ASPIRE: Automated Systematic Protocol Implementation Robustness Evaluation

Download: PDF.

“ASPIRE: Automated Systematic Protocol Implementation Robustness Evaluation” by Arunchandar Vasan and Atif M. Memon. In ASWEC '04: Proceedings of the 2004 Australian Software Engineering Conference (ASWEC'04), (Washington, DC, USA), 2004, pp. 241-250.

Abstract

Network protocol implementations are susceptible to problems caused by their lack of ability to handle invalid inputs. We present ASPIRE: automated systematic protocol implementation robustness evaluation, an automated approach to pro-actively test protocol implementations by observing their responses to faulty protocol data units (PDUs) or messages. In contrast to existing approaches, we sample the faulty PDU space in a systematic manner, thus allowing us to evaluate protocol implementations in the face of a wider variety of faulty PDUs. We use a pruning strategy to reduce, from exponential, the size of the faulty PDU set to polynomial in the number of fields of a PDU. We have implemented the ASPIRE algorithms and evaluated them on implementations of HTTP (Apache, Google Web Server (GWS), and Microsoft IIS) and SMTP (Sendmail and Microsoft Exchange) protocols. Our results show that Apache, GWS, and IIS, although implementing the same protocol specification, behave differently on faulty HTTP PDUs; Sendmail and exchange are different in handling our faulty SMTP PDUs.

Download: PDF.

BibTeX entry:

@inproceedings{VasanASWEC2004,
   author = {Arunchandar Vasan and Atif M. Memon},
   title = {ASPIRE: Automated Systematic Protocol Implementation
	Robustness Evaluation},
   booktitle = {ASWEC '04: Proceedings of the 2004 Australian Software
	Engineering Conference (ASWEC'04)},
   pages = {241--250},
   publisher = {IEEE Computer Society},
   address = {Washington, DC, USA},
   year = {2004},
   isbn = {0-7695-2089-8}
}

Back to Atif Memon's Publications.