The effectiveness of statecharts as a tool to express the desired behavior of security protocols and a source of tests for their implementations was investigated. Specifically, TLS protocol was modeled as a statechart and tests generated from its flattened version. The GnuTLS implementation of the protocol  was then tested against the generated tests.  The MC/DC coverage of different components of the implementation varied from 51% to 81%. A  "what if" analysis revealed that while some defects in the uncovered code will not lead to any security vulnerability due to in-built fault tolerance, others might lead to improper authentication, integrity failure, session hijacking,  denial of service, and loss of confidentiality. The analysis suggests that statecharts alone might not be an adequate tool as a source of tests for implementations of security protocols and that tests so generated must be augmented through other formal means such as random testing, stress testing, and code coverage analysis.
%0 Conference Paper
%1 jayaram_08_adequacy
%A Jayaram, K. R.
%A Mathur, Aditya P.
%B Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
%D 2008
%J Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
%K 2008 protocol tests statecharts cryptography
%P 937--942
%R http://dx.doi.org/10.1109/COMPSAC.2008.203
%T On the Adequacy of Statecharts as a Source of Tests for Cryptographic Protocols
%U http://dx.doi.org/10.1109/COMPSAC.2008.203
%X The effectiveness of statecharts as a tool to express the desired behavior of security protocols and a source of tests for their implementations was investigated. Specifically, TLS protocol was modeled as a statechart and tests generated from its flattened version. The GnuTLS implementation of the protocol  was then tested against the generated tests.  The MC/DC coverage of different components of the implementation varied from 51% to 81%. A  "what if" analysis revealed that while some defects in the uncovered code will not lead to any security vulnerability due to in-built fault tolerance, others might lead to improper authentication, integrity failure, session hijacking,  denial of service, and loss of confidentiality. The analysis suggests that statecharts alone might not be an adequate tool as a source of tests for implementations of security protocols and that tests so generated must be augmented through other formal means such as random testing, stress testing, and code coverage analysis.
@inproceedings{jayaram_08_adequacy,
abstract = {The effectiveness of statecharts as a tool to express the desired behavior of security protocols and a source of tests for their implementations was investigated. Specifically, TLS protocol was modeled as a statechart and tests generated from its flattened version. The GnuTLS implementation of the protocol  was then tested against the generated tests.  The MC/DC coverage of different components of the implementation varied from 51% to 81%. A  "what if" analysis revealed that while some defects in the uncovered code will not lead to any security vulnerability due to in-built fault tolerance, others might lead to improper authentication, integrity failure, session hijacking,  denial of service, and loss of confidentiality. The analysis suggests that statecharts alone might not be an adequate tool as a source of tests for implementations of security protocols and that tests so generated must be augmented through other formal means such as random testing, stress testing, and code coverage analysis.},
added-at = {2009-02-11T20:14:44.000+0100},
author = {Jayaram, K. R. and Mathur, Aditya P.},
biburl = {https://www.bibsonomy.org/bibtex/262ad46186eafc04914f6ad374718412b/leonardo},
booktitle = {Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International},
citeulike-article-id = {3140690},
doi = {http://dx.doi.org/10.1109/COMPSAC.2008.203},
interhash = {bbc5016fffa3d36be3c57ff995bf1ece},
intrahash = {62ad46186eafc04914f6ad374718412b},
journal = {Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International},
keywords = {2008 protocol tests statecharts cryptography},
pages = {937--942},
posted-at = {2008-08-20 15:33:43},
priority = {2},
timestamp = {2009-02-11T20:14:44.000+0100},
title = {On the Adequacy of Statecharts as a Source of Tests for Cryptographic Protocols},
url = {http://dx.doi.org/10.1109/COMPSAC.2008.203},
year = 2008
}