Correct Passive Testing Algorithms and Complete Fault Coverage

  • Arun N. Netravali
  • Krishan K. Sabnani
  • Ramesh Viswanathan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2767)


The aim of passive testing is to detect faults in a system while observing the system during normal operation, that is, without forcing the system to specialized inputs explicitly for the purposes of testing. We formulate some general correctness requirements on any passive-testing algorithm which we term soundness and completeness. With respect to these definitions, we show that the homing algorithm, first proposed in [4], and subsequently used in [6–8], is sound and complete for passively testing the conformance of an implementation for several distinct conformance notions ranging from trace-containment to observational equivalence to even exact identity. This implies that, for some notions of conformance, there are faulty implementations that would not be detectable by any sound passive testing algorithm. We define a property to be passively testable as one admitting complete fault coverage under passive testing, i.e., one for which any faulty execution can be detected through passive testing. We provide an exact characterization of passively testable properties as being a natural subclass of safety properties, namely, those that are trace-contained in sets that are prefix- and suffix-closed. For such properties, we derive efficient complete passive testing algorithms that take constant time. We demonstrate the applicability of these results to networks and network devices by considering the problem of passively testing an implementation for conformance to the TCP protocol.


Transmission Control Protocol Congestion Control Testable Property Safety Property Passive Testing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bhargavan, K., Chandra, S., McCann, P.J., Gunter, C.A.: What packets may come: automata for network monitoring. In: Symposium on Principles of Programming Languages, pp. 206–219 (2001)Google Scholar
  2. 2.
    Floyd, S., Henderson, T.: The NewReno Modification to TCP’s Fast Recovery Algorithm (April 1999) RFC2582 Google Scholar
  3. 3.
    Lee, D., Chen, D., Hao, R., Miller, R., Wu, J., Yin, X.: A formal approach for passive testing of protocol data portions. In: Proceedings of the IEEE International Conference on Network Protocols, pp. 122–131 (2002)Google Scholar
  4. 4.
    Lee, D., Netravali, A., Sabnani, K., Sugla, B., John, A.: Passive testing and applications to network management. In: Proceedings of the IEEE International Conference on Network Protocols, pp. 113–122 (October 1997)Google Scholar
  5. 5.
    Mathis, M., Mahdavi, J., Floyd, S., Romanow, A.: TCP Selective Acknowledgement Options (October 1996) RFC2018 Google Scholar
  6. 6.
    Miller, R.E.: Passive testing of networks using a CFSM specification. In: IEEE International Performance Computing and Communications Conference, pp. 111–116 (February 1998)Google Scholar
  7. 7.
    Miller, R.E., Arisha, K.: On fault location in networks by passive testing. In: IEEE International Performance Computing and Communications Conference (February 2000)Google Scholar
  8. 8.
    Miller, R.E., Arisha, K.: Fault identification in networks by passive testing. In: IEEE Advanced Simulation Technologies Conferences (April 2001)Google Scholar
  9. 9.
    Padhye, J., Floyd, S.: On Inferrring TCP Behavior. In: SIGCOMM 2001 (August 2001)Google Scholar
  10. 10.
    Paxson, V.: Automated packet trace analysis of tcp implementations. Computer Communication Review 27(4) (October 1997)Google Scholar
  11. 11.
    Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks 31(23-24), 2435–2463 (1999)CrossRefGoogle Scholar
  12. 12.
    Pin, J.-E.: Finite semigroups and recognizable languages: An introduction. In: Fountain, J. (ed.) NATO Advanced Study Institute Semigroups, Formal Languages and Groups, pp. 1–32. Kluwer academic publishers, Dordrecht (1995)CrossRefGoogle Scholar
  13. 13.
    Ranum, M.J., Landfield, K., Stolarchuk, M., Sienkiewicz, M., Lambeth, A., Wall, E.: Implementing a generalized tool for network monitoring. In: Proceedings of the Eleventh Systems Administration Conference (LISA XI), pp. 1–8 (1997)Google Scholar
  14. 14.
    Rosen, E.C.: Vulnerabilities of network control protocols: An example. ACM SIGSOFT Software Engineering Notes 6(1) (January 1981)Google Scholar
  15. 15.
    Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Sistla, A.P.: Safety, liveness and fairness in temporal logic. Formal Aspects of Computing 6, 495–511 (1994)CrossRefzbMATHGoogle Scholar
  17. 17.
    Richard Stevens, W.: TCP/IP Illustrated. The Protocols, vol. I. Addison Wesley, Reading (1984)Google Scholar
  18. 18.
    Travis, P.: Why the AT&T Network Crashed. Telephony 218(4) (January 1990)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Arun N. Netravali
    • 1
  • Krishan K. Sabnani
    • 1
  • Ramesh Viswanathan
    • 1
  1. 1.Bell LaboratoriesHolmdel

Personalised recommendations