Model-based Testing: Next Generation Functional Software Testing

The idea of model-based testing is to use an explicit abstract model of a SUT and its environment to automatically derive tests for the SUT: the behavior of the model of the SUT is interpreted as the intended behavior of the SUT. The technology of automated model-based test case generation has matured to the point where large-scale deployments of this technology are becoming commonplace. The prerequisites for success, such as qualification of the test team, integrated tool chain availability and methods, are now identified, and a wide range of commercial and open-source tools are available. Although MBT will not solve all testing problems, it is an important and useful technique, which brings significant progress over the state of the practice for functional software testing effectiveness, and can increase productivity and improve functional coverage. In this talk, we\u27ll adress the current trend of deploying MBT in the industry, particularly in the TCoE - Test Center of Excellence - managed by the big System Integrators, as a vector for software testing "industrialization"

Exact and approximate strategies for symmetry reduction in model checking

Symmetry reduction techniques can help to combat the state space explosion problem for model checking, but are restricted by the hard problem of determining equivalence of states during search. Consequently, existing symmetry reduction packages can only exploit full symmetry between system components, as checking the equivalence of states is straightforward in this special case. We present a framework for symmetry reduction with an arbitrary group of structural symmetries. By generalising existing techniques for efficiently exploiting symmetry, and introducing an approximate strategy for use with groups for which fast, exact strategies are not available, our approach allows for significant state-space reduction with minimal time overhead. We show how computational group theoretic techniques can be used to analyse the structure of a symmetry group so that an appropriate symmetry reduction strategy can be chosen, and we describe a symmetry reduction package for the Spin model checker which interfaces with the computational algebra system Gap. Experimental results on a variety of Promela models illustrate the effectiveness of our methods

Génération de tests de vulnérabilité web à partir de modèles

National audienceCet article concerne la génération automatique de tests de vulnérabilité à partir de modèles pour applications Web. Les technologies de génération de tests à partir de modèles sont aujourd'hui principalement mises en œuvre dans le contexte du test fonctionnel. L'application de ces techniques au test de vulnérabilité sur applications Web en renouvelle les problématiques de recherche, tant au niveau de la modélisation, du pilotage de la génération des tests qu'au niveau de l'assignation du verdict de test. Cet article présente une approche originale pour la génération de tests de vulnérabilité fondée sur une modélisation du comportement fonctionnel de l'application sous test et sur la formalisation des attaques à tester sous la forme de schémas de tests. Ces schémas définissent ainsi la stratégie de génération des tests de vulnérabilité. Cette approche est illustrée sur un exemple de site Web vulnérable (l'application DVWA)

A subset of precise UML for Model-based Testing

This paper presents an original model-based testing approach that takes a UML behavioural view of the system under test and automatically generates test cases and executable test scripts according to model coverage criteria. This approach is embedded in the LEIRIOS Test Designer tool and is currently deployed in domains such as Enterprise IT and electronic transaction applications. This model-based testing approach makes it possible to automatically produce the traceability matrix from requirements to test cases as part of the test generation process. This paper defines the subset of UML used for model-based testing and illustrates it using a small example

Extending the Unified Process with Model-Based Testing

International audienceThe Unified Process (UP) is a software development tech- nique that includes modeling of specifications and testing workflow. This workflow is achieved by information interpretation of specification to pro- duce manual tests. In this paper, we extend the UP with model-based testing (MBT) where models resulting of the UP will be used for MBT. We describe how model-based testing introduces new test design activi- ties in parallel with the application design activities. We give guidelines to derive the test model from the analysis model produced by the UP. We illustrate this tailored process with the example of a Geneva State taxation

Model-Based Vulnerability Testing for Web Applications

International audienceThis paper deals with an original approach to automate Model-Based Vulnerability Testing (MBVT) for Web applications, which aims at improving the accuracy and precision of vulnerability testing. Today, Model-Based Testing techniques are mostly used to address functional features. The adaptation of such techniques for vulnerability testing defines novel issues in this research domain. In this paper, we describe the principles of our approach, which is based on a mixed modeling of the application under test: the specification indeed captures some behavioral aspects of the Web application, and includes vulnerability test purposes to drive the test generation algorithm. This approach is illustrated with the widely-used DVWA example

