协议安全测试理论和方法的研究
|
摘要
协议工程是一体化、形式化的协议开发过程,其研究内容包含协议的形式化描述,协议验证,协议实现和协议测试等。协议测试是协议工程中的一个重要内容。
当前的网络环境日趋复杂,各种安全威胁事件层出不穷。作为计算机网络基础的通信协议,也面临着多种安全威胁。一些原来在封闭环境中使用的协议被逐渐用作公开协议,这也增加了协议的安全风险。传统的协议一致性测试是协议测试的基础,其目的是检查待测协议实现的行为与协议规范是否一致。但它作为一种传统的功能性测试,并不能完全保证协议实现的安全。因此协议安全测试正逐渐成为协议测试领域中的一个新热点。
本文针对协议安全性测试进行了研究,主要讨论了协议攻击测试以及基于构造类别代数的安全变异测试两个方面。在协议安全性的评价过程中,这两个方面是相辅相成的。协议攻击测试本质上是一种针对网络设备上运行的协议实现的渗透测试,是检验网络设备对已知协议攻击的抵御能力的测试。而基于构造类别代数的安全变异测试则通过针对协议的形式化描述设计变异算子,作用于一致性公式集来产生安全测试例集,以试图覆盖未知的协议错误和安全漏洞。
本文的研究工作主要集中在以下几个方面:
1)协议攻击测试模型和方法
本文对协议攻击测试进行了系统性、整体性的研究,对测试的每一阶段都提出了解决方案。
首先提出了面向测试的协议攻击描述模型,用于描述协议攻击的原理、发生位置、影响、彼此关联等多项属性,作为后续执行算法和安全性量化评价的基础。
然后针对分布式协议攻击测试框架实际部署中的测试者分布问题,提出一个基于网络路径信息的测试者选择算法,可以均衡测试流量和提高测试结果的可靠性。
考虑了攻击测试例之间的序列相关性和因果关系的影响,提出基于攻击测试例关联性的优化测试执行算法,通过动态执行减少测试中的重复操作,提高测试效率。
最后提出了基于改进的RBD and Criticality模型的安全性度量方法,根据协议攻击测试的结果集合对被测设备进行安全性量化评价。
2)基于构造类别代数的安全变异测试方法
传统的协议安全测试方法大多是单纯地对协议PDUs进行变异或随机扰动,并不涉及协议形式化模型技术。针对这种情况,本文提出了基于构造类别代数的安全变异测试方法。该方法兼顾了协议安全漏洞的总结和构造类别代数的结构特点,通过对基于构造类别代数形式化描述得到的一致性测试公式集施加安全变异以产生安全测试例集。该方法具有发现潜在安全问题的能力,并能充分利用一致性测试的中间成果,有利于安全测试过程和一致性测试过程的有机结合。
3)设计和实现了一个协议安全测试系统
本文还设计和实现了一个协议安全测试系统。该系统是分布式的,能灵活的适应多种网络环境和多种测试要求,既适用于协议攻击测试,也能用于安全变异测试。基于该系统能完成测试例开发、调试、执行、测试结果回收和分析的整个安全测试流程。
Protocol Engineering is an integrated and formalized process of protocol development, including protocol formal description, protocol verification, protocol implementation and protocol testing based on formal description. Protocol testing is an important part of protocol engineering.
These days the network becomes more and more complicated, and security threats and exploits emerge in endlessly. Communication protocols, acting as the foundation of the modern computer network, are also faced with multiple kinds of security threats. The protocol conformance testing, which is the basis of protocol testing, generally aims at checking whether the implementation of a protocol conforms to its specification. However, as a traditional functional testing method,it can't ensure the implementation's security. Protocol security testing is gradually becoming one hotspot in protocol testing area.
In this paper, protocol security testing is discussed, mainly including protocol attack testing and protocol security mutation testing based on Constructed Type Algebra. Protocol attack testing is in nature a penetration testing method on protocol implementations running on network equipment, which verifies the equipment's resistance ability against known protocol attacks. On the other hand, Construct Type Algebra (CIA) based protocol security mutation testing targets the disclosure of unknown faults and security problems. It first designs imitators based on the formal description model, then uses these mutators on conformance formulas to obtain security testing cases. These security testing cases are then used to verify or evaluate the protocol implementation's security.
The work of this paper includes:
1. Protocol attack testing model and method
This paper studies protocol attack testing systematically and holistically, and proposes solutions for each testing phrases.
Firstly an protocol attack description model in the view of testing is proposed. This model has the ability of describing multiple attributes of a protocol attack detailedly, including its principle, location, influence, relationship with other attacks, etc. It also helps in attack test cases generation, selection and execution.
Secondly, a uniform protocol attack testing framework is brought forward. A network path information based tester selection algorithm is proposed, in order to solve the tester distributing problem in the framework's practical deployment . This algorithm helps in averaging testing data flows and improve test result's reliability.
Thirdly, the sequences relationships and causalities between different test cases are discussed. An optimized test execution algorithm is proposed base on these relevancies. It decreases duplicated operations to improve test efficiency.
At last a security measurement method based on extended RBD and Criticality model is proposed, which draws quantitive security evaluation of the equipment under testing out of the test results.
2. Security mutation testing based on CTA
Construct Type Algebra is a formal description method based on algebraic specification, and is suitable for specifying the data parts and related processes of a protocol. Mutation analysis is a common technique in current security testing area. In this paper, mutation analysis is integrated with CTA specification, while the security vulnerabilities summarized by the above description method and the structural characteristic of CTA are both considered. All these result in a new protocol security testing method which bases on conformance formulas generated out from the conformance test generation algorithm. This method can generate security test cases through performing security related mutations on the formulas. This method has the ability of revealing potential security threats, and helps in evaluating the protocol's security. In addition, it can make full use of conformance testing's intermediate achievements, and organically integrates security testing with normal conformance testing procedure.
3. Design and implementation of a security testing system
At last, a protocol security testing system is designed and implemented in this paper. This system has a distributed architecture and therefore is flexible to multiple environments and different test requirements, and also has considerable expansibility. It is suitable for protocol attack testing, and also can be used in security mutation testing. In this system, the whole security testing procedure can be implemented ,including test cases development and debug, test execution and data collection, results analysis and report generation.
