A New Model-Based Framework for Testing Security of IOT Systems in Smart Cities Using Attack Trees and Price Timed Automata

International audienceIn this paper we propose a new model-based framework for testing security properties of Internet of Things in Smart Cities. In general a model-based approach consists in extracting test cases from a formal specification either of the system under test or the environment of the considered system in an automatic fashion. Our framework is mainly built on the use of two formalisms namely Attack Trees and Price Timed Automata. An attack tree allows to describe the strategy adopted by the malicious party which intends to violate the security of the considered IOT system. An attack tree is translated into a network of price timed automata. The product of the constructed price timed automata is then computed using the well known UPPAALL platform. The obtained timed automata product serves as input for the adopted test generation algorithm. Moreover our framework takes advantage of the use of the standardized specification and execution testing language TTCN-3. With this respect, the obtained abstract tests are translated into the TTCN-3 format. Finally we propose a cloud-oriented architecture in order to ensure test execution and to collect the generated verdicts

Testing Real-World Healthcare IoT Application: Experiences and Lessons Learned

Healthcare Internet of Things (IoT) applications require rigorous testing to ensure their dependability. Such applications are typically integrated with various third-party healthcare applications and medical devices through REST APIs. This integrated network of healthcare IoT applications leads to REST APIs with complicated and interdependent structures, thus creating a major challenge for automated system-level testing. We report an industrial evaluation of a state-of-the-art REST APIs testing approach (RESTest) on a real-world healthcare IoT application. We analyze the effectiveness of RESTest's testing strategies regarding REST APIs failures, faults in the application, and REST API coverage, by experimenting with six REST APIs of 41 API endpoints of the healthcare IoT application. Results show that several failures are discovered in different REST APIs with ~56% coverage using RESTest. Moreover, nine potential faults are identified. Using the evidence collected from the experiments, we provide our experiences and lessons learned.Comment: To appear in the Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023

Model-Based Testing of Smart Home Systems Using EFSM, CEFSM, and FSMApp

Smart Home Systems (SHS) are some of the most popular Internet of Things (IoT) applications. In 2021, there were 52.22 million smart homes in the United States and they are expected to grow to 77.1 million in 2025 [71]. According to MediaPost [74], 69 percent of American households have at least one smart home device. The number of smart home systems poses a challenge for software testers to find the right approach to test these systems. This dissertation employs Extended Finite State Machines (EFSMs) [6, 24, 105], Communicating Extended Finite State Machines (EFSMs) [68] and FSMApp [10] to generate reusable test-ready models of smart home systems. We present an approach to create reusable test-ready models of smart home systems using EFSMs to model device components (Sensor, Controller and Actuator), EFSMs to model single devices in the SHS and the interaction between the devices. We adopted Al Haddad’s [10] FSMApp approach to model and test the mobile application that controls the SHS. These reusable test-ready models were used to generate tests. This dissertation also addresses evolution in smart home systems. Evolution is classified into three categories: adding a new device, updating an excising device or removing one. A method for selective black-box model-based regression testing for these changes was proposed