SMBugFinder: An Automated Framework for Testing Protocol Implementations for State Machine Bugs
Implementations of stateful network protocols must keep track of the presence, order and type of exchanged messages. Any errors, so-called state machine bugs, can compromise security. SMBugFinder provides an automated framework for detecting these bugs in black-box network protocol implementations. It takes as input a state machine model of the protocol implementation which is tested and a catalogue of bug patterns for the protocol conveniently specified as finite automata. It then produces sequences that expose the catalogued bugs in the tested implementation. Connection to a harness allows SMBugFinder to validate these sequences. The technique behind SMBugFinder has been evaluated successfully on DTLS and SSH. In this paper, we supplement our overview of SMBugFinder with a fresh application to the EDHOC protocol.
Wed 18 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:00 | Tool demos 2ISSTA/ECOOP Tool Demonstrations at EI 5 Hochenegg Chair(s): Rohan Padhye Carnegie Mellon University | ||
15:30 12mTalk | SMBugFinder: An Automated Framework for Testing Protocol Implementations for State Machine Bugs ISSTA/ECOOP Tool Demonstrations Paul Fiterau-Brostean Uppsala University, Konstantinos (Kostis) Sagonas Uppsala University and Nat. Tech. Univ. of Athens, Fredrik Tåquist Uppsala University, Bengt Jonsson Uppsala University, Sweden DOI Media Attached | ||
15:42 12mTalk | FRAFOL: FRAmework FOr Learning mutation testing ISSTA/ECOOP Tool Demonstrations Pedro Tavares Faculty of Engineering, University of Porto, Ana Paiva INESC TEC, Faculty of Engineering, University of Porto, Domenico Amalfitano University of Naples Federico II, René Just University of Washington | ||
15:55 12mTalk | FixCheck: A Tool for Improving Patch Correctness Analysis ISSTA/ECOOP Tool Demonstrations Facundo Molina IMDEA Software Institute, Juan Manuel Copia IMDEA Software Institute; Universidad Politécnica de Madrid, Alessandra Gorla IMDEA Software Institute | ||
16:08 12mTalk | HECS: A Hypergraph Learning-based System for Detecting Extract Class Refactoring Opportunities ISSTA/ECOOP Tool Demonstrations Luqiao Wang Xidian University, Qiangqiang Wang Xidian University, Jiaqi Wang Xidian University, Yutong Zhao University of Central Missouri, Minjie Wei Xidian University, Zhou Quan Xidian University, Di Cui Xidian University, Qingshan Li Xidian University | ||
16:21 12mTalk | DMMPP: Constructing Dummy Main Methods for Android Apps with Path-sensitive Predicates ISSTA/ECOOP Tool Demonstrations Baoquan Cui Institute of Software at Chinese Academy of Sciences, China, Jiwei Yan Institute of Software at Chinese Academy of Sciences, Jian Zhang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
16:34 12mTalk | FunRedisp: A Function Redispatch Tool to Reduce Invocation Gas Fees in Solidity Smart Contracts ISSTA/ECOOP Tool Demonstrations Yunqi Liu Nanjing University of Science and Technology, Wei Song Nanjing University of Science and Technology Media Attached | ||
16:47 12mTalk | The Flexcrash Platform for Testing Autonomous Vehicles in Mixed-Traffic Scenarios ISSTA/ECOOP Tool Demonstrations Alessio Gambi Austrian Institute of Technology (AIT), Shreya Mathews IMC University of Applied Sciences Krems, Benedikt Steininger IMC University of Applied Sciences Krems, Mykhailo Poienko IMC University of Applied Sciences Krems, David Bobek IMC University of Applied Sciences Krems | ||