Vulnerability Assessment of Web Services with Model-Based Mutation Testing

Faezeh Siavashi; Dragos Truscan; Vain Juri

doi:10.1109/QRS.2018.00043

Vulnerability Assessment of Web Services with Model-Based Mutation Testing

Faezeh Siavashi, Dragos Truscan, Vain Juri

Informationsteknologi

Forskningsoutput: Kapitel i bok/konferenshandling › Konferensbidrag › Vetenskaplig › Peer review

8 Citeringar (Scopus)

54 Nedladdningar (Pure)

Sammanfattning

We present a model-based mutation testing approach, for evaluating the authentication and authorization of web services in a multi-user context. Model of a web service and its security requirements are designed using UPPAAL Timed Automata. The model is mutated to create invalid behavior which is used for test generation to reveal faults in the system under test. The approach is supported by a model-based mutation testing tool, μUTA, that automatically generates mutants, selects a collection of suitable mutants for testing and generates test cases from them. We modify a previously defined mutation operator and introduce three new operators for additional mutants. We define criteria for the mutation-selection and demonstrate the approach on a blog web service. Results show that the approach can discover authorization faults that were not detected by traditional methods.

Originalspråk	Odefinierat/okänt
Titel på värdpublikation	Proceedings of 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)
Redaktörer	NN
Förlag	IEEE
Sidor	301–312
ISBN (tryckt)	978-1-5386-7757-5
DOI	https://doi.org/10.1109/QRS.2018.00043
Status	Publicerad - 2018
MoE-publikationstyp	A4 Artikel i en konferenspublikation
Evenemang	IEEE International Conference on Software Quality, Reliability and Security (QRS) - Varaktighet: 16 juli 2018 → 20 juli 2018

Konferens

Konferens	IEEE International Conference on Software Quality, Reliability and Security (QRS)
Period	16/07/18 → 20/07/18

Nyckelord

Security Testing
UPPAAL Timed Automata
model-based mutation testing

Åtkomst av dokument

10.1109/QRS.2018.00043

2018-VulnerabilityAssessment-QRS2018.pdfAccepterat manuskript från författare, 788 KBLicens: Publisher rights policy

http://urn.fi/URN:NBN:fi-fe2020102788545

1 Slutfört

MegaM@Rt2: MegaModelling at Runtime
Truscan, D., Ahmad, T., Iqbal, J., Porres Paltor, I., Siavashi, F. & Ashraf, A.
European Commission
01/04/17 → 31/03/20
Projekt: EU

Citera det här

@inproceedings{e6f3d556277e43929dab49a8dbf5b99e,

title = "Vulnerability Assessment of Web Services with Model-Based Mutation Testing",

abstract = "We present a model-based mutation testing approach, for evaluating the authentication and authorization of web services in a multi-user context. Model of a web service and its security requirements are designed using UPPAAL Timed Automata. The model is mutated to create invalid behavior which is used for test generation to reveal faults in the system under test. The approach is supported by a model-based mutation testing tool, μUTA, that automatically generates mutants, selects a collection of suitable mutants for testing and generates test cases from them. We modify a previously defined mutation operator and introduce three new operators for additional mutants. We define criteria for the mutation-selection and demonstrate the approach on a blog web service. Results show that the approach can discover authorization faults that were not detected by traditional methods. ",

keywords = "Security Testing, UPPAAL Timed Automata, model-based mutation testing, Security Testing, UPPAAL Timed Automata, model-based mutation testing, Security Testing, UPPAAL Timed Automata, model-based mutation testing",

author = "Faezeh Siavashi and Dragos Truscan and Vain Juri",

year = "2018",

doi = "10.1109/QRS.2018.00043",

language = "Odefinierat/ok{\"a}nt",

isbn = "978-1-5386-7757-5",

pages = "301–312",

editor = "NN",

booktitle = "Proceedings of 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)",

publisher = "IEEE",

note = "IEEE International Conference on Software Quality, Reliability and Security (QRS) ; Conference date: 16-07-2018 Through 20-07-2018",

}

Siavashi, F, Truscan, D & Juri, V 2018, Vulnerability Assessment of Web Services with Model-Based Mutation Testing. i NN (red.), Proceedings of 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS). IEEE, s. 301–312, IEEE International Conference on Software Quality, Reliability and Security (QRS), 16/07/18. https://doi.org/10.1109/QRS.2018.00043

TY - GEN

T1 - Vulnerability Assessment of Web Services with Model-Based Mutation Testing

AU - Siavashi, Faezeh

AU - Truscan, Dragos

AU - Juri, Vain

PY - 2018

Y1 - 2018

N2 - We present a model-based mutation testing approach, for evaluating the authentication and authorization of web services in a multi-user context. Model of a web service and its security requirements are designed using UPPAAL Timed Automata. The model is mutated to create invalid behavior which is used for test generation to reveal faults in the system under test. The approach is supported by a model-based mutation testing tool, μUTA, that automatically generates mutants, selects a collection of suitable mutants for testing and generates test cases from them. We modify a previously defined mutation operator and introduce three new operators for additional mutants. We define criteria for the mutation-selection and demonstrate the approach on a blog web service. Results show that the approach can discover authorization faults that were not detected by traditional methods.

AB - We present a model-based mutation testing approach, for evaluating the authentication and authorization of web services in a multi-user context. Model of a web service and its security requirements are designed using UPPAAL Timed Automata. The model is mutated to create invalid behavior which is used for test generation to reveal faults in the system under test. The approach is supported by a model-based mutation testing tool, μUTA, that automatically generates mutants, selects a collection of suitable mutants for testing and generates test cases from them. We modify a previously defined mutation operator and introduce three new operators for additional mutants. We define criteria for the mutation-selection and demonstrate the approach on a blog web service. Results show that the approach can discover authorization faults that were not detected by traditional methods.

KW - Security Testing

KW - UPPAAL Timed Automata

KW - model-based mutation testing

KW - Security Testing

KW - UPPAAL Timed Automata

KW - model-based mutation testing

KW - Security Testing

KW - UPPAAL Timed Automata

KW - model-based mutation testing

U2 - 10.1109/QRS.2018.00043

DO - 10.1109/QRS.2018.00043

M3 - Konferensbidrag

SN - 978-1-5386-7757-5

SP - 301

EP - 312

BT - Proceedings of 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)

A2 - NN, null

PB - IEEE

T2 - IEEE International Conference on Software Quality, Reliability and Security (QRS)

Y2 - 16 July 2018 through 20 July 2018

ER -

Vulnerability Assessment of Web Services with Model-Based Mutation Testing

Sammanfattning

Konferens

Nyckelord

Åtkomst av dokument

Projekt

MegaM@Rt2: MegaModelling at Runtime

Citera det här