Model Driven Mutation Applied to Adaptative Systems Testing

Dynamically Adaptive Systems modify their behav- ior and structure in response to changes in their surrounding environment and according to an adaptation logic. Critical sys- tems increasingly incorporate dynamic adaptation capabilities; examples include disaster relief and space exploration systems. In this paper, we focus on mutation testing of the adaptation logic. We propose a fault model for adaptation logics that classifies faults into environmental completeness and adaptation correct- ness. Since there are several adaptation logic languages relying on the same underlying concepts, the fault model is expressed independently from specific adaptation languages. Taking benefit from model-driven engineering technology, we express these common concepts in a metamodel and define the operational semantics of mutation operators at this level. Mutation is applied on model elements and model transformations are used to propagate these changes to a given adaptation policy in the chosen formalism. Preliminary results on an adaptive web server highlight the difficulty of killing mutants for adaptive systems, and thus the difficulty of generating efficient tests.Comment: IEEE International Conference on Software Testing, Verification and Validation, Mutation Analysis Workshop (Mutation 2011), Berlin : Allemagne (2011

A Generic Metamodel For Security Policies Mutation

International audienceWe present a new approach for mutation analysis of Security Policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel: we defined policies with RBAC and OrBAC and mutated these policies

Model-Based Tests for Access Control Policies

International audienceWe present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies- i.e., the model and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodol- ogy applies to arbitrary implementations of the policy decision point

Security-Driven Model-Based Dynamic Adaptation

International audienceSecurity is a key-challenge for software engineering, especially when considering access control and software evolutions. No satisfying solution exists for maintaining the alignment of access control policies with the business logic. Current implementations of access control rely on the separation between the policy and the application code. In practice, this separation is not so strict and some rules are hard-coded within the application, making the evolution of the policy difficult. We propose a new methodology for implementing security-driven applications. From a policy defined by a security expert, we generate an architectural model, reflecting the access control policy. We leverage the advances in the models@runtime domain to keep this model synchronized with the running system. When the policy is updated, the architectural model is updated, which in turn reconfigures the running system. As a proof of concept, we apply the approach to the development of a library management system

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

Modélisation et test de mécanismes de sécurité dans des applications internet

This thesis focuses on the issue of security testing of web-applications, considering the internal part of a system (access control policies) and then its interfaces (bypass testing and shielding). The proposed approaches led to address the issue of modelling the security policies as well as the testing artifacts, using Model-Driven Engineering as the underlying technology to propose elements for a model-driven security process. Concerning the internal part of a system, we first study the differences between classical functional tests and test targeting the security mechanisms explicitly (so called security tests). In this context, we adapted mutation analysis to assess and qualify security tests. Then, we proposed three complementary approaches dealing with access control testing; the first one is based on pair-wise technique and allows access control tests to be generated automatically, while the second approach allows functional tests to be selected and transformed into security tests. Finally, the last approach focuses on detecting hidden access control mechanisms, which harm the flexibility and evolutivity of the access control mechanisms. To complete all these approaches which focus on the internal part of the application, we tackled the issue of testing the interface and more precisely bypass-testing. We leveraged the ideas of bypass-testing and used automated analysis of the web application to provide a new approach for testing and shielding web applications against bypass-attacks, which occur when malicious users bypass client-side input validation. The work on access control testing led us to focus on proposing new model-driven approaches for developing and integrating access control mechanisms in a way that guarantees better quality and testability. Two research directions were explored for this purpose. The first one is based on a metamodel and provides a complete MDE process for automatically specifying, and integrating (semi-automatically) access control policies. This approach takes into account testing at the early stage of modeling and provides a generic certification process based on mutation. Finally, the second approach is based on model composition and allows an automated integration of the access control policy, and more importantly the automated reconfiguration of the system when the access control policy needs to evolve.Les travaux effectués dans de cadre de cette thèse s'intéressent à la problématique du test de sécurité des applications, en considérant la validation des mécanismes de sécurité interne à un système d'une part, puis la sécurité des interfaces web d'autre part. Pour la partie interne, nous avons comparé, dans un premier temps, l'utilisation du test fonctionnel et des tests de sécurité pour valider les mécanismes implémentant une politique de contrôle d'accès. Dans ce cadre, l'analyse de mutation a été adaptée pour qualifier et évaluer les tests. Nous avons ensuite proposé trois méthodologies pour tester les mécanismes de contrôle d'accès: - utilisation du pair-wise pour générer les tests de sécurité, - sélection et transformation des tests fonctionnels en tests de sécurité - détection de mécanismes de sécurité cachés qui nuisent à la flexibilité et l'évolutivivité du système. Concernant le test des interfaces web, visant non seulement à tester le code validant les entrées de l'utilisateur mais aussi protéger les applications web, nous avons proposé une nouvelle approche qui tire profit du test par contournement (bypass-testing) et qui permet de protéger les applications web contre ce type d'attaques. Cette approche a été concrétisée dans un outil permettant à la fois l'audit et la sécurisation des applications web. L'ensemble de ces travaux a conduit à réfléchir à de nouvelles méthodologies de développement garantissant une meilleure qualité et une meilleure testabilité des mécanismes de contrôle d'accès. L'ingénierie des modèles (IDM) a été exploitée pour automatiser la spécification et le déploiement semi-automatisé des politiques de contrôle d'accès, et offrir par analyse de mutation un moyen de certification générique des tests de sécurité. Enfin, la composition de modèles permet d'automatiser l'intégration des mécanismes de sécurité, et surtout la reconfiguration automatique du système en cas d'évolution de la politique de sécurité

