CN103324573A - PEACH platform extension method for GUI-based protocol state machine modeling - Google Patents
PEACH platform extension method for GUI-based protocol state machine modeling Download PDFInfo
- Publication number
- CN103324573A CN103324573A CN2013102746638A CN201310274663A CN103324573A CN 103324573 A CN103324573 A CN 103324573A CN 2013102746638 A CN2013102746638 A CN 2013102746638A CN 201310274663 A CN201310274663 A CN 201310274663A CN 103324573 A CN103324573 A CN 103324573A
- Authority
- CN
- China
- Prior art keywords
- state machine
- pitfile
- protocol
- peach
- scxml
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a PEACH platform extension method for GUI-based protocol state machine modeling. The method includes: describing a graphical user interface and a modeling process of a protocol state machine; converting the protocol state machine in the graphical format into a state machine in an SCXML format; and converting the protocol state machine in the SCXML format into a PitFile state machine inside the PEACH. The method has the advantages that different types of work during the protocol testing process are separated; creative research work is done by protocol security experts, complex PitFile grammar learning and mechanical PitFile compiling are completed by a computer, and accordingly work efficiency of the protocol security experts is improved greatly. In addition, the SCXML is used as an intermediate file to correlate the graphical user interface and the PitFile, and accordingly extensibility is high and the method is simple and effective and is convenient to implement and operate.
Description
Technical field
The present invention relates to field of computer technology, refer to the network protocol testing method based on protocol model especially.
Background technology
Network security problem has obtained people's abundant attention at present, and the agreement robustness testing is the effective measures that guarantee the network software quality.Find that as how minimum expense the defective that is hidden in the network software is an important research direction of network safety filed.Generally, network protocol standard defines the content of two aspects: the format specification of message inside and the timing sequence specification between the message.Therefore, the robustness testing of agreement is based on also that this two aspect launches, and mainly concentrates on the test of message internal format standard at present, just has been in the starting stage based on the test of message timing sequence specification (being protocol state machine).
In the network robustness field tests, many moneys testing tool or platform are arranged, for example Scapy, AppScan, Nessus, Spike and Peach etc.Wherein, Scapy is used for the test underlying protocol; AppScan is used for test Web and uses; Nessus is used for the known software defect of regression test; Though Spike can excavate software " 0-day " defective, its code logic and test data tight coupling are not easy expansion together; Peach is a most active community in the protocol test field at present, and a lot of academic research achievement has been expanded its prior function.
Peach not only can test the message format standard, and tentatively supports the test based on protocol state machine, and the tester can reach various test purposes by the PitFile file of Peach internal support.Yet, the grammer of PitFile is a kind of language based on XML, and is directly perceived inadequately with the protocol state machine of its description, and the protocol security expert need be placed on part energy on the loaded down with trivial details grammer details of study in addition, rather than in the description of procotol state machine, increased work load and made mistakes easily.
Starting point of the present invention is to realize the separation of heterogeneity work in the protocol test: creationary research work is finished by the protocol security expert, and the PitFile file edit work of loaded down with trivial details PitFile grammar learning and machinery is by computer realization.Be the graphical interfaces modeling tool that the protocol security expert provides convenience, avoid learning the loaded down with trivial details knowledge of grammar and write the PtiFile file, thereby energy is concentrated in the description and the test based on state machine of protocol state machine.Because Peach development is very fast, its 2.3.7 version is based on the Python exploitation, and the 3.0.133 version then is based on the C# exploitation, and the function of PitFile is also bigger with the meaning tag change, The present invention be directed to the 3.0.133 version, hereby explanation.
Summary of the invention
In view of this, a kind of Peach platform extension method based on the modeling of GUI protocol state machine that provides is provided, alleviating the work that the protocol security expert learns loaded down with trivial details grammer and writes the PitFile file, thus energy concentrated on that protocol state machine is described and the demand of test assignment on.In addition, the graphic user interface of " What You See Is What You Get " is provided, the user can edit constraint condition and the attribute of protocol state machine and each state more easily, in intuitive and convenient work, has also reduced owing to directly writing the possibility that PitFile makes mistakes.
