Genericity of a model- based intrusion testing method Aymerick - - PowerPoint PPT Presentation

genericity of a model based intrusion testing method
SMART_READER_LITE
LIVE PREVIEW

Genericity of a model- based intrusion testing method Aymerick - - PowerPoint PPT Presentation

Dec 17, 2022 155 likes •406 views

Genericity of a model- based intrusion testing method Aymerick Savary 1,2 , Mathieu Lassale 1,2 Jean-Louis Lanet 1 , Marc Frappier 2 SDTA, december 2014, Auvergne, France 1 Universit de Limoges 2 Universit de Sherbrooke Genericity of a

slide-1
SLIDE 1

1 Université de Limoges 2 Université de Sherbrooke

/14 1

Aymerick Savary1,2, Mathieu Lassale1,2 Jean-Louis Lanet1, Marc Frappier2

SDTA, december 2014, Auvergne, France

Genericity of a model-based intrusion testing method SDTA 2014

Genericity of a model- based intrusion testing method

slide-2
SLIDE 2

/14

Genericity of a model-based intrusion testing method SDTA 2014

Outline

2

  • I. VTG method

I.1) Mutation of Event-B I.2) Event-B and UML

  • II. Case Studies

II.1) Byte Code Verifier II.2) EMV Payment Protocol

  • III. Conclusions and Future Works
slide-3
SLIDE 3

/14

Genericity of a model-based intrusion testing method SDTA 2014

Outline

3

  • I. VTG method

I.1) Mutation of Event-B I.2) Event-B and UML

  • II. Case Studies

II.1) Byte Code Verifier II.2) EMV Payment Protocol

  • III. Conclusions and Future Works
slide-4
SLIDE 4

/14

Genericity of a model-based intrusion testing method SDTA 2014

Model Based Testing

FM FM FM

Abstract Tests Formal model Selection Criterias

4

Model-Based Testing

We could only extract the modeled behaviors.

slide-5
SLIDE 5

/14

Genericity of a model-based intrusion testing method SDTA 2014

Model Based Testing

FM FM FM

Abstract Tests Formal model Selection Criterias

4

Model-Based Testing We don’t want to model a specific attack.

We could only extract the modeled behaviors.

slide-6
SLIDE 6

/14

Genericity of a model-based intrusion testing method SDTA 2014

5

Specification Mutation

slide-7
SLIDE 7

/14

Genericity of a model-based intrusion testing method SDTA 2014

5

Specification Mutation

slide-8
SLIDE 8

/14

Genericity of a model-based intrusion testing method SDTA 2014

5

Specification Mutation

slide-9
SLIDE 9

/14

Genericity of a model-based intrusion testing method SDTA 2014

5

Specification Mutation

slide-10
SLIDE 10

/14

Genericity of a model-based intrusion testing method SDTA 2014

6

VTG Big Picture

Specification Mutation

FM FM FM

Mutants Models Formal model Mutation Rules Model Based Testing

FM FM FM

Abstract Tests Formal model Selection Criterias

slide-11
SLIDE 11

/14

Genericity of a model-based intrusion testing method SDTA 2014

6

VTG Big Picture

[Savary, A., Frappier, M., & Lanet, J. (2013). Detecting Vulnerabilities in Java-Card Bytecode Verifiers Using Model-Based Testing. Integrated Formal Methods]

Specification Mutation

FM FM FM

Mutants Models Formal model Mutation Rules Model Based Testing

FM FM FM

Abstract Tests Formal model Selection Criterias

Model

VTG FM FM FM

Abstract Tests

FM FM FM

Faulty Models Model Mutation Abstract Test Generation

slide-12
SLIDE 12

/14

Genericity of a model-based intrusion testing method SDTA 2014

7

Event-B Models

Static Dynamic

slide-13
SLIDE 13

/14

Genericity of a model-based intrusion testing method SDTA 2014

7

Event-B Models

Static Dynamic

slide-14
SLIDE 14

/14

Genericity of a model-based intrusion testing method SDTA 2014

8

Event-B and UML

slide-15
SLIDE 15

/14

Genericity of a model-based intrusion testing method SDTA 2014

8

Event-B and UML

slide-16
SLIDE 16

/14

Genericity of a model-based intrusion testing method SDTA 2014

Outline

9

  • I. VTG method

I.1) Mutation of Event-B I.2) Event-B and UML

  • II. Case Studies

II.1) Byte Code Verifier II.2) EMV Payment Protocol

  • III. Conclusions and Future Works
slide-17
SLIDE 17

/14

Genericity of a model-based intrusion testing method SDTA 2014

10

Byte Code Verifier

slide-18
SLIDE 18

/14

Genericity of a model-based intrusion testing method SDTA 2014

10

Byte Code Verifier

slide-19
SLIDE 19

/14

Genericity of a model-based intrusion testing method SDTA 2014

10

Byte Code Verifier

slide-20
SLIDE 20

/14

Genericity of a model-based intrusion testing method SDTA 2014

10

Byte Code Verifier

slide-21
SLIDE 21

/14

Genericity of a model-based intrusion testing method SDTA 2014

11

Mutation of Contexts

slide-22
SLIDE 22

/14

Genericity of a model-based intrusion testing method SDTA 2014

12

EMV Payment Protocol

!

slide-23
SLIDE 23

/14

Genericity of a model-based intrusion testing method SDTA 2014

13

Experimental Results

(TV BCV)

Profondeur de recherche Temps de g´ en´ eration (s) Nb tests Vitesse (nb/1s) Vitesse (nb/1min) 2 53,6 2 0,037 2 3 148,7 30 0,202 12,1 4 1380,2 432 0,313 17,7 5 11286,7 10133 0,898 53,9 * 5283,0 7308 1,393 83,0

⇔ Profondeur 2 3 4 5 * Temps 0,8s 9,9s 1min30 1h 48min

slide-24
SLIDE 24

/14

Genericity of a model-based intrusion testing method SDTA 2014

14

Conclusions and Future Works

  • I. Conclusions

I.1) VTG work with context mutation I.2) VTG working with UML

  • II. Future Works

II.1) Improve MBT in ProB II.2) Concrete tests for EMV