当前的网络环境日趋复杂,各种安全威胁事件层出不穷。作为计算机网络基础的通信协议,也面临着多种安全威胁。一些原来在封闭环境中使用的协议被逐渐用作公开协议,这也增加了协议的安全风险。传统的协议一致性测试是协议测试的基础,其目的是检查待测协议实现的行为与协议规范是否一致。但它作为一种传统的功能性测试,并不能完全保证协议实现的安全。因此协议安全测试正逐渐成为协议测试领域中的一个新热点。
本文针对协议安全性测试进行了研究,主要讨论了协议攻击测试以及基于构造类别代数的安全变异测试两个方面。在协议安全性的评价过程中,这两个方面是相辅相成的。协议攻击测试本质上是一种针对网络设备上运行的协议实现的渗透测试,是检验网络设备对已知协议攻击的抵御能力的测试。而基于构造类别代数的安全变异测试则通过针对协议的形式化描述设计变异算子,作用于一致性公式集来产生安全测试例集,以试图覆盖未知的协议错误和安全漏洞。
本文的研究工作主要集中在以下几个方面:
1)协议攻击测试模型和方法
本文对协议攻击测试进行了系统性、整体性的研究,对测试的每一阶段都提出了解决方案。
首先提出了面向测试的协议攻击描述模型,用于描述协议攻击的原理、发生位置、影响、彼此关联等多项属性,作为后续执行算法和安全性量化评价的基础。
然后针对分布式协议攻击测试框架实际部署中的测试者分布问题,提出一个基于网络路径信息的测试者选择算法,可以均衡测试流量和提高测试结果的可靠性。
考虑了攻击测试例之间的序列相关性和因果关系的影响,提出基于攻击测试例关联性的优化测试执行算法,通过动态执行减少测试中的重复操作,提高测试效率。
最后提出了基于改进的RBD and Criticality模型的安全性度量方法,根据协议攻击测试的结果集合对被测设备进行安全性量化评价。
2)基于构造类别代数的安全变异测试方法
传统的协议安全测试方法大多是单纯地对协议PDUs进行变异或随机扰动,并不涉及协议形式化模型技术。针对这种情况,本文提出了基于构造类别代数的安全变异测试方法。该方法兼顾了协议安全漏洞的总结和构造类别代数的结构特点,通过对基于构造类别代数形式化描述得到的一致性测试公式集施加安全变异以产生安全测试例集。该方法具有发现潜在安全问题的能力,并能充分利用一致性测试的中间成果,有利于安全测试过程和一致性测试过程的有机结合。
3)设计和实现了一个协议安全测试系统
本文还设计和实现了一个协议安全测试系统。该系统是分布式的,能灵活的适应多种网络环境和多种测试要求,既适用于协议攻击测试,也能用于安全变异测试。基于该系统能完成测试例开发、调试、执行、测试结果回收和分析的整个安全测试流程。
Protocol Engineering is an integrated and formalized process of protocol development, including protocol formal description, protocol verification, protocol implementation and protocol testing based on formal description. Protocol testing is an important part of protocol engineering.
These days the network becomes more and more complicated, and security threats and exploits emerge in endlessly. Communication protocols, acting as the foundation of the modern computer network, are also faced with multiple kinds of security threats. The protocol conformance testing, which is the basis of protocol testing, generally aims at checking whether the implementation of a protocol conforms to its specification. However, as a traditional functional testing method,it can't ensure the implementation's security. Protocol security testing is gradually becoming one hotspot in protocol testing area.
In this paper, protocol security testing is discussed, mainly including protocol attack testing and protocol security mutation testing based on Constructed Type Algebra. Protocol attack testing is in nature a penetration testing method on protocol implementations running on network equipment, which verifies the equipment's resistance ability against known protocol attacks. On the other hand, Construct Type Algebra (CIA) based protocol security mutation testing targets the disclosure of unknown faults and security problems. It first designs imitators based on the formal description model, then uses these mutators on conformance formulas to obtain security testing cases. These security testing cases are then used to verify or evaluate the protocol implementation's security.
The work of this paper includes:
1. Protocol attack testing model and method
This paper studies protocol attack testing systematically and holistically, and proposes solutions for each testing phrases.
Firstly an protocol attack description model in the view of testing is proposed. This model has the ability of describing multiple attributes of a protocol attack detailedly, including its principle, location, influence, relationship with other attacks, etc. It also helps in attack test cases generation, selection and execution.
Secondly, a uniform protocol attack testing framework is brought forward. A network path information based tester selection algorithm is proposed, in order to solve the tester distributing problem in the framework's practical deployment . This algorithm helps in averaging testing data flows and improve test result's reliability.
Thirdly, the sequences relationships and causalities between different test cases are discussed. An optimized test execution algorithm is proposed base on these relevancies. It decreases duplicated operations to improve test efficiency.
At last a security measurement method based on extended RBD and Criticality model is proposed, which draws quantitive security evaluation of the equipment under testing out of the test results.
2. Security mutation testing based on CTA
Construct Type Algebra is a formal description method based on algebraic specification, and is suitable for specifying the data parts and related processes of a protocol. Mutation analysis is a common technique in current security testing area. In this paper, mutation analysis is integrated with CTA specification, while the security vulnerabilities summarized by the above description method and the structural characteristic of CTA are both considered. All these result in a new protocol security testing method which bases on conformance formulas generated out from the conformance test generation algorithm. This method can generate security test cases through performing security related mutations on the formulas. This method has the ability of revealing potential security threats, and helps in evaluating the protocol's security. In addition, it can make full use of conformance testing's intermediate achievements, and organically integrates security testing with normal conformance testing procedure.
3. Design and implementation of a security testing system
At last, a protocol security testing system is designed and implemented in this paper. This system has a distributed architecture and therefore is flexible to multiple environments and different test requirements, and also has considerable expansibility. It is suitable for protocol attack testing, and also can be used in security mutation testing. In this system, the whole security testing procedure can be implemented ,including test cases development and debug, test execution and data collection, results analysis and report generation.
引文
Welch B B.2001.Tcl/Tk组合教程[M].王道义等译.第2版.电子工业出版社.
Kaner C,Falk J,Hung Quoc Nguyen.2004.计算机软什测试[M].王峰等译.第2版.机械工业出版社.
Wysopal C,Nelson L,Dino Dal Zowl,et al.2007.软件安全测试艺术[M].程永敬等译.机械工业出版社.
Hoare C A.1988.通讯顺序进程[M].周巢尘译.北京大学出版社.
Stuart McClure,Joel Scambray,George Kurtz.2003.黑客大曝光:网络安全机密与解决方案[M].王吉军等译.第2版.清华大学出版社.
龚正虎.1993.计算机网络协议工程[M].国防科技大学出版社.
龚正虎.1995.利用CCS的协议描述和验证技术的研究[J].计算机研究与发展:32(3):61-65.
过晓冰,伍卫国,刘敏.2002.网络传输时延的测量方法[J].计算机应用研究:200219(7):19-20.
柯尧,赵保华,屈玉贵.2005.基于组件系统的可靠性分析.北京邮电大学学报:28(6):115-119.
刘欣然.2004.网络攻击分类技术综述[J].通信学报,25(7):30-36
金虎,李志蜀,杨秋辉,李奇.2005.基于状态检测的TCP应用服务端安全测试[J].四川大学学报,工程科学版;37(4):119-123.
