Reverse-engineering of communication protocols

The authors study the problem of locating the differences between a protocol specification and its implementation. They give an exact procedure for solving this problem. If there is only one difference between the implementation and the specification, then the algorithm will locate the difference and therefore identify the implementation machine. Otherwise, it will detect that the implementation machine has more than one change. The run time of the algorithm is a low-degree polynomial in the number of states and inputs of the machine. Both a brute-force version of the algorithm with a cost O(pn/sup 5/), where n is the number of states of the specification machine and p is the number of inputs, and a fast algorithm with a cost O(pn/sup 3/ log n) are described. An improvement for which the cost on the average is O(pn/sup 2/ log n) is also given. A heuristic procedure that uses a test of comparable length to a conformance test sequence which has been used successfully in practice is described.<<ETX>>

[1]  Z. Kohavi,et al.  Variable-Length Distinguishing Sequences and Their Application to the Design of Fault-Detection Experiments , 1968, IEEE Transactions on Computers.

[2]  Alfred V. Aho,et al.  An optimization technique for protocol conformance test generation based on UIO sequences and rural Chinese postman tours , 1991, IEEE Trans. Commun..

[3]  Krishan K. Sabnani,et al.  Formal methods for generating protocol conformance test sequences , 1990, Proc. IEEE.

[4]  Leslie G. Valiant,et al.  A theory of the learnable , 1984, CACM.

[5]  Gregor von Bochmann,et al.  Test result analysis and diagnostics for finite state machines , 1992, [1992] Proceedings of the 12th International Conference on Distributed Computing Systems.

[6]  Robert L. Probert,et al.  User-Guided Test Sequence Generation , 1983, Protocol Specification, Testing, and Verification.

[7]  David Lee,et al.  Testing Finite-State Machines: State Identification and Verification , 1994, IEEE Trans. Computers.

[8]  Ming T. Liu,et al.  A Test Suite Generation Method for Extended Finite State Machines Using Axiomatic Semantics Approach , 1992, PSTV.

[9]  Boris A. Trakhtenbrot,et al.  Finite automata : behavior and synthesis , 1973 .

[10]  Edward F. Moore,et al.  Gedanken-Experiments on Sequential Machines , 1956 .

[11]  Krishan K. Sabnani,et al.  A Protocol Test Generation Procedure , 1988, Comput. Networks.

[12]  Sanjoy Paul,et al.  Generating minimal length test sequences for conformance testing of communication protocols , 1991, IEEE INFCOM '91. The conference on Computer Communications. Tenth Annual Joint Comference of the IEEE Computer and Communications Societies Proceedings.

[13]  R. Dssouli,et al.  Multiple fault diagnosis for finite state machines , 1993, IEEE INFOCOM '93 The Conference on Computer Communications, Proceedings.

[14]  F. C. Hennie Fault detecting experiments for sequential circuits , 1964, SWCT.

[15]  Dana Angluin,et al.  Computational learning theory: survey and selected bibliography , 1992, STOC '92.

[16]  Gregor von Bochmann,et al.  Multiple Fault Diagnostics for Finite State Machines. , 1993, INFOCOM 1993.

[17]  Tsun S. Chow,et al.  Testing Software Design Modeled by Finite-State Machines , 1978, IEEE Transactions on Software Engineering.

[18]  F. C. Hennine Fault detecting experiments for sequential circuits , 1964, SWCT 1964.

[19]  Kathryn A. Ingle,et al.  Reverse Engineering , 1996, Springer US.

[20]  David Lee,et al.  Testing Finite State Machines: Fault Detection , 1995, J. Comput. Syst. Sci..

[21]  John E. Hopcroft,et al.  An n log n algorithm for minimizing states in a finite automaton , 1971 .

[22]  M. P. Vasilevskii Failure diagnosis of automata , 1973 .