Test et modélisation de mécanismes de sécurité dans les applications Web

Les travaux effectués dans de cadre de cette thèse s'intéressent à la problématique du test de sécurité des applications, en considérant la validation des mécanismes de sécurité interne à un système d'une part, puis la sécurité des interfaces web d'autre part. Pour la partie interne, nous avons comparé, dans un premier temps, l'utilisation du test fonctionnel et des tests de sécurité pour valider les mécanismes implémentant une politique de contrôle d'accès. Dans ce cadre, l'analyse de mutation a été adaptée pour qualifier et évaluer les tests. Nous avons ensuite proposé trois méthodologies pour tester les mécanismes de contrôle d'accès ; utilisation du pair-wise pour générer les tests de sécurité, sélection et transformation des tests fonctionnels en tests de sécurité et enfin détection de mécanismes de sécurité cachés qui nuisent à la flexibilité et l'évolutivivité du système. Concernant le test des interfaces web, visant non seulement à tester le code validant les entrées de l'utilisateur mais aussi protéger les applications web, nous avons proposé une nouvelle approche qui tire profit du test par contournement et qui permet de protéger les applications web contre ce type d'attaques. Cette approche a été concrétisée dans un outil permettant à la fois l'audit et la sécurisation des applications web. L'ensemble de ces travaux a conduit à réfléchir à de nouvelles méthodologies de développement garantissant une meilleure qualité et une meilleure testabilité des mécanismes de contrôle d'accès. L'ingénierie des modèles (IDM) a été exploitée pour automatiser la spécification et le déploiement semi-automatisé des politiques de contrôle d'accès, et offrir par analyse de mutation un moyen de certification générique des tests de sécurité. Enfin, la composition de modèles permet d'automatiser l'intégration des mécanismes de sécurité, et surtout la reconfiguration automatique du système en cas d'évolution de la politique de sécurité.This thesis focuses on the issue of security testing of web-applications, considering the internal part of a system (access control policies) and then its interfaces (bypass testing and shielding). The proposed approaches led to address the issue of modeling the security policies as well as the testing artifacts, using Model-Driven Engineering as the underlying technology to propose elements for a model-driven security process. Concerning the internal part of a system, we first study the differences between classical functional tests and test targeting the security mechanisms explicitly (so called security tests). In this context, we adapted mutation analysis to assess and qualify security tests. Then, we proposed three complementary approaches dealing with access control testing; the first one is based on pair-wise technique and allows access control tests to be generated automatically, while the second approach allows functional tests to be selected and transformed into security tests. Finally, the last approach focuses on detecting hidden access control mechanisms, which harm the flexibility of the access control mechanisms and their ability to evolve. To complete all these approaches which focus on the internal part of the application, we tackled the issue of testing the interface and especially the bypass-testing. We leveraged the ideas of bypass-testing and used automated analysis of the web application to provide a new approach for testing and shielding web applications against bypass-attacks, which occur when malicious users bypass client-side input validation. The work on access control testing led us to focus on proposing new model-driven approaches for developing and integrating access control mechanisms in a way that guarantees better quality and testability. Two research directions were explored for this purpose. The first one is based on a metamodel and provides a complete MDE process for automatically specifying, and integrating (semi-automatically) access control policies. This approach takes into account testing at the early stage of modeling and provides a generic certification process based on mutation. Finally, the second approach is based on model composition and allows an automated integration of the access control policy, and more importantly the automated reconfiguration of the system when the access control policy needs to evolve.RENNES1-BU Sciences Philo (352382102) / SudocBREST-Télécom Bretagne (290192306) / SudocCESSON SEVIGNE-Télécom Breta (350512301) / SudocSudocFranceF