A SIP Security Testing Framework

Srinivasan, Hemanth; Sarac, Kamil

doi:10.1109/ccnc.2009.4784778

Cited by 4 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly, there are frameworks that address system atic methods of security testing for automotive Blue tooth, Vehicular Ad Hoc Networks (VANETS) in Intelli gent Transportation Systems (ITS) and road services [11], [12], [13]. Finally there are integrated security testing frameworks that improve the standardized methods [9], [14], [15], [16], [17]. All of these works, however, do not encompass a defined process for automated security testing of complete automotive systems in a holistic manner.…”

Section: Related Workmentioning

confidence: 99%

A Process to Facilitate Automated Automotive Cybersecurity Testing

Marksteiner

Marko

Smulders³

et al. 2021

2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring)

View full text Add to dashboard Cite

Modem vehicles become increasingly digital ized with advanced information technology-based solutions like advanced driving assistance systems and vehicle-to-x communications. These systems are complex and intercon nected. Rising complexity and increasing outside exposure has created a steadily rising demand for more cyber-secure systems. Thus, also standardization bodies and regulators issued standards and regulations to prescribe more secure development processes. This security, however, also has to be validated and verified. In order to keep pace with the need for more thorough, quicker and comparable testing, today's generally manual testing processes have to be structured and optimized. Based on existing and emerging standards for cybersecurity engineering, this paper therefore outlines a structured testing process for verifying and validating automotive cybersecurity, for which there is no standardized method so far. Despite presenting a commonly structured framework, the process is flexible in order to allow imple menters to utilize their own, accustomed toolsets.

show abstract

Section: Related Workmentioning

confidence: 99%

A Process to Facilitate Automated Automotive Cybersecurity Testing

Marksteiner

Marko

Smulders³

et al. 2021

2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring)

View full text Add to dashboard Cite

show abstract

“…state transition to achieve the goal) might have some adverse effects, especially in the case of complex goals. The fitness function defined in [9], though being similar in goal, may not be effective in detecting deeply rooted vulnerabilities. KiF [10] uses model inference with manually crafted inputs for state transitions, whereas we tried to automatize this step using GA and the attack grammar.…”

Section: Related Workmentioning

confidence: 99%

XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing

Duchene

Groz

Rawat

et al. 2012

2012 IEEE Fifth International Conference on Software Testing, Verification and Validation

View full text Add to dashboard Cite

Workshop website: http://www.spacios.eu/sectest2012/International audienceWe present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algorithm (GA). GA uses the learned formal model to automatically generate inputs with better fitness values towards triggering an instance of the given vulnerability

show abstract

“…For that purpose the authors have used a customized analysis tool with the ability to synthesize and launch different types of attacks. The work in [20] analyzes several attacks that are being made on the SIP architecture. Within such purpose, the authors give a brief introduction to some of the most common attacks on SIP, and then describe a framework to effectively test several security aspects of a SIP network and thereby help mitigate such attacks.…”

Section: Introductionmentioning

confidence: 99%

Towards automated test and validation of SIP solutions

et al. 2015

View full text Add to dashboard Cite

IP networks are currently the major communication infrastructure used by an increasing number of applications and heterogeneous services, including voice services. In this context, the Session Initiation Protocol (SIP) is a signaling protocol widely used for controlling multimedia communication sessions such as voice or video calls over IP networks, thus performing vital functions in an extensive set of public and enterprise solutions. However, the SIP protocol dissemination also entails some challenges, such as the complexity associated with the testing/validation processes of IMS/SIP networks. As a consequence, manual IMS/SIP testing solutions are inherently costly and time consuming tasks, being crucial to develop automated approaches in this specific area. In this perspective, this article presents an experimental approach for automated testing/validation of SIP scenarios in IMS networks. For that purpose, an automation framework is proposed allowing to replicate the configuration of SIP equipment from the production network and submit such equipment to a battery of tests in the testing network. The proposed so

show abstract

A SIP Security Testing Framework

Cited by 4 publications

References 9 publications

A Process to Facilitate Automated Automotive Cybersecurity Testing

A Process to Facilitate Automated Automotive Cybersecurity Testing

XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing

Towards automated test and validation of SIP solutions

Contact Info

Product

Resources

About