Specification-Based Test Generation for Security-Critical Systems Using Mutations
In specification-based testing, test sequences are generated from an abstract system specification to provide confidence in the correctness of an implementation. For security-critical systems, finding tests likely to detect possible vulnerabilities is particularly difficult, as they usually involve subtle and complex execution scenarios and consideration of domain-specific concepts such as cryptography and random numbers. We present research aiming to generate test sequences for transaction systems from a formal security model supported by the CASE tool Auto-Focus. The test sequences are determined with respect to the system’s required security properties, using mutations of the system specification and attack scenarios. To be able to apply them to an existing implementation, the abstract test sequences are concretized.
KeywordsTest Case Generation E-Commerce Systems Security-Critical Systems Formal Methods Test Specification Validation and Analysis Computer-aided Software Engineering (CASE) AutoFocus
Unable to display preview. Download preview PDF.
- [AJ01]M. Abadi and J. Jürjens. Formal eavesdropping and its computational interpretation. In TACS’ 01, volume 2215 of LNCS. Springer, 2001.Google Scholar
- [AKS96]T. Aslam, I. Krsul, and E. Spafford. Use of A Taxonomy of Security Faults. In 19th National Information Systems Security Conference, Baltimore, 1996.Google Scholar
- [BS01]M. Broy and K. Stolen, editors. Specification and Development of Interactive Systems. Springer, 2001.Google Scholar
- [CEP01]CEPSCO. Common Electronic Purse Specifications, 2001. Available at http://www.cepsco.com.
- [DBG01]J. Dushina, M. Benjamin, and D. Geist. Semi-Formal Test Generation with Genevieve. In DAC, 2001.Google Scholar
- [DF93]J. Dick and A. Faivre. Automating the generation and sequencing of test cases from model-based specifications. In FME’ 93, pages 268–284, 1993.Google Scholar
- [GSG99]S. Gritzalis, D. Spinellis, and P. Georgiadis. Security protocols over open networks and distributed systems. Comp. Communic., 22(8):695–707, 1999.Google Scholar
- [HNS97]S. Helke, T. Neustupny, and T. Santen. Automating Test Case Generation from Z Specifications with Isabelle. In ZUM’ 97, volume 1212 of LNCS, pages 52–71. Springer, 1997.Google Scholar
- [JW01a]Jan Jürjens and Guido Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In First IFIP conference on e-commerce, e-business, and e-government (I3E). Kluwer, 2001.Google Scholar
- [JW01b]Jan Jürjens and Guido Wimmel. Specification-based testing of firewalls. In Andrei Ershov 4th International Conference ”Perspectives of System Informatics” (PSI’01), LNCS. Springer, 2001.Google Scholar
- [LP00]H. Lötzbeyer and A. Pretschner. Testing concurrent reactive systems with constraint logic programming. In 2nd Workshop on Rule-Based Constraint Reasoning and Programming, Singapore, 2000.Google Scholar
- [Off95]J. Offutt. Practical Mutation Testing. In 12th International Conference on Testing Computer Software, 1995.Google Scholar
- [OVJ96]J. Offutt, J. Voas, and J. Payne. Mutation Operators for Ada. Technical Report ISSE-TR-96-09, George Mason University, 1996.Google Scholar
- [OXL99]J. Offutt, Y. Xiong, and S. Liu. Criteria for Generating Specification-based Tests. In IEEE Conf. on Engineering of Complex Computer Systems, 1999.Google Scholar
- [PS97]J. Peleska and M. Siegel. Test automation of safety-critical reactive systems. South African Computer Jounal, 19:53–77, 1997.Google Scholar
- [VM98]J. Voas and G. McGraw. Software Fault Injection: Inoculating Programs Against Errors. Wiley, 1998.Google Scholar
- [WJ02]G. Wimmel and J. Jürjens. Specification-Based Test Generation for Security-Critical Systems Using Mutations, 2002. Long version, available at http://www4.in.tum.de/~wimmel/.
- [WLPS00]G. Wimmel, H. Lötzbeyer, A. Pretschner, and O. Slotosch. Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10, 2000.Google Scholar
- [WW01]G. Wimmel and A. Wiβpeintner. Extended description techniques for security engineering. In IFIP SEC, 2001.Google Scholar