Abstract
Buffer overflows and format string attacks are always at the fingertips of hackers. This poses a threat to every application running over an Internet Protocol (IP) network—from Web servers in the Internet to the session managers in charge of the call session control function (CSCF) in the IP Multimedia Subsystem (IMS) network. As bugs persist in most software development practices, it is critical to perform thorough security testing before the product is finally deployed. This paper proposes an extensible markup language–(XML)-based testing strategy to detect vulnerabilities and verify robustness to buffer overflow and format string attacks in the implementation of the Diameter protocol, which plays a vital role in IMS billing and subscriber database interfaces. The paper introduces a test generation strategy built upon the XML Schema language's flexibility in data description. It differs from the traditional finite state machine–(FSM)-based syntax testing strategy in the test description, organization, and automation aspects. The proposed strategy is then applied to Alcatel-Lucent Control Platform (A-LCP) Diameter stack security verification by integrating two open source tools—Seagull and xmlgen. The result supports our continuous effort to identify software security vulnerabilities. © 2007 Alcatel-Lucent.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.