Advertisement

Retaining Consistency for Knowledge-Based Security Testing

  • Andreas Bernauer
  • Josip Bozic
  • Dimitris E. Simos
  • Severin Winkler
  • Franz Wotawa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8482)

Abstract

Testing of software and systems requires a set of inputs to the system under test as well as test oracles for checking the correctness of the obtained output. In this paper we focus on test oracles within the domain of security testing, which require consistent knowledge of security policies. Unfortunately, consistency of knowledge cannot always be ensured. Therefore, we strongly require a process of retaining consistencies in order to provide a test oracle. In this paper we focus on an automated approach for consistency handling that is based on the basic concepts and ideas of model-based diagnosis. Using a brief example, we discuss the underlying method and its application in the domain of security testing. The proposed algorithm guarantees to find one root cause of an inconsistency and is based on theorem proving.

Keywords

model-based diagnosis root cause analysis testing oracle 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bond, G.W.: Logic Programs for Consistency-Based Diagnosis. PhD thesis, Carleton University, Faculty of Engineering, Ottawa, Canada (1994)Google Scholar
  2. 2.
    Cohen, D.M., Dalal, S.R., Fredman, M.L., Patton, G.C.: The AETG system: An approach to testing based on combinatorial design. IEEE Trans. Softw. Eng. 23(7), 437–444 (1997)CrossRefGoogle Scholar
  3. 3.
    Console, L., Friedrich, G., Dupré, D.T.: Model-based diagnosis meets error diagnosis in logic programs. In: International Joint Conference on Artificial Intelligence (IJCAI), Chambery, pp. 1494–1499 (August 1993)Google Scholar
  4. 4.
    Davis, R.: Diagnostic reasoning based on structure and behavior. Artificial Intelligence 24, 347–410 (1984)CrossRefGoogle Scholar
  5. 5.
    Felferning, A., Friedrich, G., Jannach, D., Stumptner, M.: Consistency based diagnosis of configuration knowledge bases. Artificial Intelligence 152(2), 213–234 (2004)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Greiner, R., Smith, B.A., Wilkerson, R.W.: A correction to the algorithm in Reiter’s theory of diagnosis. Artificial Intelligence 41(1), 79–88 (1989)CrossRefzbMATHMathSciNetGoogle Scholar
  7. 7.
    Hoglund, G., McGraw, G.: Exploiting Software: How to Break Code. Addison-Wesley (2004) ISBN: 0-201-78695-8Google Scholar
  8. 8.
    McCune, W.: Prover9 and mace4, http://www.cs.unm.edu/~mccune/prover9/ (2005–2010)
  9. 9.
    Reiter, R.: A theory of diagnosis from first principles. Artificial Intelligence 32(1), 57–95 (1987)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Shapiro, E.: Algorithmic Program Debugging. MIT Press, Cambridge (1983)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Andreas Bernauer
    • 1
  • Josip Bozic
    • 2
  • Dimitris E. Simos
    • 3
  • Severin Winkler
    • 1
  • Franz Wotawa
    • 2
  1. 1.Security ResearchViennaAustria
  2. 2.Techn. Univ. GrazGrazAustria
  3. 3.SBA ResearchViennaAustria

Personalised recommendations