Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems

Gaadha Chariyarupadannayil Sudheerbabu; Tanwir Ahmad; Dragos Truscan; Juri Vain

doi:10.1007/978-3-031-42212-6

Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems

Gaadha Chariyarupadannayil Sudheerbabu, Tanwir Ahmad, Dragos Truscan, Juri Vain

Informaatioteknologia

Tutkimustuotos: Artikkeli kirjassa/raportissa/konferenssijulkaisussa › Luku › Tieteellinen › vertaisarvioitu

2 Sitaatiot (Scopus)

2 Lataukset (Pure)

Abstrakti

Security verification of software systems is vital to ensure they are resilient against targeted attacks. Any vulnerability in the software should be discovered, classified, and resolved promptly to ensure the system’s operational correctness and functional safety. However, testing and program debugging of complex industrial control systems are often challenging due to the test oracle problem. In this work, we discuss an integrated method for test generation and fault localization using metamorphic testing. Our method extracts metamorphic relation from the system specification and uses it as the derived test oracle to distinguish the successful and failed tests for spectrum-based fault localization. The proposed approach consists of two phases: a test generation phase using metamorphic testing and a fault localization phase to assist with the root cause analysis and failure diagnosis. The method is exemplified on a load position system without explicit specifications of the test oracle, and the results show that it is effective in discovering vulnerabilities in the application and significantly assists the developers with root cause analysis of identified faults that reduces the overall failure diagnosis effort.

Alkuperäiskieli	Englanti
Otsikko	CyberSecurity in a DevOps Environment
Alaotsikko	From Requirements to Monitoring
Toimittajat	Andrey Sadovykh, Dragos Truscan, Wissam Mallouli, Ana Rosa Cavalli, Cristina Seceleanu, Alessandra Bagnato
Kustantaja	Springer
Luku	5
Sivut	127-159
ISBN (elektroninen)	978-3-031-42212-6
ISBN (painettu)	978-3-031-42211-9
DOI - pysyväislinkit	https://doi.org/10.1007/978-3-031-42212-6
Tila	Julkaistu - 2023
OKM-julkaisutyyppi	A3 Kirjan osa tai toinen tutkimuskirja

Pääsy asiakirjaan

10.1007/978-3-031-42212-6

2023-VDOBook-MetaChapterHyväksytty kirjoittajan käsikirjoitus, 1,14 MBLisenssi: Publisher rights policy

https://urn.fi/URN:NBN:fi-fe202501011016

VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
Truscan, D. (Vastuullinen tutkija), Porres Paltor, I. (CoPI), Ashraf, A. (Vastuullinen tutkija), Ahmad, T. (CoI), Chariyarupadannayil Sudheerbabu, G. (CoI) & Chapagain, S. (Vastuullinen tutkija)
EU Horizon 2020
01/10/20 → 31/01/24
Projekti: EU

Viittausmuodot

Chariyarupadannayil Sudheerbabu, G., Ahmad, T., Truscan, D., & Vain, J. (2023). Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems. teoksessa A. Sadovykh, D. Truscan, W. Mallouli, A. R. Cavalli, C. Seceleanu, & A. Bagnato (Toimittajat), CyberSecurity in a DevOps Environment : From Requirements to Monitoring (Sivut 127-159). Springer. https://doi.org/10.1007/978-3-031-42212-6

Chariyarupadannayil Sudheerbabu, Gaadha ; Ahmad, Tanwir ; Truscan, Dragos et al. / Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems. CyberSecurity in a DevOps Environment : From Requirements to Monitoring. Toimittaja / Andrey Sadovykh ; Dragos Truscan ; Wissam Mallouli ; Ana Rosa Cavalli ; Cristina Seceleanu ; Alessandra Bagnato. Springer, 2023. Sivut 127-159

@inbook{ef49b29d00914aa083d6d064b7ba7c0f,

title = "Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems",

abstract = "Security verification of software systems is vital to ensure they are resilient against targeted attacks. Any vulnerability in the software should be discovered, classified, and resolved promptly to ensure the system{\textquoteright}s operational correctness and functional safety. However, testing and program debugging of complex industrial control systems are often challenging due to the test oracle problem. In this work, we discuss an integrated method for test generation and fault localization using metamorphic testing. Our method extracts metamorphic relation from the system specification and uses it as the derived test oracle to distinguish the successful and failed tests for spectrum-based fault localization. The proposed approach consists of two phases: a test generation phase using metamorphic testing and a fault localization phase to assist with the root cause analysis and failure diagnosis. The method is exemplified on a load position system without explicit specifications of the test oracle, and the results show that it is effective in discovering vulnerabilities in the application and significantly assists the developers with root cause analysis of identified faults that reduces the overall failure diagnosis effort.",

