Specification-Based Test Generation for Security-Critical Systems Using Mutations

  • Guido Wimmel
  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2495)


In specification-based testing, test sequences are generated from an abstract system specification to provide confidence in the correctness of an implementation. For security-critical systems, finding tests likely to detect possible vulnerabilities is particularly difficult, as they usually involve subtle and complex execution scenarios and consideration of domain-specific concepts such as cryptography and random numbers. We present research aiming to generate test sequences for transaction systems from a formal security model supported by the CASE tool Auto-Focus. The test sequences are determined with respect to the system’s required security properties, using mutations of the system specification and attack scenarios. To be able to apply them to an existing implementation, the abstract test sequences are concretized.


Test Case Generation E-Commerce Systems Security-Critical Systems Formal Methods Test Specification Validation and Analysis Computer-aided Software Engineering (CASE) AutoFocus 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AJ01]
    M. Abadi and J. Jürjens. Formal eavesdropping and its computational interpretation. In TACS’ 01, volume 2215 of LNCS. Springer, 2001.Google Scholar
  2. [AKS96]
    T. Aslam, I. Krsul, and E. Spafford. Use of A Taxonomy of Security Faults. In 19th National Information Systems Security Conference, Baltimore, 1996.Google Scholar
  3. [BS01]
    M. Broy and K. Stolen, editors. Specification and Development of Interactive Systems. Springer, 2001.Google Scholar
  4. [CEP01]
    CEPSCO. Common Electronic Purse Specifications, 2001. Available at
  5. [DBG01]
    J. Dushina, M. Benjamin, and D. Geist. Semi-Formal Test Generation with Genevieve. In DAC, 2001.Google Scholar
  6. [DF93]
    J. Dick and A. Faivre. Automating the generation and sequencing of test cases from model-based specifications. In FME’ 93, pages 268–284, 1993.Google Scholar
  7. [GSG99]
    S. Gritzalis, D. Spinellis, and P. Georgiadis. Security protocols over open networks and distributed systems. Comp. Communic., 22(8):695–707, 1999.Google Scholar
  8. [HNS97]
    S. Helke, T. Neustupny, and T. Santen. Automating Test Case Generation from Z Specifications with Isabelle. In ZUM’ 97, volume 1212 of LNCS, pages 52–71. Springer, 1997.Google Scholar
  9. [JW01a]
    Jan Jürjens and Guido Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In First IFIP conference on e-commerce, e-business, and e-government (I3E). Kluwer, 2001.Google Scholar
  10. [JW01b]
    Jan Jürjens and Guido Wimmel. Specification-based testing of firewalls. In Andrei Ershov 4th International Conference ”Perspectives of System Informatics” (PSI’01), LNCS. Springer, 2001.Google Scholar
  11. [LP00]
    H. Lötzbeyer and A. Pretschner. Testing concurrent reactive systems with constraint logic programming. In 2nd Workshop on Rule-Based Constraint Reasoning and Programming, Singapore, 2000.Google Scholar
  12. [Off95]
    J. Offutt. Practical Mutation Testing. In 12th International Conference on Testing Computer Software, 1995.Google Scholar
  13. [OVJ96]
    J. Offutt, J. Voas, and J. Payne. Mutation Operators for Ada. Technical Report ISSE-TR-96-09, George Mason University, 1996.Google Scholar
  14. [OXL99]
    J. Offutt, Y. Xiong, and S. Liu. Criteria for Generating Specification-based Tests. In IEEE Conf. on Engineering of Complex Computer Systems, 1999.Google Scholar
  15. [PS97]
    J. Peleska and M. Siegel. Test automation of safety-critical reactive systems. South African Computer Jounal, 19:53–77, 1997.Google Scholar
  16. [VM98]
    J. Voas and G. McGraw. Software Fault Injection: Inoculating Programs Against Errors. Wiley, 1998.Google Scholar
  17. [WJ02]
    G. Wimmel and J. Jürjens. Specification-Based Test Generation for Security-Critical Systems Using Mutations, 2002. Long version, available at
  18. [WLPS00]
    G. Wimmel, H. Lötzbeyer, A. Pretschner, and O. Slotosch. Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10, 2000.Google Scholar
  19. [WW01]
    G. Wimmel and A. Wiβpeintner. Extended description techniques for security engineering. In IFIP SEC, 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Guido Wimmel
    • 1
  • Jan Jürjens
    • 1
  1. 1.Department of Computer ScienceMunich University of TechnologyGarchingGermany

Personalised recommendations