A model checking-based framework for testing security properties of protocols under development

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-04-21 DOI:10.1016/j.comnet.2025.111259

Jiangyuan Yao , Weiyang Xin , Xia Yin , Xingang Shi , Zhiliang Wang , Li Zhou , Ting Jin

{"title":"A model checking-based framework for testing security properties of protocols under development","authors":"Jiangyuan Yao , Weiyang Xin , Xia Yin , Xingang Shi , Zhiliang Wang , Li Zhou , Ting Jin","doi":"10.1016/j.comnet.2025.111259","DOIUrl":null,"url":null,"abstract":"<div><div>It is important to validate the security properties of network protocols. Most validation methods either verify design models or test implementations. These two techniques are usually applied separately. For protocols under development (PUDs), which are under development and have yet to be issued as a final release, the specifications, implementations and even security properties may change. The use of verification or testing alone may not achieve satisfactory results. In this paper, we propose a security property testing framework for PUDs. Following this framework, we use several rounds of iterative validation to address changeful specifications, implementations and security properties. In each round, we combine verification and testing. We employ a model checker to facilitate verification of the design models. Then, we convert the verification results into executable test cases and test the prototype implementations. Developers can modify the specifications, implementations and security properties and subsequently perform another round of validation. Finally, they can obtain a version of the protocol that passes both verification and testing. We apply our method to two PUDs as case studies: the source address validation improvements (SAVI) and the stateful firewall application of software-defined networking (SDN). Our approach can expose vulnerabilities in different development versions. After several rounds of verification, testing and improvement, developers can release high-quality protocols.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111259"},"PeriodicalIF":4.4000,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625002270","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

It is important to validate the security properties of network protocols. Most validation methods either verify design models or test implementations. These two techniques are usually applied separately. For protocols under development (PUDs), which are under development and have yet to be issued as a final release, the specifications, implementations and even security properties may change. The use of verification or testing alone may not achieve satisfactory results. In this paper, we propose a security property testing framework for PUDs. Following this framework, we use several rounds of iterative validation to address changeful specifications, implementations and security properties. In each round, we combine verification and testing. We employ a model checker to facilitate verification of the design models. Then, we convert the verification results into executable test cases and test the prototype implementations. Developers can modify the specifications, implementations and security properties and subsequently perform another round of validation. Finally, they can obtain a version of the protocol that passes both verification and testing. We apply our method to two PUDs as case studies: the source address validation improvements (SAVI) and the stateful firewall application of software-defined networking (SDN). Our approach can expose vulnerabilities in different development versions. After several rounds of verification, testing and improvement, developers can release high-quality protocols.

查看原文本刊更多论文

用于测试正在开发的协议的安全属性的基于模型检查的框架

验证网络协议的安全特性是非常重要的。大多数验证方法要么验证设计模型，要么验证测试实现。这两种技术通常是分开使用的。对于正在开发的协议（pud），这些协议正在开发中，尚未作为最终版本发布，规范、实现甚至安全属性都可能发生变化。单独使用验证或测试可能无法获得令人满意的结果。在本文中，我们提出了一个面向pdu的安全性能测试框架。遵循这个框架，我们使用几轮迭代验证来处理多变的规范、实现和安全属性。在每一轮中，我们将验证和测试结合起来。我们使用模型检查器来促进设计模型的验证。然后，我们将验证结果转换为可执行的测试用例，并测试原型实现。开发人员可以修改规范、实现和安全属性，并随后执行另一轮验证。最后，他们可以获得一个通过验证和测试的协议版本。我们将我们的方法应用于两个pud作为案例研究：源地址验证改进（SAVI）和软件定义网络（SDN）的有状态防火墙应用。我们的方法可以暴露不同开发版本中的漏洞。经过几轮验证、测试和改进，开发人员可以发布高质量的协议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.