“Using Behavioral Profiles to Detect Software Flaws in Network Servers”

From Navigators

Jump to: navigation, search

João Antunes, Nuno Ferreira Neves

in Proceedings of the International Symposium on Software Reliability Engineering (ISSRE), Nov. 2011.

Abstract: Some software faults, namely security vulnerabilities, tend to elude conventional testing methods. Since the effects of these faults may not be immediately perceived nor have a direct impact on the server's execution (e.g., a crash), they can remain hidden even if exercised by the test cases. Our detection approach consists in inferring a behavioral profile of a network server that models its correct execution by combining information about the implemented state machine protocol and the server's internal execution. Flaws are automatically detected if the server's behavior deviates from the profile while processing the test cases. This approach was implemented in a tool, which was used to analyze several FTP vulnerabilities, showing that it can effectively find various kinds of flaws.

Download paper

Download Using Behavioral Profiles to Detect Software Flaws in Network Servers

Export citation

BibTeX

Project(s): Project:MASSIF, Project:DIVERSE

Research line(s): Fault And Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox