State Machine Learning in the Middle of Everything

Abstract

In software engineering, behavioral state machine models are essential for validating system behavior and ensuring correctness. However, manually creating these models for existing implementations is highly undesirable. To address this, automata learning frameworks have been developed to automate the critical aspect of state machine model generation. Despite this, manual setup is often required to create a test harness for the system under test (SUT) and the learning algorithm.

This thesis presents a new architecture for automata learning that leverages existing algorithms and incorporates a generic man-in-the-middle (MITM) component, significantly reducing manual setup effort. The architecture supports the automatic identification and annotation of potential system flaws in the learned state machine models of client-server systems. These flaws, which can arise in the implementation of clients, servers, their interactions, and even the protocols themselves, can be exploited by malicious clients, impostor servers, or MITM adversaries.

Two sets of rules are introduced to automatically assist with flaw detection, visually annotating the potential issues within the learned models. The enhanced architecture also facilitates regression detection, test case generation, and guides the development of new features, thereby improving the debugging process and ensuring comprehensive system coverage. By employing the LTSDiff algorithm, the proposed method efficiently detects behavioral changes resulting from software updates to prevent unintended consequences. The automatically generated and annotated state machine models serve as valuable evidence in security, safety, and reliability assurance. They provide a robust tool for the development, testing, and maintenance of complex software systems, modeling the behavior of client-server systems.