High Assurance ASN.1 Workbench (HAAW)
The world's computing infrastructure is built upon a simple notion: one computer sending data to another. The internet, DoD's large-scale networks, home, and business networks all share an underlying assumption: the data received are the same as the data transmitted. This assumption is realized via abstract data description languages, like ASN.1. Data are described in a machine-independent manner, used to implement translation code at the network interface.
Correctness of the translations is critical to all networks. They are the first line of defense for any system, as this is how external data enter. Malformed data can have many undesirable effects, ranging from the benign (such as dropping a packet) through the more serious (denying access) to the catastrophic (attacker obtaining secrets or complete control).
The ASN.1 language provides an abstraction of protocol specification for communication between heterogeneous systems. ASN.1 compilers generate encoders and/or decoders for an input spec, but many compilers are either proprietary or generate code of dubious quality. For this reason, many encoder/decoder implementations are written by hand. In both cases, testing the implementations is an error-prone and tedious process.
The most mature tool in the HAAW is the ASN.1 Validator. Given an ASN.1 spec., the Validator will generate large test suites to test the acceptance behavior of ASN.1 encode and decode routines (hand-written or compiled). The test suite is composed of randomly generated, type-correct, ASN.1 documents, each guaranteed to conform to the given spec. This enables developers to automatically test their translation code, to a degree not possible by hand.
Coverage Testing. When coupled with a code coverage tool, the Validator may be used iteratively to yield a test suite with full coverage. Other kinds of testing coverage, such as DO178B's Modified Condition/Decision Coverage (MC/DC), can be supported in a similar fashion: by iterating test-case generation and coverage checking.
Collaborate with Us
Licensing - Obtain a license for one of our advanced technologies.
Research & Development - Solve your toughest problems by exploring new approaches with us.
Training - Learn how to use cutting-edge tools to increase trustworthiness in your critical systems.