Variations Variations are used to establish that the service's
components and their interfaces can tolerate a wide variety of dynamically
constructed stateful variations to the instrumentation. A service interface that can process these variations will be
better prepared to survive interactions with other implementations that may be
older, or suffer from poor design or coding errors.
There are a few types of variations:
Known
The infrastructure underneath
IP-based services frequently contains security enforcement devices (i.e., the
service's "immune system") to defend against attacks, specifically attacks that
are already known to exist. A well-designed service should only be presented
with the traffic that is absolutely necessary to implement the service.
Variations are used in the
context of Published Vulnerability
Analysis to establish
that the service is impervious to traffic that is known to have caused problems
in the past. The Mu-4000 sends traffic designed to expose whether the service's
"immune system" rejects traffic that would compromise vulnerabilities exploited
by actual hacker attacks in the past.
Protocols
A system or service is externally defined by its interfaces, which
are frequently known as "protocols." To Mu, a protocol includes any
structured data that is statefully exchanged between two or more computers. A few dozens protocols are currently modeled by the Mu-4000.
Denial-of-Service (DoS)
The DoS Analysis module characterizes the effects on a service at
specific traffic rates. DoS analysis probes service transaction limits in
processing stateless packets at high rates.
|
