《ttcn3测试和漏洞模式的分析相结合漏洞查找方法》由会员分享,可在线阅读,更多相关《ttcn3测试和漏洞模式的分析相结合漏洞查找方法(74页珍藏版)》请在金锄头文库上搜索。
1、摘摘要要TTCN-3 测试语言作为国际上唯一的测试标准语言,广泛应用于协议一致性测试,互操作性测试等测试领域。使用 TTCN-3 进行测试前需要解决的一个重要问题就是测试适配器和编解码器的开发,它们往往占据测试开发的大部分工作量。另外,随着测试应用领域的不断扩展,编解码方式及其需要支持的数据类型也更加多样化,而传统的 TTCN-3 标准里的 TCI 数据类型接口,已经不能很好的表达不断扩展的数据类型了。如何设计一个新的编解码器的框架,使其能够方便的扩充新的编解码方式和支持新的类型描述语言,是当前使用 TTCN-3 测试时迫切需要解决的问题。本文研究了上述问题,设计实现了一套通用编解码器,由中间
2、公共类型和值、编解码实现以及对外接口三个模块组成。通过具有良好可扩展性的中间类型和值模块,通用编解码器不仅能够灵活支持各种数据类型语言,而且它的实现独立于特定的 TTCN-3 测试平台,实现了真正意义上的通用。目前已经实现了工业界常用的编解码,如 BER,PER,XER,TLV+,ISO8583,HTTP 等。另外,为了配合使用通用编解码器对 Web Services 的应用进行测试,本文提出了自己的 XML Schema&DTD 到 TTCN-3 语言的转换方案,实现了相应的工具。借助 TTCN-3 测试发现被测系统的某个漏洞后,通过分析提取其所在的源代码,生成相应漏洞模式。使用相似漏洞查找
3、算法,进而发现被测系统中存在的其它相似漏洞。本文首次提出了使用程序依赖图表示漏洞模式以及相应的漏洞模式生成算法,并实现成对应的工具 SBF。通过结合 TTCN-3 测试以及静态漏洞查找方法,提高了漏洞查找的效率以及测试的覆盖率。基于通用编解码器所开发的 TTCN-3 测试套已经作为一个度量标准应用于中国移动手机支付业务(NFC)主要接口的一致性测试及异常性测试中,取得了较好的效果。在 NFC 测试中,通过 SBF 相似漏洞查找工具发现了真实的漏洞,说明通过 TTCN-3 测试与静态漏洞查找方法结合的有效性。关键词:TTCN-3 通用编解码漏洞模式 Web Services 测试IAbstrac
4、tABSTRACTAs the sole international standard language, TTCN-3(Testing and Test Control Notationversion 3) has been widely used in protocol conformance testing, interoperability testing andother testing field. Important issues need to be resolved before applying of TTCN-3 to test is thedevelopment of
5、testing adapter and codec, which tend to occupy the majority of test developmenteffort. In addition, with the continuous expansion of test fields, the demand for new codecmethod and data type is much more urgent.It beyond the ability of traditional TTCN-3 standarddata types in the TCI interface . So
6、 How to design a new codec framework, which can easilyexpand new codec method and also support to expand new type language, is the urgent task incurrent popularize of applying TTCN-3 to test.Aim at sloving previous problems, the versatile codec library(VCL) based on existingTTCN-3 testing platform i
7、s proposed. VCL includes the common intermediate type and valuemodule, codecs implementation module, and external interfaces module. Through the gooddesigning of the intermediate type and value module, not only making VCL can be flexible tosupport various data types of language, and also makes the r
8、ealization of codec beingindependent of specific TTCN-3 test platform, to some extent achieving a real sense of versatile .Currently VCL has implemented the BER, PER, XER, TLV +, ISO8583, HTTP and other codecmethods which are widely used in industry.To cope with the use of VCL to the Web Services te
9、sting, this paper has proposed a solutionof translateing XML Schema & DTD to TTCN-3 language, and a translating tool also has beenimplemented.When one bug of the system under test is uncovered after TTCN-3 testing, thecorresponding bug pattern can be explorerd by analyzing its source code, with whic
10、h we can findsimilar vulnerabilities to this bug. This paper proposes a method of representing bug pattern withprogram dependence graph. It also gives the algorithm of how to use this bug pattern to find newbug. The corresponding tool SBF is developed as well. By combining the TTCN-3 testing andSBF
11、we can improve the efficiency of bug finding and increase test coverage.Based on VCL, we develop a test suite to China Mobile mobile payment service (NFC) inconformance testing and abnormal testing. Many unknown bugs have been uncovered, whichproves the validity of VCL. In the NFC testing, real bugs
12、 have been uncovered By SBF ,suggesting the validity of our solution.Key Words: TTCN-3,Versatile Codec Library,Bug Pattern,Web Services TestingII第 1章前言图目录图图图图图图图图图图图图图图图图图图图图图图图图图图图图2.1 TTCN语言发展的路线图 .82.2 TTCN-3测试系统结构图 .82.3测试系统在编解码处理交互过程 .102.4 TTCN-3系统编解码处理流程 . 112.5 TTCN-3语言结构 . 113.1常见的 TTCN-3执行方式 .203.2使用 Codec Generator自动生成编解码器流程图 .214.1通用编解码器系统结构图 .244.2通用编解码器模块组成结构 .264.3中间规范类型与 ASN.1数据类型的映射关系 .274.4中间规范类型设计.
