Wireless Protocol Validation Under Uncertainty

  title={Wireless Protocol Validation Under Uncertainty},
  author={Jinghao Shi and Shuvendu K. Lahiri and Ranveer Chandra and Geoffrey Challen},
Runtime validation of wireless protocol implementations cannot always employ direct instrumentation of the device under test (DUT). The DUT may not implement the required instrumentation, or the instrumentation may alter the DUT’s behavior when enabled. Wireless sniffers can monitor the DUT’s behavior without instrumentation, but they introduce new validation challenges. Losses caused by wireless propagation prevent sniffers from perfectly reconstructing the actual DUT packet trace. As a result… 
A Systematic Way to LTE Testing
This work examines the LTE testing practices in terms of completeness and efficiency, and proposes an algorithmic approach to systematic testing that reduces up to 70% of LTE testing steps.
SweynTooth: Unleashing Mayhem over Bluetooth Low Energy
A systematic and comprehensive testing framework, which, as an automated and general-purpose approach, can effectively fuzz any BLE protocol implementation, and calls a bunch of vulnerabilities as SWEYNTOOTH, which highlights the efficacy of the framework.
Secured and flexible user authentication protocol for wireless sensor network
Three-factor authentication protocols are presented in place of two-Factor authentication protocol in the presented technique that could deal with and safeguard the environment from a brute force attack in an effective manner.
Monitorability for the Hennessy–Milner logic with recursion
This work establishes which subset of this logic can be monitored for at runtime by merely observing the runtime execution of a program, and defines a monitor-synthesis algorithm for this subset, where it is shown that the resulting synthesised monitors correctly perform the required analysis from the observed behaviour.
Monitoring for Silent Actions
Monitorability aspects of a branching-time logic that employs silent actions is studied, identifying which formulas are monitorable for a number of instrumentation setups and establishing monitorability results for tolerating these imperfections.


Passive testing and applications to network management
This paper model the network as a finite state machine and develops procedures for passive testing including the required data structure, efficient implementations and the complexity of the procedures, and applies the techniques to management of a signaling network operating under the Signaling System 7 (SS7).
Enhancing the security of corporate Wi-Fi networks using DAIR
The DAIR framework is demonstrated to be useful for detecting rogue wireless devices attached to corporate networks, as well as for detecting Denial of Service attacks on Wi-Fi networks.
Sampling-Based Runtime Verification
This paper introduces a time-triggered approach to runtime verification, where the monitor frequently takes samples from the system to analyze the system's health and proposes formal semantics of sampling-based monitoring and discusses how to optimize the sampling period using minimum auxiliary memory.
Runtime Verification with State Estimation
This work views event sequences as observation sequences of a Hidden Markov Model, uses an HMM model of the monitored program to "fill in" sampling-induced gaps in observation sequences, and extends the classic forward algorithm for HMM state estimation to compute the probability that the property is satisfied by an execution of the program.
Adaptive Runtime Verification
A key aspect of the ARV framework is a new algorithm for RVSE that performs the calculations in advance, dramatically reducing the runtime overhead of RVSE, at the cost of introducing some approximation error.
Low-overhead memory leak detection using adaptive statistical profiling
An adaptive profiling scheme is described that addresses poor coverage of infrequently executed code, by sampling executions of code segments at a rate inversely proportional to their execution frequency by implementing SWAT, a novel memory leak detection tool.
IEEE 802.11 rate adaptation: a practical approach
An Adaptive ARF (AARF) algorithm for low latency systems that improves upon ARF to provide both short-term and long-term adaptation and a new rate adaptation algorithm designed for high latency Systems that has been implemented and evaluated on an AR5212-based device.
QVM: an efficient runtime for detecting defects in deployed systems
QVM efficiently detects defects by continuously monitoring the execution of the application in a production setting and enables the efficient checking of violations of user-specified correctness properties, e.g., typestate safety properties, Java assertions, and heap properties pertaining to ownership.
Jigsaw: solving the puzzle of enterprise 802.11 analysis
This paper presents a system called Jigsaw, a system that uses multiple monitors to provide a single unified view of all physical, link, network and transport-layer activity on an 802.11 network, and believes this is the first analysis combining this scale and level of detail for a production 802.
Artemis: practical runtime monitoring of applications for execution anomalies
The experimental results show that Artemis applied to a hardware-based PC-invariance monitoring scheme and a value-based invariance detection and checking scheme significantly improves their runtime monitoring overhead with moderate impact on their bug-detecting capabilities.