N - Inconclusive Trace length insufficient to decide.
else≠
![Page 16: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/16.jpg)
Institut Mines-Télécom
Final Evaluation – Property on the Implementation trace
■ PASS● if (Every (Verdict(tsi) = Pass))
■ Attack-PASS● if (Exists(Verdict(tsi) = Attack-Pass))
■ FAIL● if [(Exists(Verdict(tsi) = Fail)) ^ (Exists(Verdict(tsi)≠ Attack-
Pass))]
■ INCONCLUSIVE, otherwise.
Symbolic Passive Testing
![Page 17: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/17.jpg)
Institut Mines-Télécom
Prototype Model – TestSym-P
Symbolic Passive Testing
![Page 18: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/18.jpg)
Institut Mines-Télécom
Prototype – Trace Parsing
Symbolic Passive Testing
![Page 19: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/19.jpg)
Institut Mines-Télécom
Prototype - Trace Slicing
Symbolic Passive Testing
![Page 20: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/20.jpg)
Institut Mines-Télécom
Prototype – Evaluation Output
Symbolic Passive Testing
![Page 21: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/21.jpg)
Institut Mines-Télécom
Evaluation Results
Symbolic Passive Testing
[3] Pramila Mouttappa, Stephane Maag and Ana Cavalli, "IOSTS based Passive Testing approach for the Validation of data-centric Protocols", 12th International Conference on Quality Software (QSIC 2012), Xi’an, China, 27-29 August 2012.
[4] Pramila Mouttappa, Stephane Maag and Ana Cavalli, “Improving Protocol Validation by an IOSTS-based Passive Testing approach”, 9th Workshop on System Testing and Validation (STV 2012), Paris, France, 24th October 2012.[5] Pramila Mouttappa and Stephane Maag and Ana Cavalli, “Monitoring based on IOSTS for testing functional and security properties: Application to an Automotive case study”. To be published, 37th Annual International Conference on Computers, Software and Applications (COMPSAC 2013), 22-26 July 2013, Kyoto, Japan
Trace No. Messages No. Slices Trace output without errors Trace output with errors & attacks
P F I Verdict P F I AP Verdict
1 81 2 1 - 1 I - 1 1 - F
2 89 3 1 - 2 I - - 2 1 AP
3 81 2 1 - 1 I - 1 1 - F
4 81 2 1 - 1 I - - 1 1 AP
5 81 2 1 - 1 I - 1 1 - F
6 81 2 1 - 1 I - - 1 1 AP
7 81 2 1 - 1 I - - 1 1 AP
8 81 2 1 - 1 I - - 1 1 AP
9 81 2 1 - 1 I - 1 1 - F
10 81 2 1 - 1 I - - 1 1 AP
P - PassF - Fail AP - Attack Pass I - Inconclusive
![Page 22: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/22.jpg)
Institut Mines-Télécom
Innovations with respect to STOA
■ From our knowledge, there are currently no works tackling Passive testing/Monitoring based on IOSTS without any awareness on the states of the execution traces, moreover,
the integration of symbolic execution of IOSTS and Slicing technique for Passive Testing,
dealing with symbolic values eliminates the necessity
of enumeration of all data values,
the approach enables testing functional and vulnerability / attack patterns by passive testing.
Symbolic Passive Testing
![Page 23: Symbolic Passive Testing - Application to an industrial case study (Diamonds project)](https://reader036.vdocument.in/reader036/viewer/2022062816/56814482550346895db11999/html5/thumbnails/23.jpg)
Institut Mines-Télécom
Future Works
■Online testing - i.e., evaluation of properties as the implementation is being run.
■Time constraints - that are needed in the definition of several properties.
Symbolic Passive Testing