514 research outputs found
Metamorphic testing for cybersecurity
Metamorphic testing (MT) can enhance security testing by providing an alternative to using a testing oracle, which is often unavailable or impractical. The authors report how MT detected previously unknown bugs in real-world critical applications such as code obfuscators, giving evidence that software testing requires diverse perspectives to achieve greater cybersecurity
A Template–Based Approach to Describing Metamorphic Relations
Metamorphic testing enables the generation of test
cases in the absence of an oracle by exploiting relations among
different executions of the program under test, called metamorphic
relations. In a recent survey, we observed a great variability
in the way metamorphic relations are described, typically in
an informal manner using natural language. We noticed that
the lack of a standard mechanism to describe metamorphic
relations often makes them hard to read and understand, which
hinders the widespread adoption of the technique. In this paper,
we propose a template–based approach for the description of
metamorphic relations. The proposed template aims to ease
communication among practitioners as well as to contribute to
research dissemination. Also, it provides a helpful guide for
those approaching metamorphic testing for the first time. For
the validation of the approach, we used the proposed template
to describe 17 previously published metamorphic relations from
different domains and groups of authors, without finding expressiveness
problems. We hope that this work eases the diffusion and
adoption of metamorphic testing, contributing to the progress of
this thriving testing technique.Comisión Interministerial de Ciencia y Tecnología TIN2015-70560-RJunta de Andalucía P12-TIC-186
Metamorphic testing: testing the untestable
What if we could know that a program is buggy, even if we could not tell whether or not its observed output is correct? This is one of the key strengths of metamorphic testing, a technique where failures are not revealed by checking an individual concrete output, but by checking the relations among the inputs and outputs of multiple executions of the program under test. Two decades after its introduction, metamorphic testing has become a fully-fledged testing technique with successful applications in multiple domains, including online search engines, autonomous machinery, compilers, Web APIs, and deep learning programs, among others. This article serves as a hands-on entry point for newcomers to metamorphic testing, describing examples, possible applications, and current limitations, providing readers with the basics for the application of the technique in their own projects. IEE
Metamorphic Testing of Navigation Software: A Pilot Study with Google Maps
Millions of people use navigation software every day to commute and travel. In addition, many systems rely upon the correctness of navigation software to function, ranging from directions applications to self-driving machinery. Navigation software is difficult to test because it is hard or very expensive to evaluate its output. This difficulty is generally known as the oracle problem, a fundamental challenge in software testing. In this study, we propose a metamorphic testing strategy to alleviate the oracle problem in testing navigation software, and conduct a case study by testing the Google Maps mobile app, its web service API, and its graphical user interface. The results show that our strategy is effective with the detection of several real-life bugs in Google Maps. This study is the first work on automated testing of navigation software with the detection of real-life bugs
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
Educational Machine Learning Modules for Undergraduates in Cybersecurity
Machine learning resources have developed by leaps and bounds in recent years and have become pervasive in many fields, including the field of Cybersecurity. As such, it is important that machine learning applications be taught at the undergraduate level in the context of Cybersecurity to provide students with a competitive advantage that will be useful in industry. We are seeking to provide versatile module-based solutions that can either be integrated into existing security courses or stand alone. Several of these modules are currently in development, including a convolutional neural network (CNN) implementation for the classification of malware samples, an adversarial attack on that model in a later module by use of the fast gradient sign method (FGSM), followed by an adversarial training lab in order to harden machine learning models against such adversarial attacks. Students will use virtualization with Oracle’s VirtualBox to sandbox their experiments in a Linux environment. They will make use of Python to train and test their models, making use of the Keras, Tensorflow, and Scikit-learn libraries. These modules are intended to make applied machine learning knowledge accessible to undergraduates sooner than grad school, but may be used at higher levels or even by themselves. They are self-contained with the lectures and lab materials required for students to succeed as they gain valuable knowledge for their careers in Cybersecurity
- …