秦艳锋,罗军勇,寇晓蕤.2006.网络拓扑信息获取技术研究[J].微计算机信息:2006年15期:127-130
孙宁霖,屈玉贵,赵保华.2001.一种通信协议测试序列生成的新方法[J].通信学报;22(6):122-127.
孙宇霖.2002.基于构造类别代数协议测试理论的研究[D].博士论文,合肥:中国科学技术大学.
徐斌,钱德沛,陆月明,王磊.2001.一种基于抽象点的网络拓扑自动生成算法[J].小型微型计算机系统;22(4):411-414.
Aggarwal S,et al.1988.Protocol Specification,Testing,and Verification(Ⅷ)[S].Amsterdam:North-Holland.
Agrawal H,DeMillo R A,et al.1989.Design of Mutant Operators for the C Programming Language[R].Technical report SERC-TR-41-P,Software Engineering Research Center,Purdue University
Aho A V,Dahbura A T,Lee D et al.1991.An Optimization Technique for Protocol
Conformance Test Generation Based on UIO Sequences and Rural Chinese Postman Tours[J]. IEEE Transactions on Communications: 39(11): 1604-1615.
Aitel D.2004. The Advantages of Block-Based Protocol Analysis for Security Testing [EB/OL]. http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.pdf
Alvarez G., Petrovic S. 2003. A new taxonomy of Web attacks suitable for efficient encoding [EB/OL]. http://lists.oasis-open.org/archives/was/200308/pdF00000.pdf.
Allen, W.H., Chin Dou, Marin, G.A.2006. A Model-based Approach to the Security Testing of Network Protocol Implementations[C]. Local Computer Networks, Proceedings 2006 31st IEEE Conference on Nov. 2006:1008 - 1015
Amoroso E G. 1994.Fundamentals of Computer Security Technology [M]. Englewood Cliffs (New Jersey): Prentice Hall.
Aslam T. 1995.A taxonomy of security faults in the unix operation system [D]. Master's thesis, Purdue University, August.
Belina F, Hogrefe D.1989. The CCITT-Specification and Description Language SDL[J]. Computer Networks and ISDN Systems: 16(3): 311 -341.
Bertolino A,Nverardi P,Muccini H. 2003. Formal Methods in Testing Software Architecture Formal Methods for Software Architectures [C]. Third International School on Formal Methods for the Design of Computer, Communication and Software Systems: Software Architectures, SFM:22-27.
Bishop M. 1995. A taxonomy of UNIX system and network vulnerabilities [R]. Technical Report CSE-95-10, Department of Computer Science, University of California at Davis, May.
Bishop M, Dilger M. 1996. Checking for Race Conditions in File Access [J]. Computing Systems :9(2): 131-152.
Black P E, Okun V,et al. 2000.Mutation of Model Checker Specifications for Test Generation and Evaluation[M]. Mutation Testing for the New Century: 14-20.
Blyth D,Boldyreff C, Ruggles C et al..1990.The case for formal methods in standards[J]. IEEE Software:7(5):65-67.
Bologenesi. T, Brinksma.E.1987. Introduction to the ISO Specification Language LOTOS [J] .Computer Networks ISDN System: 14(1):25-57.
Bourhfir C, Abouilhamid E, Dssouli R et al. 2001. A Test Case Generation Approach for Conformance Testing of SDL Systems [J]. Computer Communications: 24(3-4): 319-333.
Budd T A, Gopal A. 1985. Program Testing by Specification Mutation [J]. Computer Languages: 10(1): 63-73
Caeeiari L, Rafiq 0.1999. Controllability and Observability in distributed testing [J]. Information and software technology:41(11-12):767-780
Chen M S ,Choi Y, Kershenbaum A. 1990. Approaches Utilizing Segment Overlap to Minimize Test Sequences [C]. Proceedings of the IFIP WG6.1 Tenth International Symposium on Protocol Specification, Testing and Verification: 85-98
Chen A. H. W.,Lyu M. R. 1999.Security Modeling and Evaluation for the Mobile Code Paradigm[M]. Advances in Computing Science — ASIAN'99:1792:784
Cheung T.-y. 1996. Petri nets for protocol engineering [J]. Computer Communications:1 9:1250-1257.
Chow T.S.1978. Testing Software Designs Modeled by Finite-State Machines [J]. IEEE Transactions on Software Engineering:4(3): 178-187.
Cohen F. 1997. Information system attacks: a preliminary classification scheme [J]. Computers and Security, 16(1):29-46.
DeMillo R A, Lipton R J, Sayward F G. 1978. Hints on test data selection: Help for the practicing programmer [J]. IEEE Computer: 11(4): 34-41.
Diaz M, et al. 1997. From multimedia models to multimedia transport protocols [J]. Computer Networks and ISDN Systems: 29(7):745~758.
Du Wenliang ,Mathur A P. 1997. Categorization of software errors that led to security breaches[R]. Technical Report COAST Technical Report 97-09, Purdue University, Department of Computer Sciences.
Du Wenliang, Mathur A P. 1998. Vulnerability Testing of Software System Using Fault Injection [R]. Tech. Report Coast TR98-02, Dept. of Comp. Science, Purdue Univ., Total pp. 20
Eronen J, Laakso M. 2005. A case for Protocol Dependency[C]. First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05):22-32.
Fabbri S. C, Delamaro M E, et al. 1994.Mutation Analysis Testing for Finite State Machine [M]. Proceedings of 5th International Symposium on Software Reliability Engineering: 220-229.
Flake H.2000. Finding holes in closed-source software (With IDA) [C]. On the Black Hat Briefings '01, April 26th - 27th Singapore.
Fujiwara S, G von Bochmann, Khendek F, et al. 1991. Test Selection Based on Finite State Models [J]. IEEE Transactions on Software Engineering: 17(6): 591-603.
Garfmkel S, Spafford G. 1996. Practical UNIX & Internet Security [M]. O'Reilly & Associates, Inc.
Gaudel M C, James P R. 1998. Testing Algebraic Data Types and Processes: A Unifying Theory[J]. Formal Aspects of Computing: 10(5-6): 436-451
Geer D, Harthorne J. 2002. Penetration Testing: a Duet[C], Computer Security Applications Conference, 2002 Proceedings. 18th Annual: 185 - 195
Gonenc G. 1970. A Method for the Design of Fault Detection Experiments [J]. IEEE Transactions on Computer: 19(6):551-558.
Green P E. 1986. Protocol Conversion [J]. IEEE Transactions on Communications:34(3):2 57-268.
Griffin J L. 1999. Testing Protocol Implementation Robustness [C]. 29th Annual International Symposium on Fault-Tolerant Computing,Carnegie Mellon University, 1996-06:15-18.
Guttag J V, Horowitz E, Musser D. 1978. Abstract Data Types and Software Validation [J]. Communications of the ACM :21(12):1048-1064.
Hamlet R G. 1977. Testing programs with the aid of a compiler [J]. IEEE Transactions on Software Engineering: 3(4):279-290.
Henniger 0, Neumann P. 1995. Test Case Generation Based on Formal Specification in Estelle [C]. Proceedings of WFCS '95, IEEE International Workshop on Factory Communication Systems: 135-141.
Hinchey M G. 1993. Formal methods for system specification [J]. IEEE Potentials, 12 (3):50-52.
Holzmann G J. 1991. Design and Validation of Computer Protocols [M]. Prentice-Hall, Engle wood, Cliffs, NJ.
Howard M, Lipner S.2006.The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software [M]. Secure Testing Policies: Fuzzing Testing: Chapter 12 Stage 7.Microsoft Press.
Howard J. 1997. An Analysis of Security Incidents on the Internet [R]. USA: Carnegie Mellon University.
Huang Chung-Ming, Chiang Meng-Shu, Ming-Yuhe. 1998. UIOE: a Protocol Test Sequence Generation Method Using the Transition Executability Analysis (TEA) [J]. Computer Communications, 21(16):1462-1475.
Icove D, Senger K, Vonstorch W. 1995.Computer Crime: A Crimefighter's Handbook [M]. O'Reilly & Associates, Inc.
International Standard Organization (ISO). 1984: Open System Interconnection-Basic Reference Model[S].
I0pht:http://www. I0pht.com/slint.html
ISO/IEC 8807: Information Processing Systems - Open Systems Interconnection - LOTOS -A Formal Description Technique Based on the Temporal Ordering of Observational Behavior[S]. 1989.
ISO/IEC 9074: Information Processing Systems - Open Systems Interconnection -ESTELLE - A Formal Description Technique Based on an Extended State Transition Model[S].1989
ITU-T. 1996.Recommendation Z.100: Specification and Description Languages SDL[S].
Jirachiefpattana A, Lai R.1995. An Estelle-NPN based system for protocol verification. COMPASS'95-Proceedings of the Annual Conference on computer Assurance.25~29 June:245-259.
Jonsson B, et al .1991. Protocol Specification, Testing, and Verification (XI) [S]. Amsterdam: North-Holland.
Kaksonen R, Laakso M, Takanen A.2000. Vulnerability Analysis of Software through Syntax Testing[EB/OL].
http://www.ee.oulu.fi/research/ouspg/protos/analysis/WP2000-robustness/
Koopman P, DeVale J. 2000. The Exception Handling Effectiveness of POSIX Operation Systems[J]. IEEE transactions of Software Engineering:26(9): 837-848.
Kropp N P,Koopman P J, Siewiorek D P. 1998. Automated Robustness Testing of Off-the-Shelf Software Components [C].28th Intl. Symp. on Fault Tolerant Computing, Munich, Germany, June.
Krsul I. 1998. Coast vulnerability database reference guide - draft version[R]. Tech. report, Purdue University, Department of Computer Sciences.
Lai R. 2002. A Survey of Communication Protocol Testing [J]. The Journal of Systems and Software: 62(1):21-46.
Larmouth J.ASN.1 Complete [EB/OL]. http://www.oss.com/asnl/larmouth.html
Leblanc S P, Roman P A. 2002.Reliability estimation of hierarchical software system[C]. Proceedings annual Reliability and Maintainability Symposium
Li Hua, Ye Xin Ming. 1998. Generation Executable Test Sequences Based on Petri-net for Combined Control an d Data Flow of Communication Protocol [C]. Proceedings of ICCT ' 98, International Conference on Communication Technology, 2:1-5.
Li Xuandong, Lilius J. 1999. Checking time Petri nets for linear duration properties, Petri Net and Performance Models[C]. Proceedings of PNPM'99:218-226
Linde R R. 1975. Operating system penetration [J]. AFIPS National Computer Conference:361-368
Linn R J, et al. 1992.Protocol Specification, Testing, and Verification(X III)[S].Amsterdam: North-Holland.
Logrippo L, MFaci, Haj-Hussein M.1992.An introduction to LOTOS: learning by examples [J], Computer Network and ISDN system: 23(5):325-342.
L0pht[HTML]: http://www. l0pht.com/slint.html
Neumann P. 1995. Computer Related Risks [M]. The ACM Press.
Maloku N, Pucko M F. 2001. SDL-based Feasible Test Generation for Communication Protocols[C]. EUROCON'2001, International Conference on Trends in Communications:2: 536-539.
Marquis S, Dean T H, Knight S.2005. SCL-a language for security testing of network applications [C]. Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research: 155-164
Marshall I. 1994 Specification and synthesis in interval temporal logic [C]. IEE Colloquium on Structured Methods for Hardware System Design: 4/1-4/3.
Mauw S, Oostdijk M.2005.Foundation of Attack Trees [C]. ICISC 2005: 186-198.
Meadows C. 1994. The Feasibility of Quantitive Assessment of Security[R]. Technical Report, Center for High Assurance Computer System Naval Research Laboratory.
McCauley E J, Drongowski P J. 1979. The design of a secure operating system [C]. In National Computer Conference.
Mehrpour H., Karbowiak A.E.1990. Modelling and analysis of DOD TCP/IP protocol using numerical Petri nets[C].IEEE Region 10 Conference on Computer and Communication Systems:2:617-622.
Mill B.P., et al.1995.Fuzz Revisted: A Re-examination of the Reliablility of Unix Utilities and Services[R]. Computer Science Department, University of Wisconsin
Milner R. 1980.Calculus of Communication Systems[C], volume 94 of Lecture Notes in Computer Science, Springer-Verlag, Heidelberg, Germany.
Moy J. 1998. OSPF Version 2, RFC2328[S].
Naito S, Tsunoyama M. 1981. Fault Detection for Sequential Machines by Transition Tours[C]. Proceedings of IEEE Fault Tolerant Computing Conference: 238-243.
Offutt A J, Voas J, et al.1996.Mutation Operators for Ada[R]. Tech. Report ISSE-TR-96-09, Department of Information and Software Systems Engineering, George Mason University.
Offutt A J, Xiong Yiwei, Liu Shaoying.1999.Criteria for Generating Specification-Based Tests[C]. ICECCS '99, Fifth IEEE International Conference on Engineering of Complex Computer Systems: 119-129.
PacketFactory [HTML], http://www.packetfactory.net/
Pang Qixiang, Cheng Shiduan, Jin Yuehui. 1996. Protocol Conformance Test Suite
Generation [C]. Proceedings of ICCT'96, International Conference on Communication Technology: 1:218-222.
Ramalingom T, Thulasiraman K, Das A. 2003. Context Independent Unique State Identification Sequences for Testing Communication Protocols Modeled as Extended Finite State Machines [J]. Computer Communications, 26(14): 1622-1633
Rekhter Y, Li T. 1995.A Border Gateway Protocol (BGP-4), RFC1771 [S].
Richard J. Linn, Jr. 1995.Conformance Testing for OSI Protocols [M], IEEE Computer Society Press :115-131
Rickard J.1996.Mapping the internet with traceroute [J]. Boardwatch magazine: 10(12).
Rudin H. 1988. Protocol engineering: a Critical assessment. Protocol Specification, Testing and Verification (VIII) [S].Amsterdam: North-Holland.
Russell D, Gangemi G. 1991 .Computer Security Basics [M]. O'Reilly & Associates, Inc
Sabnani K, Dahbura A. 1988.A Protocol Test Generation Procedure [J], Computer Networks and ISDN Systems: 15(2):285-297.
Saqui-sannes P, Courtiat J P.1989.ESTIM: Simulating Estelle Description of OSI Protocols[C]. Proceedings of the 1989 Singapore International Conference on Networks: 144-149
Schwartz Richard L, Melliar-Smith P. M. 1982. From state machines to temporal logic: specification methods for protocol standards [J]. IEEE Transactions on Communications: 30(12): 2486-2496.
Shen Y N, Lombardi F, Dahbura A T. 1992.Protocol Conformance Testing Using Multiple UIO Sequences [J]. IEEE Transactions on Communications:40(8):1282-1287.
Sidhu D P, Leung T K. 1989. Formal methods for protocol testing: a detailed study[J]. IEEE Transactions on Software Engineering: 15(4):413-426.
S. do Rocio Senger de Souza, Maldonado J C, S. Camargo Pinto Ferraz Fabbri, and W.Lopes de Souza. 2000. Mutation Testing Applied to Estelle Specifications[C]. Proceedings of the 33~(rd) Annual Hawaii International Conference on System Sciences: 2940-2949.
Spafford E H.1990. Extending Mutation Testing to Find Environmental Bugs [J]. Software Practice and Experience:20(2):181-189.
Su Tong, Chen Junliang, Cheng Shiduan. 1992. Test Sequence Generation for Protocol Conformance Testing [C]. Singapore ICCS/ISITA'92:1:204-208.
Tanenbaum A S.1997.Computer Networks [M].3rd-ed. Prentice-Hall.
Tekla P, Paul W. 1984.Can computer crime be stopped? [J]. IEEE Spectrum: 21(5): 34-45
Thompson H.H. 2005. Application penetration testing [J].Security & Privacy Magazine, IEEE:3(1):66-69
Turcotte Y, Tal O ,Knight S et al. 2004. Security vulnerabilities assessment of the X.509 protocol by syntax-based testing [C].Military Communications Conference: 3:1572-1578
Ural H, H. van der Schoot. 1995. Data flow oriented test selection for LOTOS [J]. Computer Networks and ISDN Systems:27(7): 1111-1136.
Ural H, Saleh K, Willianms A. 2000. Test Generation Based on Control and Data Dependencies within System Specifications in SDL [J]. Computer Communications:23(7): 609-627.
Voas J. 1996. Testing software for characteristics other than correctness: Safety, failure tolerance, and security [C]. Proc, of the Int'l Conference on Testing Computer Software.
Voas J, McGraw G. 1998. Software Fault Injection: Inoculating Programs Against Errors [M]. John Wiley & Sons, Inc.
Viega J, Bloch J T, Yoshi Kohno, et al.2000.ITS4: A Static Vulnerability Scanner for C and C++ Code[C]. 16th Annual Computer Security Applications Conference (ACSAC'00):257
Viega J, Mutdosch T, McGraw G, et al. 2000. Statically Scanning Java Code: Finding Security Vulnerabilities [J]. IEEE Software :17(5):68-74.
Vijayananda K. 1996. Distributed Fault Detection in Communication Protocols Using Extended Finite State Machines [C]. Proceedings of International Conference on Parallel and Distributed Systems:310-318.
Wagner D, Foster J S, Brewer E A, et al.2000. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities [C]. Preceedings of Network and Distributed Systems Security Symposium (NDSS 2000).
Wang Andy Ju An. 2004. Security Testing in Software Engineering Courses [J]. 34th ASEE/IEEE Frontiers in Education Conference.
Wang Chang-Jia, Liu Ming T. 1992. Axiomatic test sequence generation for extended finite state machines [C]. Proceedings of the 12~(th) International Conference on Distributed Computing Systems:252-259.
Wang Chang-Jia, Liu Ming T. 1993. Automatic Test Case Generation for Estelle [C]. Proceedings of International Conference on Network Protocols:225 -232.
Wang Lechun, Zhu Peidong, Gong Zhenghu.2005. RI-Po robustness-testing of BGP through specification mutations [C]. Jointly held with the 2005 IEEE 7th Malaysia International Conference on Communication., 13th IEEE International Conference on Networks:2:5.
Watanabe H, Kudoh T. 1995. Test Generation Methods for Concurrent Systems based on Colored Petri Nets [C]. Proceedings of 1995 Asia Pacific Software Engineering Conference: 242-251.
Weaver N, Paxson V, Staniford S, et al.2003.A taxonomy of computer worms[EB/OL]. http://www.cs.berkeley.edu/~nweaver /papers/taxonomy, pdf
Wong W E. 1993.0n Mutation and Data Flow [D]. PhD Thesis, Software Engineering Research Center, Purdue University.
Wu Wen-Jer, Ho Jui-Kuang, Tang Chuan Yi. 1998. A Simple Method for Deriving I/O Constraints from Test Sequences [C]. Proceedings of ICOIN-12, Twelfth International Conference on Information Networking: 613-616.
Xiao Shu, Deng Lijun, Li Sheng et al. 2003. PDUS-Integrated TCPIP protocol software testing for vulnerability detection [C]. Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing (ICCNMC'03).
Yao TinYu , Gouda M. 1982. Deadlock detection for a class of communicating finite stat e machines[J]. IEEE Transactions on Communications: 30 (12):2514-2518.
Zhu J, Chanson S T. 1993.Fault Coverage Evaluation of Protocol Test Sequences[R]. Technical Report: TR-93-19 . University of British Columbia.
Kaner C,Falk J,Hung Quoc Nguyen.2004.计算机软什测试[M].王峰等译.第2版.机械工业出版社.
Wysopal C,Nelson L,Dino Dal Zowl,et al.2007.软件安全测试艺术[M].程永敬等译.机械工业出版社.
Hoare C A.1988.通讯顺序进程[M].周巢尘译.北京大学出版社.
Stuart McClure,Joel Scambray,George Kurtz.2003.黑客大曝光:网络安全机密与解决方案[M].王吉军等译.第2版.清华大学出版社.
龚正虎.1993.计算机网络协议工程[M].国防科技大学出版社.
