Skip to main content
SpringerLink
Log in

Specification-Based Test Generation for Security-Critical Systems Using Mutations

  • Conference paper
  • First Online:
Formal Methods and Software Engineering (ICFEM 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2495))

Included in the following conference series:

Abstract

In specification-based testing, test sequences are generated from an abstract system specification to provide confidence in the correctness of an implementation. For security-critical systems, finding tests likely to detect possible vulnerabilities is particularly difficult, as they usually involve subtle and complex execution scenarios and consideration of domain-specific concepts such as cryptography and random numbers. We present research aiming to generate test sequences for transaction systems from a formal security model supported by the CASE tool Auto-Focus. The test sequences are determined with respect to the system’s required security properties, using mutations of the system specification and attack scenarios. To be able to apply them to an existing implementation, the abstract test sequences are concretized.

This work was partially supported by the German Ministry of Economics within the FairPay project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Abadi and J. Jürjens. Formal eavesdropping and its computational interpretation. In TACS’ 01, volume 2215 of LNCS. Springer, 2001.

    Google Scholar 

  2. T. Aslam, I. Krsul, and E. Spafford. Use of A Taxonomy of Security Faults. In 19th National Information Systems Security Conference, Baltimore, 1996.

    Google Scholar 

  3. M. Broy and K. Stolen, editors. Specification and Development of Interactive Systems. Springer, 2001.

    Google Scholar 

  4. CEPSCO. Common Electronic Purse Specifications, 2001. Available at http://www.cepsco.com.

  5. J. Dushina, M. Benjamin, and D. Geist. Semi-Formal Test Generation with Genevieve. In DAC, 2001.

    Google Scholar 

  6. J. Dick and A. Faivre. Automating the generation and sequencing of test cases from model-based specifications. In FME’ 93, pages 268–284, 1993.

    Google Scholar 

  7. S. Gritzalis, D. Spinellis, and P. Georgiadis. Security protocols over open networks and distributed systems. Comp. Communic., 22(8):695–707, 1999.

    Google Scholar 

  8. S. Helke, T. Neustupny, and T. Santen. Automating Test Case Generation from Z Specifications with Isabelle. In ZUM’ 97, volume 1212 of LNCS, pages 52–71. Springer, 1997.

    Google Scholar 

  9. Jan Jürjens and Guido Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In First IFIP conference on e-commerce, e-business, and e-government (I3E). Kluwer, 2001.

    Google Scholar 

  10. Jan Jürjens and Guido Wimmel. Specification-based testing of firewalls. In Andrei Ershov 4th International Conference ”Perspectives of System Informatics” (PSI’01), LNCS. Springer, 2001.

    Google Scholar 

  11. H. Lötzbeyer and A. Pretschner. Testing concurrent reactive systems with constraint logic programming. In 2nd Workshop on Rule-Based Constraint Reasoning and Programming, Singapore, 2000.

    Google Scholar 

  12. J. Offutt. Practical Mutation Testing. In 12th International Conference on Testing Computer Software, 1995.

    Google Scholar 

  13. J. Offutt, J. Voas, and J. Payne. Mutation Operators for Ada. Technical Report ISSE-TR-96-09, George Mason University, 1996.

    Google Scholar 

  14. J. Offutt, Y. Xiong, and S. Liu. Criteria for Generating Specification-based Tests. In IEEE Conf. on Engineering of Complex Computer Systems, 1999.

    Google Scholar 

  15. J. Peleska and M. Siegel. Test automation of safety-critical reactive systems. South African Computer Jounal, 19:53–77, 1997.

    Google Scholar 

  16. J. Voas and G. McGraw. Software Fault Injection: Inoculating Programs Against Errors. Wiley, 1998.

    Google Scholar 

  17. G. Wimmel and J. Jürjens. Specification-Based Test Generation for Security-Critical Systems Using Mutations, 2002. Long version, available at http://www4.in.tum.de/~wimmel/.

  18. G. Wimmel, H. Lötzbeyer, A. Pretschner, and O. Slotosch. Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10, 2000.

    Google Scholar 

  19. G. Wimmel and A. Wiβpeintner. Extended description techniques for security engineering. In IFIP SEC, 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Munich University of Technology, Boltzmannstr. 3, D-85748, Garching, Germany

    Guido Wimmel & Jan Jürjens

Authors
  1. Guido Wimmel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Jürjens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. International Institute for Software Technology, United Nations University, Casa Silva Mendes, Est. do Engenheiro Trigo No. 4, P.O. Box 3058, Macao

    Chris George

  2. School of Computer Engineering and Science, Shanghai University, 149 Yanchang Road, Shanghai, 200072, P.R. China

    Huaikou Miao

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wimmel, G., Jürjens, J. (2002). Specification-Based Test Generation for Security-Critical Systems Using Mutations. In: George, C., Miao, H. (eds) Formal Methods and Software Engineering. ICFEM 2002. Lecture Notes in Computer Science, vol 2495. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36103-0_48

Download citation

  • DOI: https://doi.org/10.1007/3-540-36103-0_48

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00029-7

  • Online ISBN: 978-3-540-36103-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation