Projects per year
Abstract
Security verification of software systems is vital to ensure they are resilient against targeted attacks. Any vulnerability in the software should be discovered, classified, and resolved promptly to ensure the system’s operational correctness and functional safety. However, testing and program debugging of complex industrial control systems are often challenging due to the test oracle problem. In this work, we discuss an integrated method for test generation and fault localization using metamorphic testing. Our method extracts metamorphic relation from the system specification and uses it as the derived test oracle to distinguish the successful and failed tests for spectrum-based fault localization. The proposed approach consists of two phases: a test generation phase using metamorphic testing and a fault localization phase to assist with the root cause analysis and failure diagnosis. The method is exemplified on a load position system without explicit specifications of the test oracle, and the results show that it is effective in discovering vulnerabilities in the application and significantly assists the developers with root cause analysis of identified faults that reduces the overall failure diagnosis effort.
Original language | English |
---|---|
Title of host publication | CyberSecurity in a DevOps Environment |
Subtitle of host publication | From Requirements to Monitoring |
Editors | Andrey Sadovykh, Dragos Truscan, Wissam Mallouli, Ana Rosa Cavalli, Cristina Seceleanu, Alessandra Bagnato |
Publisher | Springer |
Chapter | 5 |
Pages | 127-159 |
ISBN (Electronic) | 978-3-031-42212-6 |
ISBN (Print) | 978-3-031-42211-9 |
DOIs | |
Publication status | Published - 2023 |
MoE publication type | A3 Part of a book or another research book |
Keywords
- Metamorphic testing
- Security testing
- Safety Verification
- Spectrum-based Fault localization
Fingerprint
Dive into the research topics of 'Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems'. Together they form a unique fingerprint.Projects
- 1 Finished
-
VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
Truscan, D. (Principal Investigator), Porres Paltor, I. (Co-Principal Investigator), Ashraf, A. (Principal Investigator), Ahmad, T. (Co-Investigator), Chariyarupadannayil Sudheerbabu, G. (Co-Investigator) & Chapagain, S. (Principal Investigator)
01/10/20 → 31/01/24
Project: EU