For addressing the above problem, the invention provides a kind of Peach platform extension method based on the modeling of GUI protocol state machine, it is characterized in that, comprise: be provided for describing the graphic user interface of finite state machine, this interface has defined the constraint of the trigger condition of moving between the state and each state and attribute etc.; Trigger condition refers to the special packet receiving or send, and each message is stored as independent xml file, and filename is message name, and file content and wireshark style are similar, support nested and parallel construction; Provide the state machine of displaying interface to the transfer algorithm between the SCXML syntactic description state machine; Provide SCXML to describe state machine and XML form network message are described state machine to the inner PitFile of Peach transfer algorithm.
The protocol state machine of describing under graphical interfaces according to the user and constraint and the attribute of each state generate PitFile file of equal value automatically.The protocol security expert can directly carry out test based on model to network software with the PitFile file that generates on the Peach platform, thereby has avoided directly writing the loaded down with trivial details work of PitFile file, has reduced time and the chance of makeing mistakes of debugging PitFile.
Can revise on the basis of the existing engineering (for example Oryx) of increasing income based on the realization of GUI protocol state machine modeling function, also can utilize controls such as C# or Java to realize, pull and basic function such as line as long as satisfy.Behind the editor who finishes protocol state machine, click save button, background program will call two core engine: convert_gui_to_scxml and convert_scxml_to_pitfile successively, thereby generate based on the intermediate file of SCXML and final PitFile file.The hit testing button, the present invention directly is loaded into PitFile and treats survey grid network software on the Peach platform and carry out test based on model.
The convert_gui_to_scxml engine realizes that the graphical interfaces state machine is to SCXML state machine translation function.At first, this engine travels through each state at interface successively, the generation correspondence<state〉label; Secondly, each state transition line is added to corresponding<transition〉in the label, if desired the special field assignment is then added to<assign in the label; At last to attribute or the parameter of the overall situation, assignment is to<data-set〉under the label.
Convert_scxml_to_pitfile engine realization SCXML state machine and XML message are to the equivalence conversion of PitFile state machine.At first, each XML message content is changed among the PitFile corresponding<DataModel〉label; Secondly, generations<StateModel in PitFile〉label, and with among the SCXML each<state change into correspondence<State; Again, the event among the SCXML and target attribute are converted into PitFile<Action label; At last, interpolation<Test〉label, namely define the concrete parameter of test process.
Method of the present invention can reduce the protocol security expert effectively and use Peach to carry out difficulty based on model measurement, has avoided the little detail of study PitFile grammer, thereby energy has been concentrated in the description of protocol state machine model, has alleviated work load.In addition, because this method provides intuitively state machine to describe the interface, and generates PitFile file of equal value automatically, directly write the debug time of PitFile and reduced and introduced wrong chance thereby reduced.This method has realized being separated of creative work and mechanicalness work, and is therefore effectively simple, is convenient to implementation and operation.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not constitute improper restriction of the present invention.In the accompanying drawings:
Fig. 1 Protocol Modeling interface;
Fig. 2 SCXML basic format;
Fig. 3 PitFile basic format;
The ISAKMP protocol state machine of Fig. 4 GUI form;
The ISAKMP protocol IP SAAck message of Fig. 5 XML form;
The ISAKMP protocol state machine of Fig. 6 SCXML form;
The ISAKMP protocol state machine of Fig. 7 PitFile form;
Embodiment
For clearly demonstrating technical scheme of the present invention, provide particularly use-case below and be described with reference to the accompanying drawings.
The present invention supposes that the migration of protocol status all determines, that namely determines inputs or outputs the corresponding state transition of determining of message, not the probability redirect problem between existence.At this, with ISAKMP(Internet Security Association and Key Management Protocol) agreement is that example illustrates concrete use step of the present invention:
Step 1: with reference to the protocol specification of ISAKMP and build corresponding test environment, make and normally to communicate by letter based on the ISAKMP agreement between the network entity.
Step 2: when network entity carries out proper communication, catch its communication flows with wireshark, and each message is preserved into the file of xml form, concrete format specification is with reference to shown in Figure 5.
Step 3: use the graphical interfaces based on GUI that the ISAKMP protocol state machine is carried out modeling, concrete rule is as follows:
√ is with the starting point of original state as protocol state machine
√ creates a new state when receiving or send a message, and in this status attribute of right side area editor, for example title, constraint condition etc.
√ connects two states with the migration line, and indicates the trigger condition of migration, and the concrete message that namely sends or receive is uploaded message content simultaneously to program inside.
When √ finishes when the state machine description, click and preserve, generate corresponding SCXML file and PitFile file.
