13 research outputs found
A New Model-Based Framework for Testing Security of IOT Systems in Smart Cities Using Attack Trees and Price Timed Automata
International audienceIn this paper we propose a new model-based framework for testing security properties of Internet of Things in Smart Cities. In general a model-based approach consists in extracting test cases from a formal specification either of the system under test or the environment of the considered system in an automatic fashion. Our framework is mainly built on the use of two formalisms namely Attack Trees and Price Timed Automata. An attack tree allows to describe the strategy adopted by the malicious party which intends to violate the security of the considered IOT system. An attack tree is translated into a network of price timed automata. The product of the constructed price timed automata is then computed using the well known UPPAALL platform. The obtained timed automata product serves as input for the adopted test generation algorithm. Moreover our framework takes advantage of the use of the standardized specification and execution testing language TTCN-3. With this respect, the obtained abstract tests are translated into the TTCN-3 format. Finally we propose a cloud-oriented architecture in order to ensure test execution and to collect the generated verdicts
Testing Real-World Healthcare IoT Application: Experiences and Lessons Learned
Healthcare Internet of Things (IoT) applications require rigorous testing to
ensure their dependability. Such applications are typically integrated with
various third-party healthcare applications and medical devices through REST
APIs. This integrated network of healthcare IoT applications leads to REST APIs
with complicated and interdependent structures, thus creating a major challenge
for automated system-level testing. We report an industrial evaluation of a
state-of-the-art REST APIs testing approach (RESTest) on a real-world
healthcare IoT application. We analyze the effectiveness of RESTest's testing
strategies regarding REST APIs failures, faults in the application, and REST
API coverage, by experimenting with six REST APIs of 41 API endpoints of the
healthcare IoT application. Results show that several failures are discovered
in different REST APIs with ~56% coverage using RESTest. Moreover, nine
potential faults are identified. Using the evidence collected from the
experiments, we provide our experiences and lessons learned.Comment: To appear in the Proceedings of the 31st ACM Joint European Software
Engineering Conference and Symposium on the Foundations of Software
Engineering (ESEC/FSE 2023