Model inference and security testing in the spacios project

Büchler, Matthias; Hossen, Karim; Mihancea, Petru Florin; Minea, Marius; Groz, Roland; Oriat, Catherine

doi:10.1109/csmr-wcre.2014.6747207

Cited by 7 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The hW -inference method was implemented in the SIMPA 2 model inference framework (Büchler et al, 2014), which already included implementations of the algorithms by Rivest & Schapire and LocW, as well as various other algorithms for resettable systems. All experiments with SIMPA have been performed on a desktop computer with an Intel R Xeon R E3-1246 v3 processor, 3.50 GHz and 32 GB of RAM.…”

Section: Methodsmentioning

confidence: 99%

“…Model learning from a black box has received growing interest in software engineering to retrieve models of legacy software systems or components for various purposes, such as documentation as in "specification mining" (Ammons et al, 2002), verification with model checkers (Peled et al, 1999), security analysis (Büchler et al, 2014) etc. For reactive systems, the resulting models are in general input/output transition systems, or, if inputs and outputs alternate synchronously, Mealy machines, often called Finite State Machines (FSMs).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

hW-inference: A heuristic approach to retrieve models through black box testing

Groz

Brémond

Simão

et al. 2020

Journal of Systems and Software

Self Cite

View full text Add to dashboard Cite

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

hW-inference: A heuristic approach to retrieve models through black box testing

Groz

Brémond

Simão

et al. 2020

Journal of Systems and Software

Self Cite

View full text Add to dashboard Cite

“…We only came across this technique recently, but it has been used for security analyses by others before, e.g. to analyse botnets [26] and more recently web applications [27].…”

Section: Implementationsmentioning

confidence: 99%

Protocol State Machines and Session Languages: Specification, implementation, and Security Flaws

Poll

Ruiter

Schubert

2015

2015 IEEE Security and Privacy Workshops

View full text Add to dashboard Cite

Input languages, which describe the set of valid inputs an application has to handle, play a central role in language-theoretic security, in recognition of the fact that overly complex, sloppily specified, or incorrectly implemented input languages are the root cause of many security vulnerabilities.Often an input language not only involves a language of individual messages, but also some protocol with a notion of a session, i.e. a sequence of messages that makes up a dialogue between two parties. This paper takes a closer look at languages for such sessions, when it comes to specification, implementation, and testing -and as a source of insecurity.We show that these 'session' languages are often poorly specified and that errors in implementing them can cause security problems. As a way to improve this situation, we discuss the possibility to automatically infer formal specifications of such languages, in the form of protocol state machines, from implementations by black box testing.

show abstract

“…We first augmented the implementation of hW -inference in SIMPA 1 . SIMPA is a recursive acronym for "SIMPA Infers Model Pretty Automatically" introduced by Büchler et al (2014) and has been used in different projects since it is a model inference framework that provides implementations for various algorithms, including hW -inference (GROZ et al, 2020).…”

Section: Case Studymentioning

confidence: 99%