ASPIRE: automated systematic protocol implementation robustness evaluation
| Title | ASPIRE: automated systematic protocol implementation robustness evaluation |
| Publication Type | Conference Papers |
| Year of Publication | 2004 |
| Authors | Vasan A, Memon AM |
| Conference Name | Software Engineering Conference, 2004. Proceedings. 2004 Australian |
| Date Published | 2004/// |
| Keywords | algorithm, ASPIRE, automated systematic protocol, automated testing, fault tolerant computing, faulty PDU, formal specification, HTTP, implementation robustness evaluation, Internet, network protocol, protocol data unit, protocol specification, robustness testing, SMTP protocol, stateful protocols, stateless protocols, Transport protocols |
| Abstract | Network protocol implementations are susceptible to problems caused by their lack of ability to handle invalid inputs. We present ASPIRE: automated systematic protocol implementation robustness evaluation, an automated approach to pro-actively test protocol implementations by observing their responses to faulty protocol data units (PDUs) or messages. In contrast to existing approaches, we sample the faulty PDU space in a systematic manner, thus allowing us to evaluate protocol implementations in the face of a wider variety of faulty PDUs. We use a pruning strategy to reduce, from exponential, the size of the faulty PDU set to polynomial in the number of fields of a PDU. We have implemented the ASPIRE algorithms and evaluated them on implementations of HTTP (Apache, Google Web Server (GWS), and Microsoft IIS) and SMTP (Sendmail and Microsoft Exchange) protocols. Our results show that Apache, GWS, and IIS, although implementing the same protocol specification, behave differently on faulty HTTP PDUs; Sendmail and exchange are different in handling our faulty SMTP PDUs. |
| DOI | 10.1109/ASWEC.2004.1290477 |