Cyber Security for Utilities | SCADA Security

The automated generation of test data for the purposes of software validation and verification has been a major aim of testing research [6]. Path-oriented methods, data flow methods, random testing, adaptive testing, and syntax-based testing are a few of the methods employed for this task.

Syntax-based testing tools process a description of the desired test data expressed in notation such as Backus Naur Form (BNF). Given the test data syntax these tools generate test sets which satisfy the syntax. A major problem in syntax-based testing is respecting contextual dependencies. Solutions include the use of dynamic syntax, addition of rules to test data syntax during test data generation, and attributed grammars, grammars whose definition is overloaded with attributes.

In attribute grammars, the attributes represent contextual information associated with terminals and nonterminals. Attribute grammars can solve the test oracle problem as the contextual information can allow for the production of test data along with the output expected from the DUT. Hence, attribute grammars can also solve the problem of generating semantically meaningful sequences of PDU's, i.e. PTS's.

blackPeer is an attribute grammar based PTS generator and executor. The basic file structure of blackPeer is similar of that employed by Sirer and Bershad [7] and is shown in Figure 1. PTS's are described by an attributed grammar. This grammar is passed as input to the Code Generator. The Code Generator pareses the grammar and creates an executable program called the TestCase Generator. When supplied with an initialization file called the variable init file, the TestCase Generator writes out the PTS's encoded by the grammar to a file called the testCases file. The TestCase Executor then reads in the testCases file along with basic information about the DUT and executes the PTS's one by one, reporting and recording the results.

The modular nature of the blackPeer tool allows different levels of functionality to be made available to different categories of users. For example, a plant worker who knows little of communication protocols but much about PLC's may be given a testCases file and an appropriate testCase Executor. An industrial engineer on the other hand may be given the testCase Generator thus allowing him to create a variety of testCases files depending on the nature of the variable init file he creates.

This modular nature also allows for the easy transition between different protocols. That is, to test a different protocol all that is needed is a new grammar file and an appropriate testCase Executor.