Verification of Modular Systems with Unknown Components Combining Testing and Inference

26 pagesVerification of a modular system composed of communicating components is a difficult problem, especially when the formal specifications, i.e., models of the components are not available. Conventional testing techniques are not efficient in detecting erroneous interactions of components because interleavings of internal events are difficult to reproduce in a modular system. The problem of detecting intermittent errors and other compositional problems in the absence of components' models is addressed in this paper. A method to infer a controllable approximation of communicating components through testing is elaborated. The inferred finite state models of components are used to detect compositional problems in the system through reachability analysis. To confirm a flaw in a particular component, a witness trace is used to construct a test applied to the component in isolation. The models are refined at each analysis step thus making the approach iterative

XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing

Workshop website: http://www.spacios.eu/sectest2012/International audienceWe present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algorithm (GA). GA uses the learned formal model to automatically generate inputs with better fitness values towards triggering an instance of the given vulnerability

Verification de proprietes logiques des protocoles et systemes repartis par observation de simulations

SIGLECNRS T Bordereau / INIST-CNRS - Institut de l'Information Scientifique et TechniqueFRFranc

Case Studies in Learning Models and Testing Without Reset

International audienc

Inferring Mealy Machines

International audienceAutomata learning techniques are getting significant importance for their applications in a wide variety of software engineering problems, especially in the analysis and testing of complex systems. In recent studies, a previous learning approach [1] has been extended to synthesize Mealy machine models which are specifically tailored for I/O based systems. In this paper, we discuss the inference of Mealy machines and propose improvements that reduces the worst-time learning complexity of the existing algorithm. The gain over the complexity of the proposed algorithm has also been confirmed by experimentation on a large set of finite state machines

Analysis and testing of black-box component based systems by inferring partial models

International audienceFrom experience in component-based software engineering, it is known that the integration of high-quality components may not yield high-quality software systems. It is difficult to evaluate all possible interactions between the components in the system to uncover inter-component misfunctions. The problem is even harder when the components are used without source code, specifications or formal models. Such components are called black boxes in literature. This paper presents an iterative approach of combining model learning and testing techniques for the formal analysis of a system of black-box components. In the approach, individual components in the system are learned as finite state machines that (partially) model the behavioural structure of the components. The learned models are then used to derive tests for refining the partial models and/or finding integration faults in the system. The approach has been applied on case studies that have produced encouraging results

Génération de tests de sécurité pour les systèmes répartis

Ce document propose une méthode de test de la sécurité d'un système réparti basée sur les techniques de test formel de la conformité, utilisées entre autres dans le domaine des protocoles pour s'assurer qu'une implantation est bien conforme à sa spécificationD'après une analyse des concepts des formalismes dédiés à la spécification de la sécurité et une étude de cas, nous proposons une méthode de génération de tests de la sécurité qui permet de se passer d'une spécification complète du système. Elle s'appuie sur une formalisation en logique modale des règles de se curité. Dans cette méthode, les prédicats du formalisme correspondent à des tests atomiques et les opérateurs du formalisme correspondent à des opérateurs de combinaison de tests. Il est ainsi possible de générer des tests d'après une formule bien formée du formalisme de spécification de la sécurité. Sont également présentées une description de l'implantation de cette méthode, qui demande que soient résolus les problèmes classique qui se posent avons menées pour valider notre méthode.This document presents a method, based on formai conformance testing techniques, to test security in a distributed system. Conformance testing covers weil defined methods used in particular to test conformance of protocol implementations to standards.From a case study and an analysis of concepts of formai description techniques used for security modelling, we propose an original method of security test generation which is not based on the existence of a global functional model of the system. The method uses modal logies to express security rules.This method is based on the idea that predicates of the security rules are associated to atomic tests and logic operators to test combination operators.Then tests can be generated trom a well-formed formula of the security modelling formalism.This document also describes the implementation of the method we developed, and the experiments done with the implementation to validate the method presented in this document.GRENOBLE1-BU Sciences (384212103) / SudocGRENOBLE-MI2S (384212302) / SudocSudocFranceF

Editorial - Réseaux et protocoles

peer reviewedaudience: researcher, professional, studen

Using Adaptive Sequences for Learning Non-Resettable FSMs

International audienc