keywords = "Metamorphic testing, Security testing, Safety Verification, Spectrum-based Fault localization",

author = "{Chariyarupadannayil Sudheerbabu}, Gaadha and Tanwir Ahmad and Dragos Truscan and Juri Vain",

year = "2023",

doi = "10.1007/978-3-031-42212-6",

language = "English",

isbn = "978-3-031-42211-9",

pages = "127--159",

editor = "Andrey Sadovykh and Truscan, {Dragos } and Mallouli, {Wissam } and Cavalli, {Ana Rosa} and Cristina Seceleanu and Alessandra Bagnato",

booktitle = "CyberSecurity in a DevOps Environment",

publisher = "Springer",

}

Chariyarupadannayil Sudheerbabu, G , Ahmad, T , Truscan, D & Vain, J 2023, Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems. julkaisussa A Sadovykh, D Truscan, W Mallouli, AR Cavalli, C Seceleanu & A Bagnato (toim), CyberSecurity in a DevOps Environment : From Requirements to Monitoring. Springer, Sivut 127-159. https://doi.org/10.1007/978-3-031-42212-6

Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems. / Chariyarupadannayil Sudheerbabu, Gaadha ; Ahmad, Tanwir ; Truscan, Dragos et al.
CyberSecurity in a DevOps Environment : From Requirements to Monitoring. toim. / Andrey Sadovykh; Dragos Truscan; Wissam Mallouli; Ana Rosa Cavalli; Cristina Seceleanu; Alessandra Bagnato. Springer, 2023. s. 127-159.

Tutkimustuotos: Artikkeli kirjassa/raportissa/konferenssijulkaisussa › Luku › Tieteellinen › vertaisarvioitu

TY - CHAP

T1 - Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems

AU - Chariyarupadannayil Sudheerbabu, Gaadha

AU - Ahmad, Tanwir

AU - Truscan, Dragos

AU - Vain, Juri

PY - 2023

Y1 - 2023

N2 - Security verification of software systems is vital to ensure they are resilient against targeted attacks. Any vulnerability in the software should be discovered, classified, and resolved promptly to ensure the system’s operational correctness and functional safety. However, testing and program debugging of complex industrial control systems are often challenging due to the test oracle problem. In this work, we discuss an integrated method for test generation and fault localization using metamorphic testing. Our method extracts metamorphic relation from the system specification and uses it as the derived test oracle to distinguish the successful and failed tests for spectrum-based fault localization. The proposed approach consists of two phases: a test generation phase using metamorphic testing and a fault localization phase to assist with the root cause analysis and failure diagnosis. The method is exemplified on a load position system without explicit specifications of the test oracle, and the results show that it is effective in discovering vulnerabilities in the application and significantly assists the developers with root cause analysis of identified faults that reduces the overall failure diagnosis effort.

AB - Security verification of software systems is vital to ensure they are resilient against targeted attacks. Any vulnerability in the software should be discovered, classified, and resolved promptly to ensure the system’s operational correctness and functional safety. However, testing and program debugging of complex industrial control systems are often challenging due to the test oracle problem. In this work, we discuss an integrated method for test generation and fault localization using metamorphic testing. Our method extracts metamorphic relation from the system specification and uses it as the derived test oracle to distinguish the successful and failed tests for spectrum-based fault localization. The proposed approach consists of two phases: a test generation phase using metamorphic testing and a fault localization phase to assist with the root cause analysis and failure diagnosis. The method is exemplified on a load position system without explicit specifications of the test oracle, and the results show that it is effective in discovering vulnerabilities in the application and significantly assists the developers with root cause analysis of identified faults that reduces the overall failure diagnosis effort.

KW - Metamorphic testing

KW - Security testing

KW - Safety Verification

KW - Spectrum-based Fault localization

U2 - 10.1007/978-3-031-42212-6

DO - 10.1007/978-3-031-42212-6

M3 - Chapter

SN - 978-3-031-42211-9

SP - 127

EP - 159

BT - CyberSecurity in a DevOps Environment

A2 - Sadovykh, Andrey

A2 - Truscan, Dragos

A2 - Mallouli, Wissam

A2 - Cavalli, Ana Rosa

A2 - Seceleanu, Cristina

A2 - Bagnato, Alessandra

PB - Springer

ER -

Chariyarupadannayil Sudheerbabu G , Ahmad T , Truscan D, Vain J. Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems. julkaisussa Sadovykh A, Truscan D, Mallouli W, Cavalli AR, Seceleanu C, Bagnato A, toimittajat, CyberSecurity in a DevOps Environment : From Requirements to Monitoring. Springer. 2023. s. 127-159 doi: 10.1007/978-3-031-42212-6

Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems

Abstrakti

Pääsy asiakirjaan

Sormenjälki

Projektit

VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments

Viittausmuodot