Passive testing and application to the GSM-MAP protocol
Introduction
Passive testing is the process of collecting traces of messages exchanged between an operating implementation under test (IUT) and its environment, and verifying whether these traces actually belong to the language accepted by the specification automaton.
Though passive testing is sometimes mentioned as an alternative to active testing [1], only little effort has been devoted to this aspect of testing [2], [3]. However, we feel that passive testing is worth investigating, since (a) under certain circumstances, it may be the only type of test available, e.g. in network management, (b) it is relatively cheap and easy to implement, and (c) active testing is sometimes impractical due to the complexity of systems. In this paper, we present the principles of passive testing, and an application to a real protocol, the GSM (global system for mobile communication)-MAP (mobile application part). We also extend the algorithm proposed in Ref. [3] in order to take the transition coverage into account and in order to consider an extended finite state machine as the system specification.
The paper is organized as follows. In Section 2, we present the concepts of passive testing for finite state machines. Section 3 presents two algorithms to evaluate test coverage, taking transition coverage into account. In Section 4, we study the application of this method to real protocols, and we introduce an extension of the algorithm in order to consider extended finite state machines as specifications. Section 5 is an application of this method to the GSM-MAP-DSM protocol.
Section snippets
The basics of passive testing
In passive testing [3], contrary to active testing, the tester does not control the implementation under test. The implementation is in an operating condition, and the tester only observes the messages exchanged by the IUT and its environment, in order to check if they correspond to a behaviour compliant with the specification (see Fig. 1).
Related work are trace analyses [4], oracle generation [5] and fault diagnostic [6]. A major difference with passive testing is that, in these approaches, it
Test coverage
One of the problems with passive testing is that it is impossible to issue a PASS verdict. Contrary to active testing, we cannot control the implementation under test in order to cover all the transitions. Therefore, it may possibly happen that infrequent parts of the system's behaviour remain untested. Nevertheless, we can try to determine the test coverage, i.e compute the number of transitions that have been fired, and indicate which transitions have been fired and which have not.
Extended finite state machine
Real life protocols are too complex to be modelled with a simple Finite State Machine. In order to specify a real protocol, we must use the Extended Finite State Machine (EFSM) formalism (i.e. there will be internal variables and parameters). There may be a predicate on variables associated with each transition of EFSM. The predicate must be true for the transition to be fireable. A transition may also have actions on the variables, modifying their values. In this paper, we consider only
An experiment with the GSM-MAP protocol
The example we propose here is the passive testing of the GSM-MAP extended finite state machine specification, for which we have used the first approach (working on the reachability graph) to test the GSM-MAP protocol. Using this GSM-MAP extended finite state machine, we observe a trace of the execution of the protocol. In this section, we provide a short description of the protocol and we describe the results we have obtained.
Conclusion and future work
In this paper, we have applied passive testing techniques to a real protocol, the GSM-MAP. The experiments we performed showed that passive testing is a promising technique. It can be applied to test systems where active testing is hard to perform or where no control is possible over the system to be tested. It can also be very useful to improve the specification used for the observation. In fact, some of the discrepancies we found during the experiments were produced by ambiguities in the
Acknowledgements
We are indebted to David Lee, who helped us with very useful discussions on this subject and to Melania Ionescu who helped us with the GSM-MAP SDL specification.
References (19)
- RM-ODP, Open distributed Processing—Reference Model—Part 2: Foundations, International Standard 10746-2/ITU-T...
An approach to designing checking experiments based on a dynamic model
- D. Lee et al., Passive testing and applications to network management, in: ICNP’97 International Conference on Network...
- et al.
Trace analysis for conformance and arbitration testing
IEEE Transactions on Software Engineering
(1989) - R. Dssouli, K. Saleh, E. Aboulhamid, A. En-Nouaary, C. Bourhfir, Test development for communication protocols: towards...
- A. Ghedamsi, R. Dssouli, G.v. Bochmann, Diagnostic tests for single transition faults in non-deterministic finite state...
- et al.
Obtaining normal form specifications for protocols
(1986) - et al.
A test sequence selection method for protocol testing
IEEE Transactions on Communications
(1991) - C.-M. Huang, Y.-C. Lin M.-Y. Jang, An executable protocol test sequence generation method for EFSM-specified protocols,...
Cited by (28)
A tool supported methodology to passively test asynchronous systems with multiple users
2018, Information and Software TechnologyCitation Excerpt :In contrast, there has been some work on active testing and several approaches have appeared in the literature for models where there is a distinction between inputs and outputs [15,16,21,37,45,52]. Homing algorithms are used in many approaches to passive testing, in particular in the seminar contributions of the 1990s [24,46], there exist surveys on homing algorithms [40] and this is still an active research area [49]. A homing algorithm applies a sequence of actions to a system so that it brings it to its initial state (or to a certain special state where we know that we can start testing the SUT).
Using passive testing based on symbolic execution and slicing techniques: Application to the validation of communication protocols
2013, Computer NetworksCitation Excerpt :These messages are defined as control and data portions based on the function of the protocol. Many works on passive testing [6–9] are focused only on checking the control portion of the protocol without taking into account the data part. However, it may result in producing false positive verdicts as illustrated below with an example.
An advanced approach for modeling and detecting software vulnerabilities
2012, Information and Software TechnologyCitation Excerpt :In this way it is possible to compare the execution traces to the FSM in order to detect faults in the implementation. Passive testing has been used in many different contexts, e.g. on an FSM model of a network, in network management to detect configuration provisioning and in a GSM-MAP protocol [26]. TestInv-Code, developed by Montimage, is a prototype passive testing tool that accepts formal vulnerability models written using VDCs.
A passive testing approach based on invariants: Application to the WAP
2005, Computer NetworksNew approaches for passive testing using an Extended Finite State Machine specification
2003, Information and Software TechnologyCitation Excerpt :We wanted to compare the effectiveness of our methods with these types of approach to show the contributions brought by our work. Results proved to be positive since the experiments showed that certain errors detected by our methods were undetected by others (such as Ref. [2]). This work has many prospects.
A survey on formal active and passive testing with applications to the cloud
2015, Annales des Telecommunications/Annals of Telecommunications