Step 4: the hit testing button, the PitFile file load to the Peach platform, is directly tested network software to be measured.
Step 5: use edited protocol state machine before certain if desired, directly open and continue editor on the basis that corresponding SXCML file just can be former and test.
For method set forth in the present invention, within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (4)
1. based on the Peach platform extension method of GUI protocol state machine modeling, it is characterized in that, comprising: be provided for describing the graphic user interface of protocol state machine, this interface has defined the constraint of the trigger condition of state transition and each state and attribute etc.; Trigger condition refers to the special packet receiving or send, and each message is stored as independent XML file, and filename is message name, and file content and wireshark style are similar, support nested and parallel construction; The transfer algorithm of the state machine of graphical format to SCXML syntactic description state machine is provided; Provide SCXML to describe state machine and XML and describe network message to the transfer algorithm of the inner PitFile state machine of Peach.
The protocol state machine of describing under graphical interfaces according to the user and constraint and the attribute of each state generate PitFile file of equal value automatically.The protocol security expert can directly carry out test based on model to network software with the PitFile file that generates on the Peach platform, thereby has avoided directly writing the loaded down with trivial details work of PitFile file.
2. method according to claim 1 is characterized in that, described protocol model is for determining the type finite state machine, and namely the redirect of each state is determined under given conditions, rather than the probability finite state machine.
3. method according to claim 1, it is characterized in that, also comprise: the control (for example Visual Studio or Java control) that graphic user interface can carry based on Software Development Platform, also can be based on the project of increasing income (for example Oryx) of modeling, as long as possess the function that pulls with line.
4. method according to claim 1, it is characterized in that, also comprise: the conversion of graphical interfaces to SCXML conversion and SCXML to PitFile is process independently, this just makes the present invention only back one process be made an amendment just can to support other based on the platform of model measurement easily, for example the NASL script of Nessus etc.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102746638A CN103324573A (en) | 2013-07-02 | 2013-07-02 | PEACH platform extension method for GUI-based protocol state machine modeling |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102746638A CN103324573A (en) | 2013-07-02 | 2013-07-02 | PEACH platform extension method for GUI-based protocol state machine modeling |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103324573A true CN103324573A (en) | 2013-09-25 |
Family
ID=49193332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102746638A Pending CN103324573A (en) | 2013-07-02 | 2013-07-02 | PEACH platform extension method for GUI-based protocol state machine modeling |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103324573A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104133684A (en) * | 2014-08-04 | 2014-11-05 | 浪潮通用软件有限公司 | Graphical user interface state control method based on state machine |
| CN104517056A (en) * | 2014-12-09 | 2015-04-15 | 北京邮电大学 | Method for extending Peach platform and testing multiple network message fields |
| CN105447389A (en) * | 2015-11-11 | 2016-03-30 | 北京邮电大学 | Vulnerability location and rapid reproduction based on Peach platform |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564489A (en) * | 2004-04-19 | 2005-01-12 | 中兴通讯股份有限公司 | Testing method for limitting status machine of communication system |
| CN1708017A (en) * | 2004-06-04 | 2005-12-14 | 安捷伦科技有限公司 | Protocol emulation system |
| CN1812347A (en) * | 2005-01-24 | 2006-08-02 | 华为技术有限公司 | Protocol validity verifying and testing method based on mode conversion |
| CN101950271A (en) * | 2010-10-22 | 2011-01-19 | 中国人民解放军理工大学 | Modeling technology-based software security test method |
| CN101968769A (en) * | 2010-10-22 | 2011-02-09 | 中国人民解放军理工大学 | Behavioral model-based software security test case generation method |
| CN102014016A (en) * | 2010-08-31 | 2011-04-13 | 北京邮电大学 | System and method for testing defects of network protocol |
| CN102404767A (en) * | 2011-11-17 | 2012-04-04 | 西安电子科技大学 | WSN protocol safety test system structure based on randomness test |
| CN102647414A (en) * | 2012-03-30 | 2012-08-22 | 华为技术有限公司 | Protocol analysis method, protocol analysis device and protocol analysis system |
