Genericity of a model- based intrusion testing method Aymerick Savary 1,2 , Mathieu Lassale 1,2 Jean-Louis Lanet 1 , Marc Frappier 2 SDTA, december 2014, Auvergne, France 1 Université de Limoges 2 Université de Sherbrooke Genericity of a model-based intrusion testing method SDTA 2014 1 /14
Outline I. VTG method I.1) Mutation of Event-B I.2) Event-B and UML II. Case Studies II.1) Byte Code Verifier II.2) EMV Payment Protocol III. Conclusions and Future Works Genericity of a model-based intrusion testing method SDTA 2014 2 /14
Outline I. VTG method I.1) Mutation of Event-B I.2) Event-B and UML II. Case Studies II.1) Byte Code Verifier II.2) EMV Payment Protocol III. Conclusions and Future Works Genericity of a model-based intrusion testing method SDTA 2014 3 /14
Model-Based Testing Model FM Formal FM Abstract FM Based model Tests Testing Selection Criterias We could only extract the modeled behaviors. Genericity of a model-based intrusion testing method SDTA 2014 4 /14
Model-Based Testing We don’t want to model Model FM Formal FM Abstract FM Based model Tests Testing a specific attack. Selection Criterias We could only extract the modeled behaviors. Genericity of a model-based intrusion testing method SDTA 2014 4 /14
Specification Mutation Genericity of a model-based intrusion testing method SDTA 2014 5 /14
Specification Mutation Genericity of a model-based intrusion testing method SDTA 2014 5 /14
Specification Mutation Genericity of a model-based intrusion testing method SDTA 2014 5 /14
Specification Mutation Genericity of a model-based intrusion testing method SDTA 2014 5 /14
VTG Big Picture Model FM FM Formal Formal Specification FM FM Mutants Abstract FM FM Based model model Mutation Models Tests Testing Mutation Selection Rules Criterias Genericity of a model-based intrusion testing method SDTA 2014 6 /14
VTG Big Picture Model FM FM Formal Formal Specification FM FM Mutants Abstract FM FM Based model model Mutation Models Tests Testing Mutation Selection Rules Criterias Abstract FM FM Model Faulty FM FM Model Abstract FM FM Test Mutation Models Tests Generation VTG [Savary, A., Frappier, M., & Lanet, J. (2013). Detecting Vulnerabilities in Java-Card Bytecode Verifiers Using Model-Based Testing. Integrated Formal Methods] Genericity of a model-based intrusion testing method SDTA 2014 6 /14
Event-B Models Static Dynamic Genericity of a model-based intrusion testing method SDTA 2014 7 /14
Event-B Models Static Dynamic Genericity of a model-based intrusion testing method SDTA 2014 7 /14
Event-B and UML Genericity of a model-based intrusion testing method SDTA 2014 8 /14
Event-B and UML Genericity of a model-based intrusion testing method SDTA 2014 8 /14
Outline I. VTG method I.1) Mutation of Event-B I.2) Event-B and UML II. Case Studies II.1) Byte Code Verifier II.2) EMV Payment Protocol III. Conclusions and Future Works Genericity of a model-based intrusion testing method SDTA 2014 9 /14
Byte Code Verifier Genericity of a model-based intrusion testing method SDTA 2014 10 /14
Byte Code Verifier Genericity of a model-based intrusion testing method SDTA 2014 10 /14
Byte Code Verifier Genericity of a model-based intrusion testing method SDTA 2014 10 /14
Byte Code Verifier Genericity of a model-based intrusion testing method SDTA 2014 10 /14
Mutation of Contexts Genericity of a model-based intrusion testing method SDTA 2014 11 /14
EMV Payment Protocol ! Genericity of a model-based intrusion testing method SDTA 2014 12 /14
Experimental Results (TV BCV) Profondeur Temps de Nb tests Vitesse Vitesse de recherche g´ en´ eration ( s ) ( nb / 1 s ) ( nb / 1 min ) 2 53,6 2 0,037 2 3 148,7 30 0,202 12,1 4 1380,2 432 0,313 17,7 5 11286,7 10133 0,898 53,9 * 5283,0 7308 1,393 83,0 ⇔ Profondeur 2 3 4 5 * Temps 0,8s 9,9s 1min30 1h 48min Genericity of a model-based intrusion testing method SDTA 2014 13 /14
Conclusions and Future Works I. Conclusions I.1) VTG work with context mutation I.2) VTG working with UML II. Future Works II.1) Improve MBT in ProB II.2) Concrete tests for EMV Genericity of a model-based intrusion testing method SDTA 2014 14 /14
Recommend
More recommend