13,769 research outputs found
Verifying Web Applications: From Business Level Specifications to Automated Model-Based Testing
One of reasons preventing a wider uptake of model-based testing in the
industry is the difficulty which is encountered by developers when trying to
think in terms of properties rather than linear specifications. A disparity has
traditionally been perceived between the language spoken by customers who
specify the system and the language required to construct models of that
system. The dynamic nature of the specifications for commercial systems further
aggravates this problem in that models would need to be rechecked after every
specification change. In this paper, we propose an approach for converting
specifications written in the commonly-used quasi-natural language Gherkin into
models for use with a model-based testing tool. We have instantiated this
approach using QuickCheck and demonstrate its applicability via a case study on
the eHealth system, the national health portal for Maltese residents.Comment: In Proceedings MBT 2014, arXiv:1403.704
Verifying web applications : from business level specifications to automated model-based testing
One of reasons preventing a wider uptake of model-based testing in the industry is the difficulty which
is encountered by developers when trying to think in terms of properties rather than linear specifications. A disparity has traditionally been perceived between the language spoken by customers who
specify the system and the language required to construct models of that system. The dynamic nature
of the specifications for commercial systems further aggravates this problem in that models would
need to be rechecked after every specification change. In this paper, we propose an approach for
converting specifications written in the commonly-used quasi-natural language Gherkin into models
for use with a model-based testing tool. We have instantiated this approach using QuickCheck and
demonstrate its applicability via a case study on the eHealth system, the national health portal for
Maltese residents.peer-reviewe
Reinforcement learning for efficient network penetration testing
Penetration testing (also known as pentesting or PT) is a common practice for actively assessing the defenses of a computer network by planning and executing all possible attacks to discover and exploit existing vulnerabilities. Current penetration testing methods are increasingly becoming non-standard, composite and resource-consuming despite the use of evolving tools. In this paper, we propose and evaluate an AI-based pentesting system which makes use of machine learning techniques, namely reinforcement learning (RL) to learn and reproduce average and complex pentesting activities. The proposed system is named Intelligent Automated Penetration Testing System (IAPTS) consisting of a module that integrates with industrial PT frameworks to enable them to capture information, learn from experience, and reproduce tests in future similar testing cases. IAPTS aims to save human resources while producing much-enhanced results in terms of time consumption, reliability and frequency of testing. IAPTS takes the approach of modeling PT environments and tasks as a partially observed Markov decision process (POMDP) problem which is solved by POMDP-solver. Although the scope of this paper is limited to network infrastructures PT planning and not the entire practice, the obtained results support the hypothesis that RL can enhance PT beyond the capabilities of any human PT expert in terms of time consumed, covered attacking vectors, accuracy and reliability of the outputs. In addition, this work tackles the complex problem of expertise capturing and re-use by allowing the IAPTS learning module to store and re-use PT policies in the same way that a human PT expert would learn but in a more efficient way
CYCLONE Unified Deployment and Management of Federated, Multi-Cloud Applications
Various Cloud layers have to work in concert in order to manage and deploy
complex multi-cloud applications, executing sophisticated workflows for Cloud
resource deployment, activation, adjustment, interaction, and monitoring. While
there are ample solutions for managing individual Cloud aspects (e.g. network
controllers, deployment tools, and application security software), there are no
well-integrated suites for managing an entire multi cloud environment with
multiple providers and deployment models. This paper presents the CYCLONE
architecture that integrates a number of existing solutions to create an open,
unified, holistic Cloud management platform for multi-cloud applications,
tailored to the needs of research organizations and SMEs. It discusses major
challenges in providing a network and security infrastructure for the
Intercloud and concludes with the demonstration how the architecture is
implemented in a real life bioinformatics use case
A Model-Driven approach for functional test case generation
Test phase is one of the most critical phases in software engineering life cycle to assure the final system quality. In this context, functional system test cases verify that the system under test fulfills its functional specification. Thus, these test cases are frequently designed from the different scenarios and alternatives depicted in functional requirements. The objective of this paper is to introduce a systematic process based on the Model-Driven paradigm to automate the generation of functional test cases from functional requirements. For this aim, a set of metamodels and transformations and also a specific language domain to use them is presented. The paper finishes stating learned lessons from the trenches as well as relevant future work and conclusions that draw new research lines in the test cases generation context.Ministerio de EconomÃa y Competitividad TIN2013-46928-C3-3-
- …