| DE102012217705A1 (en) * | 2011-09-29 | 2013-04-04 | Siemens Aktiengesellschaft | Method for implementing Fuzz testing, involves injecting test examples of application, inputting text document into software, and monitoring reaction and/or status of software to determine whether abnormal phenomena arise or not |
-
2013
- 2013-07-02 CN CN2013102746638A patent/CN103324573A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564489A (en) * | 2004-04-19 | 2005-01-12 | 中兴通讯股份有限公司 | Testing method for limitting status machine of communication system |
| CN1708017A (en) * | 2004-06-04 | 2005-12-14 | 安捷伦科技有限公司 | Protocol emulation system |
| CN1812347A (en) * | 2005-01-24 | 2006-08-02 | 华为技术有限公司 | Protocol validity verifying and testing method based on mode conversion |
| CN102014016A (en) * | 2010-08-31 | 2011-04-13 | 北京邮电大学 | System and method for testing defects of network protocol |
| CN101950271A (en) * | 2010-10-22 | 2011-01-19 | 中国人民解放军理工大学 | Modeling technology-based software security test method |
| CN101968769A (en) * | 2010-10-22 | 2011-02-09 | 中国人民解放军理工大学 | Behavioral model-based software security test case generation method |
| DE102012217705A1 (en) * | 2011-09-29 | 2013-04-04 | Siemens Aktiengesellschaft | Method for implementing Fuzz testing, involves injecting test examples of application, inputting text document into software, and monitoring reaction and/or status of software to determine whether abnormal phenomena arise or not |
| CN102404767A (en) * | 2011-11-17 | 2012-04-04 | 西安电子科技大学 | WSN protocol safety test system structure based on randomness test |
| CN102647414A (en) * | 2012-03-30 | 2012-08-22 | 华为技术有限公司 | Protocol analysis method, protocol analysis device and protocol analysis system |
Non-Patent Citations (1)
| Title |
|---|
| 赵丽娟,温巧燕,张华: "基于Peach的协议测试设计与实现", 《中国科技论文在线》, 3 January 2011 (2011-01-03), pages 1 - 6 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104133684A (en) * | 2014-08-04 | 2014-11-05 | 浪潮通用软件有限公司 | Graphical user interface state control method based on state machine |
| CN104517056A (en) * | 2014-12-09 | 2015-04-15 | 北京邮电大学 | Method for extending Peach platform and testing multiple network message fields |
| CN105447389A (en) * | 2015-11-11 | 2016-03-30 | 北京邮电大学 | Vulnerability location and rapid reproduction based on Peach platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103198009B (en) | A kind of universal testing method, system and related device | |
| CN106371813B (en) | A kind of electric vehicle motor controller method for producing software based on Simulink | |
| CN102622234B (en) | Development system and method for automatic test case | |
| CN102156673B (en) | Test case description oriented GUI (Graphical User Interface) automatic test system and test method thereof | |
| CN102375778B (en) | Method and system for automatically testing digital signal processor (DSP) | |
| CN104679488A (en) | Flow path customized development platform and method | |
| CN102866944B (en) | Pressure testing system and method | |
| Picco | Software engineering and wireless sensor networks: Happy marriage or consensual divorce? | |
| CN102662644B (en) | Method for generating test case by using flow chart | |
| CN110389898A (en) | Acquisition methods, device, terminal and the computer readable storage medium of Test Strategy | |
| CN102014016A (en) | System and method for testing defects of network protocol | |
| CN103777944A (en) | MIPS platform integrated development environment based on Eclipse and implementation method thereof | |
| CN103605660B (en) | Graphic processing method for SCD (Substation Configuration Description) file | |
| CN103544100A (en) | Method, system and client side for testing APP of portable data processing equipment | |
| CN102567201A (en) | Method for automatically recovering cross-model GUI (graphic user interface) test scripts | |
| CN101673198A (en) | Method for verifying consistency of dynamic behavior in UML model and time-sequence contract | |
| CN103353857A (en) | Communication test method of integrated monitoring unit in substation | |
| CN103324573A (en) | PEACH platform extension method for GUI-based protocol state machine modeling | |
| CN107577709B (en) | Graphical management method of information system resource model | |
| CN100437513C (en) | Method and system for implementing automatic testing | |
| CN105205039A (en) | Customizable SCD (substation configuration description) file verification method | |
| CN105760300A (en) | Automatic STK/UTK service testing method and system | |
| CN103699478A (en) | Test case generation system and test case generation method | |
| CN102750143A (en) | Digital signal processing (DSP) developing method based on matrix laboratory (MATLAB) component object model (COM) component calling | |
| CN105988863A (en) | Event processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130925 |