龚正虎.1995.利用CCS的协议描述和验证技术的研究[J].计算机研究与发展:32(3):61-65.
过晓冰,伍卫国,刘敏.2002.网络传输时延的测量方法[J].计算机应用研究:200219(7):19-20.
柯尧,赵保华,屈玉贵.2005.基于组件系统的可靠性分析.北京邮电大学学报:28(6):115-119.
刘欣然.2004.网络攻击分类技术综述[J].通信学报,25(7):30-36
金虎,李志蜀,杨秋辉,李奇.2005.基于状态检测的TCP应用服务端安全测试[J].四川大学学报,工程科学版;37(4):119-123.
秦艳锋,罗军勇,寇晓蕤.2006.网络拓扑信息获取技术研究[J].微计算机信息:2006年15期:127-130
孙宁霖,屈玉贵,赵保华.2001.一种通信协议测试序列生成的新方法[J].通信学报;22(6):122-127.
孙宇霖.2002.基于构造类别代数协议测试理论的研究[D].博士论文,合肥:中国科学技术大学.
徐斌,钱德沛,陆月明,王磊.2001.一种基于抽象点的网络拓扑自动生成算法[J].小型微型计算机系统;22(4):411-414.
Aggarwal S,et al.1988.Protocol Specification,Testing,and Verification(Ⅷ)[S].Amsterdam:North-Holland.
Agrawal H,DeMillo R A,et al.1989.Design of Mutant Operators for the C Programming Language[R].Technical report SERC-TR-41-P,Software Engineering Research Center,Purdue University
Aho A V,Dahbura A T,Lee D et al.1991.An Optimization Technique for Protocol
Conformance Test Generation Based on UIO Sequences and Rural Chinese Postman Tours[J]. IEEE Transactions on Communications: 39(11): 1604-1615.
Aitel D.2004. The Advantages of Block-Based Protocol Analysis for Security Testing [EB/OL]. http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.pdf
Alvarez G., Petrovic S. 2003. A new taxonomy of Web attacks suitable for efficient encoding [EB/OL]. http://lists.oasis-open.org/archives/was/200308/pdF00000.pdf.
Allen, W.H., Chin Dou, Marin, G.A.2006. A Model-based Approach to the Security Testing of Network Protocol Implementations[C]. Local Computer Networks, Proceedings 2006 31st IEEE Conference on Nov. 2006:1008 - 1015
Amoroso E G. 1994.Fundamentals of Computer Security Technology [M]. Englewood Cliffs (New Jersey): Prentice Hall.
Aslam T. 1995.A taxonomy of security faults in the unix operation system [D]. Master's thesis, Purdue University, August.
Belina F, Hogrefe D.1989. The CCITT-Specification and Description Language SDL[J]. Computer Networks and ISDN Systems: 16(3): 311 -341.
Bertolino A,Nverardi P,Muccini H. 2003. Formal Methods in Testing Software Architecture Formal Methods for Software Architectures [C]. Third International School on Formal Methods for the Design of Computer, Communication and Software Systems: Software Architectures, SFM:22-27.
Bishop M. 1995. A taxonomy of UNIX system and network vulnerabilities [R]. Technical Report CSE-95-10, Department of Computer Science, University of California at Davis, May.
Bishop M, Dilger M. 1996. Checking for Race Conditions in File Access [J]. Computing Systems :9(2): 131-152.
Black P E, Okun V,et al. 2000.Mutation of Model Checker Specifications for Test Generation and Evaluation[M]. Mutation Testing for the New Century: 14-20.
Blyth D,Boldyreff C, Ruggles C et al..1990.The case for formal methods in standards[J]. IEEE Software:7(5):65-67.
Bologenesi. T, Brinksma.E.1987. Introduction to the ISO Specification Language LOTOS [J] .Computer Networks ISDN System: 14(1):25-57.
Bourhfir C, Abouilhamid E, Dssouli R et al. 2001. A Test Case Generation Approach for Conformance Testing of SDL Systems [J]. Computer Communications: 24(3-4): 319-333.
Budd T A, Gopal A. 1985. Program Testing by Specification Mutation [J]. Computer Languages: 10(1): 63-73
Caeeiari L, Rafiq 0.1999. Controllability and Observability in distributed testing [J]. Information and software technology:41(11-12):767-780
Chen M S ,Choi Y, Kershenbaum A. 1990. Approaches Utilizing Segment Overlap to Minimize Test Sequences [C]. Proceedings of the IFIP WG6.1 Tenth International Symposium on Protocol Specification, Testing and Verification: 85-98
Chen A. H. W.,Lyu M. R. 1999.Security Modeling and Evaluation for the Mobile Code Paradigm[M]. Advances in Computing Science — ASIAN'99:1792:784
Cheung T.-y. 1996. Petri nets for protocol engineering [J]. Computer Communications:1 9:1250-1257.
Chow T.S.1978. Testing Software Designs Modeled by Finite-State Machines [J]. IEEE Transactions on Software Engineering:4(3): 178-187.
Cohen F. 1997. Information system attacks: a preliminary classification scheme [J]. Computers and Security, 16(1):29-46.
DeMillo R A, Lipton R J, Sayward F G. 1978. Hints on test data selection: Help for the practicing programmer [J]. IEEE Computer: 11(4): 34-41.
Diaz M, et al. 1997. From multimedia models to multimedia transport protocols [J]. Computer Networks and ISDN Systems: 29(7):745~758.
Du Wenliang ,Mathur A P. 1997. Categorization of software errors that led to security breaches[R]. Technical Report COAST Technical Report 97-09, Purdue University, Department of Computer Sciences.
Du Wenliang, Mathur A P. 1998. Vulnerability Testing of Software System Using Fault Injection [R]. Tech. Report Coast TR98-02, Dept. of Comp. Science, Purdue Univ., Total pp. 20
Eronen J, Laakso M. 2005. A case for Protocol Dependency[C]. First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05):22-32.
Fabbri S. C, Delamaro M E, et al. 1994.Mutation Analysis Testing for Finite State Machine [M]. Proceedings of 5th International Symposium on Software Reliability Engineering: 220-229.
Flake H.2000. Finding holes in closed-source software (With IDA) [C]. On the Black Hat Briefings '01, April 26th - 27th Singapore.
Fujiwara S, G von Bochmann, Khendek F, et al. 1991. Test Selection Based on Finite State Models [J]. IEEE Transactions on Software Engineering: 17(6): 591-603.
Garfmkel S, Spafford G. 1996. Practical UNIX & Internet Security [M]. O'Reilly & Associates, Inc.
Gaudel M C, James P R. 1998. Testing Algebraic Data Types and Processes: A Unifying Theory[J]. Formal Aspects of Computing: 10(5-6): 436-451
Geer D, Harthorne J. 2002. Penetration Testing: a Duet[C], Computer Security Applications Conference, 2002 Proceedings. 18th Annual: 185 - 195
Gonenc G. 1970. A Method for the Design of Fault Detection Experiments [J]. IEEE Transactions on Computer: 19(6):551-558.