Detecting Intentional AIS Shutdown in Open Sea Maritime Surveillance Using Self-Supervised Deep Learning

In maritime traffic surveillance, detecting illegal activities, such as illegal fishing or transshipment of illicit products is a crucial task of the coastal administration. In the open sea, one has to rely on Automatic Identification System (AIS) message transmitted by on-board transponders, which are captured by surveillance satellites. However, insincere vessels often intentionally shut down their AIS transponders to hide illegal activities. In the open sea, it is very challenging to differentiate intentional AIS shutdowns from missing reception due to protocol limitations, bad weather conditions or restricting satellite positions. This paper presents a novel approach for the detection of abnormal AIS missing reception based on self-supervised deep learning techniques and transformer models. Using historical data, the trained model predicts if a message should be received in the upcoming minute or not. Afterwards, the model reports on detected anomalies by comparing the prediction with what actually happens. Our method can process AIS messages in real-time, in particular, more than 500 Millions AIS messages per month, corresponding to the trajectories of more than 60 000 ships. The method is evaluated on 1-year of real-world data coming from four Norwegian surveillance satellites. Using related research results, we validated our method by rediscovering already detected intentional AIS shutdowns.Comment: IEEE Transactions on Intelligent Transportation System

Model-Based Testing for the Cloud

Software in the cloud is characterised by the need to be highly adaptive and continuously available. Incremental changes are applied to the deployed system and need to be tested in the field. Different configurations need to be tested. Higher quality standards regarding both functional and non-functional properties are put on those systems, as they often face large and diverse customer bases and/or are used as services from different peer service implementations. The properties of interest include interoperability, privacy, security, reliability, performance, resource use, timing constraints, service dependencies, availability, and so on. This paper discusses the state of the art in model-based testing of cloud systems. It focuses on two central aspects of the problem domain: (a) dealing with the adaptive and dynamic character of cloud software when tested with model-based testing, by developing new online and offline test strategies, and (b) dealing with the variety of modeling concerns for functional and non-functional properties, by devising a unified framework for them where this is possible. Having discussed the state of the art we identify challenges and future directions

VETESS : IDM, Test et SysML

Selected paper from the 7-th NEPTUNE WorkshopNational audienceIl apparaît souvent que les processus d'ingénierie système sont en fait décomposés en phases discontinues oùtrop peu d'informations sont partagées entre les différentes équipes, par exemple entre les équipes de design et de tests.Cette faiblesse peut être palliée par l’utilisation de modèles de spécifications qui jouent alors le rôle de référentiel pourl’ensemble des équipes participant au cycle de vie du logiciel. Ce type de modèle est couramment utilisé comme basedans les activités de conception, de vérification, ou encore de test. Le test basé sur les modèles est une approcheoriginale où sont automatiquement générés des cas de test et des scripts de test exécutables à partir d'une spécificationdu système sous test. Cette spécification prend la forme d'un modèle comportemental, permettant ainsi au générateur detests de déterminer, d'une part, quels sont les contextes d'exécution pertinents et, d'autre part, de prédire les effets sur lesystème de ces exécutions. Le but du projet VETESS est de rendre possible cette approche pour valider les systèmesembarqués automobiles. Il s’agit ainsi de mettre en œuvre et d’outiller un processus automatique permettant de dériver,d'un modèle de spécification décrit avec un sous-ensemble du langage de modélisation SysML, des cas de test, et deproduire ensuite les scripts de test correspondants à exécuter sur banc de test automobiles

An Access Control Model Based Testing Approach for Smart Card Applications: Results of the {POSÉ} Project

International audienceThis paper is about generating security tests from the Common Criteria expression of a security policy, in addition to functional tests previously generated by a model-based testing approach. The method that we present re-uses the functional model and the concretization layer developed for the functional testing, and relies on an additional security policy model. We discuss how to produce the security policy model from a Common Criteria security target. We propose to compute the tests by using some test purposes as guides for the tests to be extracted from the models. We see a test purpose as the combination of a security property and a test need issued from the know-how of a security engineer. We propose a language based on regular expressions for the expression of such test purposes. We illustrate our approach by means of the IAS case study, a smart card application dedicated to the operations of Identification, Authentication and electronic Signature