Search CORE

121 research outputs found

Model-Based Security Testing

Author: A. Takanen
Alexander K. Petrenko
Barton P. Miller
David Basin
F. Y. Gu Tian-yang Shi Yin-sheng & Yuan
Guido Wimmel
Holger Schlingloff
Ida Hogganvik
Ina Schieferdecker
Jan Jürjens
Jan Jürjens
Jan Jürjens
Jan Jürjens
Juergen Grossmann
K.A. Reay
Linzhang Wang
M. S. Lund
Mark Blackburn
Martin Schneider
Martin Weiglhofer
Matthias Güdemann
Paul Baker
Paul Gerrard
Rauli Kaksonen
Sjouke Mauw
Tejeddine Mouelhi
W E Vesely
Publication venue: 'Open Publishing Association'
Publication date: 01/02/2012
Field of study

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

arXiv.org e-Print Archive

Crossref

Directory of Open Access Journals

Combining Static and Dynamic Analysis for Vulnerability Detection

Author: Ceara Dumitru
Mounier Laurent
Potet Marie-Laure
Rawat Sanjay
Publication venue
Publication date: 01/01/2013
Field of study

In this paper, we present a hybrid approach for buffer overflow detection in C code. The approach makes use of static and dynamic analysis of the application under investigation. The static part consists in calculating taint dependency sequences (TDS) between user controlled inputs and vulnerable statements. This process is akin to program slice of interest to calculate tainted data- and control-flow path which exhibits the dependence between tainted program inputs and vulnerable statements in the code. The dynamic part consists of executing the program along TDSs to trigger the vulnerability by generating suitable inputs. We use genetic algorithm to generate inputs. We propose a fitness function that approximates the program behavior (control flow) based on the frequencies of the statements along TDSs. This runtime aspect makes the approach faster and accurate. We provide experimental results on the Verisec benchmark to validate our approach.Comment: There are 15 pages with 1 figur

arXiv.org e-Print Archive

Explore Bristol Research

Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach

Author: Hutzelmann Thomas
Ognawala Saahil
Pretschner Alexander
Psallida Eirini
Publication venue: 'Association for Computing Machinery (ACM)'
Publication date: 12/12/2017
Field of study

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage. A hybrid technique involving fuzzing and symbolic execution may achieve better function coverage than fuzzing or symbolic execution alone. In this paper, we present Munch, an open source framework implementing two hybrid techniques based on fuzzing and symbolic execution. We empirically show using nine large open-source programs that overall, Munch achieves higher (in-depth) function coverage than symbolic execution or fuzzing alone. Using metrics based on total analyses time and number of queries issued to the SMT solver, we also show that Munch is more efficient at achieving better function coverage.Comment: To appear at 33rd ACM/SIGAPP Symposium On Applied Computing (SAC). To be held from 9th to 13th April, 201

arXiv.org e-Print Archive

Crossref

The Theory of Software Testing

Author: Lawanna Adtha
Publication venue: Assumption University of Thailand
Publication date: 27/10/2015
Field of study

Software testing is the process of testing bugs in lines of code of a program that can be performed by manual or automation testing. The theory of software testing involves problem definitions of testing such as test team, failure after testing, manual testing, uncertainty principle, participation, and incorrect test case selection. This article shows the details of a critical part of software testing, which is how to test the performance of new software and the entire system. The outcome of this article is the whole picture of three phases for software testing as follows: preliminary testing, testing and user acceptance testing

Assumption Journals