Green P E. 1986. Protocol Conversion [J]. IEEE Transactions on Communications:34(3):2 57-268.
Griffin J L. 1999. Testing Protocol Implementation Robustness [C]. 29th Annual International Symposium on Fault-Tolerant Computing,Carnegie Mellon University, 1996-06:15-18.
Guttag J V, Horowitz E, Musser D. 1978. Abstract Data Types and Software Validation [J]. Communications of the ACM :21(12):1048-1064.
Hamlet R G. 1977. Testing programs with the aid of a compiler [J]. IEEE Transactions on Software Engineering: 3(4):279-290.
Henniger 0, Neumann P. 1995. Test Case Generation Based on Formal Specification in Estelle [C]. Proceedings of WFCS '95, IEEE International Workshop on Factory Communication Systems: 135-141.
Hinchey M G. 1993. Formal methods for system specification [J]. IEEE Potentials, 12 (3):50-52.
Holzmann G J. 1991. Design and Validation of Computer Protocols [M]. Prentice-Hall, Engle wood, Cliffs, NJ.
Howard M, Lipner S.2006.The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software [M]. Secure Testing Policies: Fuzzing Testing: Chapter 12 Stage 7.Microsoft Press.
Howard J. 1997. An Analysis of Security Incidents on the Internet [R]. USA: Carnegie Mellon University.
Huang Chung-Ming, Chiang Meng-Shu, Ming-Yuhe. 1998. UIOE: a Protocol Test Sequence Generation Method Using the Transition Executability Analysis (TEA) [J]. Computer Communications, 21(16):1462-1475.
Icove D, Senger K, Vonstorch W. 1995.Computer Crime: A Crimefighter's Handbook [M]. O'Reilly & Associates, Inc.
International Standard Organization (ISO). 1984: Open System Interconnection-Basic Reference Model[S].
I0pht:http://www. I0pht.com/slint.html
ISO/IEC 8807: Information Processing Systems - Open Systems Interconnection - LOTOS -A Formal Description Technique Based on the Temporal Ordering of Observational Behavior[S]. 1989.
ISO/IEC 9074: Information Processing Systems - Open Systems Interconnection -ESTELLE - A Formal Description Technique Based on an Extended State Transition Model[S].1989
ITU-T. 1996.Recommendation Z.100: Specification and Description Languages SDL[S].
Jirachiefpattana A, Lai R.1995. An Estelle-NPN based system for protocol verification. COMPASS'95-Proceedings of the Annual Conference on computer Assurance.25~29 June:245-259.
Jonsson B, et al .1991. Protocol Specification, Testing, and Verification (XI) [S]. Amsterdam: North-Holland.
Kaksonen R, Laakso M, Takanen A.2000. Vulnerability Analysis of Software through Syntax Testing[EB/OL].
http://www.ee.oulu.fi/research/ouspg/protos/analysis/WP2000-robustness/
Koopman P, DeVale J. 2000. The Exception Handling Effectiveness of POSIX Operation Systems[J]. IEEE transactions of Software Engineering:26(9): 837-848.
Kropp N P,Koopman P J, Siewiorek D P. 1998. Automated Robustness Testing of Off-the-Shelf Software Components [C].28th Intl. Symp. on Fault Tolerant Computing, Munich, Germany, June.
Krsul I. 1998. Coast vulnerability database reference guide - draft version[R]. Tech. report, Purdue University, Department of Computer Sciences.
Lai R. 2002. A Survey of Communication Protocol Testing [J]. The Journal of Systems and Software: 62(1):21-46.
Larmouth J.ASN.1 Complete [EB/OL]. http://www.oss.com/asnl/larmouth.html
Leblanc S P, Roman P A. 2002.Reliability estimation of hierarchical software system[C]. Proceedings annual Reliability and Maintainability Symposium
Li Hua, Ye Xin Ming. 1998. Generation Executable Test Sequences Based on Petri-net for Combined Control an d Data Flow of Communication Protocol [C]. Proceedings of ICCT ' 98, International Conference on Communication Technology, 2:1-5.
Li Xuandong, Lilius J. 1999. Checking time Petri nets for linear duration properties, Petri Net and Performance Models[C]. Proceedings of PNPM'99:218-226
Linde R R. 1975. Operating system penetration [J]. AFIPS National Computer Conference:361-368
Linn R J, et al. 1992.Protocol Specification, Testing, and Verification(X III)[S].Amsterdam: North-Holland.
Logrippo L, MFaci, Haj-Hussein M.1992.An introduction to LOTOS: learning by examples [J], Computer Network and ISDN system: 23(5):325-342.
L0pht[HTML]: http://www. l0pht.com/slint.html
Neumann P. 1995. Computer Related Risks [M]. The ACM Press.
Maloku N, Pucko M F. 2001. SDL-based Feasible Test Generation for Communication Protocols[C]. EUROCON'2001, International Conference on Trends in Communications:2: 536-539.
Marquis S, Dean T H, Knight S.2005. SCL-a language for security testing of network applications [C]. Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research: 155-164
Marshall I. 1994 Specification and synthesis in interval temporal logic [C]. IEE Colloquium on Structured Methods for Hardware System Design: 4/1-4/3.
Mauw S, Oostdijk M.2005.Foundation of Attack Trees [C]. ICISC 2005: 186-198.
Meadows C. 1994. The Feasibility of Quantitive Assessment of Security[R]. Technical Report, Center for High Assurance Computer System Naval Research Laboratory.
McCauley E J, Drongowski P J. 1979. The design of a secure operating system [C]. In National Computer Conference.
Mehrpour H., Karbowiak A.E.1990. Modelling and analysis of DOD TCP/IP protocol using numerical Petri nets[C].IEEE Region 10 Conference on Computer and Communication Systems:2:617-622.
Mill B.P., et al.1995.Fuzz Revisted: A Re-examination of the Reliablility of Unix Utilities and Services[R]. Computer Science Department, University of Wisconsin
Milner R. 1980.Calculus of Communication Systems[C], volume 94 of Lecture Notes in Computer Science, Springer-Verlag, Heidelberg, Germany.
Moy J. 1998. OSPF Version 2, RFC2328[S].
Naito S, Tsunoyama M. 1981. Fault Detection for Sequential Machines by Transition Tours[C]. Proceedings of IEEE Fault Tolerant Computing Conference: 238-243.
Offutt A J, Voas J, et al.1996.Mutation Operators for Ada[R]. Tech. Report ISSE-TR-96-09, Department of Information and Software Systems Engineering, George Mason University.
Offutt A J, Xiong Yiwei, Liu Shaoying.1999.Criteria for Generating Specification-Based Tests[C]. ICECCS '99, Fifth IEEE International Conference on Engineering of Complex Computer Systems: 119-129.
PacketFactory [HTML], http://www.packetfactory.net/
Pang Qixiang, Cheng Shiduan, Jin Yuehui. 1996. Protocol Conformance Test Suite
Generation [C]. Proceedings of ICCT'96, International Conference on Communication Technology: 1:218-222.
Ramalingom T, Thulasiraman K, Das A. 2003. Context Independent Unique State Identification Sequences for Testing Communication Protocols Modeled as Extended Finite State Machines [J]. Computer Communications, 26(14): 1622-1633
Rekhter Y, Li T. 1995.A Border Gateway Protocol (BGP-4), RFC1771 [S].
Richard J. Linn, Jr. 1995.Conformance Testing for OSI Protocols [M], IEEE Computer Society Press :115-131
Rickard J.1996.Mapping the internet with traceroute [J]. Boardwatch magazine: 10(12).
Rudin H. 1988. Protocol engineering: a Critical assessment. Protocol Specification, Testing and Verification (VIII) [S].Amsterdam: North-Holland.
Russell D, Gangemi G. 1991 .Computer Security Basics [M]. O'Reilly & Associates, Inc
Sabnani K, Dahbura A. 1988.A Protocol Test Generation Procedure [J], Computer Networks and ISDN Systems: 15(2):285-297.
Saqui-sannes P, Courtiat J P.1989.ESTIM: Simulating Estelle Description of OSI Protocols[C]. Proceedings of the 1989 Singapore International Conference on Networks: 144-149
Schwartz Richard L, Melliar-Smith P. M. 1982. From state machines to temporal logic: specification methods for protocol standards [J]. IEEE Transactions on Communications: 30(12): 2486-2496.
Shen Y N, Lombardi F, Dahbura A T. 1992.Protocol Conformance Testing Using Multiple UIO Sequences [J]. IEEE Transactions on Communications:40(8):1282-1287.
Sidhu D P, Leung T K. 1989. Formal methods for protocol testing: a detailed study[J]. IEEE Transactions on Software Engineering: 15(4):413-426.
S. do Rocio Senger de Souza, Maldonado J C, S. Camargo Pinto Ferraz Fabbri, and W.Lopes de Souza. 2000. Mutation Testing Applied to Estelle Specifications[C]. Proceedings of the 33~(rd) Annual Hawaii International Conference on System Sciences: 2940-2949.
Spafford E H.1990. Extending Mutation Testing to Find Environmental Bugs [J]. Software Practice and Experience:20(2):181-189.
Su Tong, Chen Junliang, Cheng Shiduan. 1992. Test Sequence Generation for Protocol Conformance Testing [C]. Singapore ICCS/ISITA'92:1:204-208.
Tanenbaum A S.1997.Computer Networks [M].3rd-ed. Prentice-Hall.
Tekla P, Paul W. 1984.Can computer crime be stopped? [J]. IEEE Spectrum: 21(5): 34-45
Thompson H.H. 2005. Application penetration testing [J].Security & Privacy Magazine, IEEE:3(1):66-69
Turcotte Y, Tal O ,Knight S et al. 2004. Security vulnerabilities assessment of the X.509 protocol by syntax-based testing [C].Military Communications Conference: 3:1572-1578
Ural H, H. van der Schoot. 1995. Data flow oriented test selection for LOTOS [J]. Computer Networks and ISDN Systems:27(7): 1111-1136.
Ural H, Saleh K, Willianms A. 2000. Test Generation Based on Control and Data Dependencies within System Specifications in SDL [J]. Computer Communications:23(7): 609-627.
Voas J. 1996. Testing software for characteristics other than correctness: Safety, failure tolerance, and security [C]. Proc, of the Int'l Conference on Testing Computer Software.
Voas J, McGraw G. 1998. Software Fault Injection: Inoculating Programs Against Errors [M]. John Wiley & Sons, Inc.
Viega J, Bloch J T, Yoshi Kohno, et al.2000.ITS4: A Static Vulnerability Scanner for C and C++ Code[C]. 16th Annual Computer Security Applications Conference (ACSAC'00):257
Viega J, Mutdosch T, McGraw G, et al. 2000. Statically Scanning Java Code: Finding Security Vulnerabilities [J]. IEEE Software :17(5):68-74.
Vijayananda K. 1996. Distributed Fault Detection in Communication Protocols Using Extended Finite State Machines [C]. Proceedings of International Conference on Parallel and Distributed Systems:310-318.
Wagner D, Foster J S, Brewer E A, et al.2000. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities [C]. Preceedings of Network and Distributed Systems Security Symposium (NDSS 2000).
Wang Andy Ju An. 2004. Security Testing in Software Engineering Courses [J]. 34th ASEE/IEEE Frontiers in Education Conference.
Wang Chang-Jia, Liu Ming T. 1992. Axiomatic test sequence generation for extended finite state machines [C]. Proceedings of the 12~(th) International Conference on Distributed Computing Systems:252-259.
Wang Chang-Jia, Liu Ming T. 1993. Automatic Test Case Generation for Estelle [C]. Proceedings of International Conference on Network Protocols:225 -232.
Wang Lechun, Zhu Peidong, Gong Zhenghu.2005. RI-Po robustness-testing of BGP through specification mutations [C]. Jointly held with the 2005 IEEE 7th Malaysia International Conference on Communication., 13th IEEE International Conference on Networks:2:5.
Watanabe H, Kudoh T. 1995. Test Generation Methods for Concurrent Systems based on Colored Petri Nets [C]. Proceedings of 1995 Asia Pacific Software Engineering Conference: 242-251.
Weaver N, Paxson V, Staniford S, et al.2003.A taxonomy of computer worms[EB/OL]. http://www.cs.berkeley.edu/~nweaver /papers/taxonomy, pdf
Wong W E. 1993.0n Mutation and Data Flow [D]. PhD Thesis, Software Engineering Research Center, Purdue University.
Wu Wen-Jer, Ho Jui-Kuang, Tang Chuan Yi. 1998. A Simple Method for Deriving I/O Constraints from Test Sequences [C]. Proceedings of ICOIN-12, Twelfth International Conference on Information Networking: 613-616.
Xiao Shu, Deng Lijun, Li Sheng et al. 2003. PDUS-Integrated TCPIP protocol software testing for vulnerability detection [C]. Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing (ICCNMC'03).
Yao TinYu , Gouda M. 1982. Deadlock detection for a class of communicating finite stat e machines[J]. IEEE Transactions on Communications: 30 (12):2514-2518.
Zhu J, Chanson S T. 1993.Fault Coverage Evaluation of Protocol Test Sequences[R]. Technical Report: TR-93-19 . University of British Columbia.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |