This paper proposes an approach for validation of numerical inputs based on graphical user interfaces (GUI) that are modeled and specified by event sequence graphs (ESG). For considering complex structures of input data, ESGs are augmented by decision tables and patterns of design by contract (DbC IntroductionInput validation testing chooses test data that attempt to show the presence or absence of specific faults pertaining to input tolerance [16]. This paper focuses on numerical input validation testing of graphical user interfaces (GUI). Our approach for input validation suggests to specify user interface requirements and to convert this specification into a model from which valid and invalid test cases can be generated [3]. For specification of user-system interactions we choose an event-based formal model, where the inputs and events are merged and assigned to the vertices of an event transition diagram, called event sequence graph (ESG); arcs visualize the sequence relation of the events. An ESG is a simple albeit powerful formalism for capturing the behavior of interactive systems. However, modeling complex boundary restrictions on input data as well as dependencies among them inflates the ESG model of a system under consideration (SUC). To overcome this problem, we refine the nodes of the underlying ESG by decision tables, which visualize Boolean algebraic constraints on input data [4]. Decision table augmented ESG is supplemented with design by contract (DbC) patterns so that decision table rules for numerical input validation are refined to pre-condition rules. Based on these concepts, test data are generated. Equivalence class partitioning and boundary value approaches support the test case generation process [1,2]. This paper is an extension of our preliminary work [26], where we introduced algorithms for detection and correction of boundary overflow vulnerabilities through static analysis. The novelty of the present paper stems from following:(i) Theoretical background is extended by incorporating ESGs.(ii) Concept of DbC patterns have also been formalized. Especially pre-condition pattern of DbC plays an important role in refining decision tables for input validation. The formalism we introduce in Section 3.3 enables to considerably improve test case generation algorithm.(iii) The tool we introduced in our preliminary work is improved. Our tool now adds an exception handling mechanism, which we built on DbC concept, instead of a simple if statement wherever necessary.(iv) For validation of the approach we tested three open source port scanners, developed in C++, in a local 20th International Symposium on Software Reliability Engineering 978-0-7695-3878-5/09 $26.00
Boundary overflows are caused by violation of constraints, mostly limiting the range of internal values of a program, and can be provoked by an intruder to gain control of or access to stored data. In order to countermeasure this well-known vulnerability issue, this paper focuses on input validation of graphical user interfaces (GUI). The approach proposed generates test cases for numerical inputs based on GUI specification through decision tables. If boundary overflow error (s) are detected, the source code will be analyzed to localize and correct the encountered error(s) automatically.
IntroductionFirewalls, which act as the most important defense mechanism of network security, have to be tested to validate that they work as specified. The firewall specification is mainly composed of intended security policy and allowed network protocols, which are usually the main focus of an attacker. The intended security policy consists of firewall rules, which configure the firewall behavior, and allowed network protocols. These constitute an important part of firewall's internal infrastructure which can be described as packet capture, decision making on the packet under consideration, and packet release. Decision making operation is carried out with respect to firewall policy and network protocols. The security policy is external to the firewall like a configuration file, whereas packet checking with respect to network protocols is implemented in the firewall software.Since the firewall policy is considered as a specification and can be represented by a formal model, we propose a model-based testing approach for firewalls. The novelty of this approach is using DAG model for firewall testing. This paper proposes modeling of firewall rules and generating test cases using DAGs. Since event sequence graphs (ESG) are directed graphs, we applied its test case generation algorithm to the DAG representation of firewall rules. Then test packets derived from generated test cases are sent to the firewall to analyze its behavior.Next section summarizes related work before Section 3 outlines background and the test generation algorithm. The core of the paper, Section 4, presents our firewall testing approach. Sections 5 and 6 include implementation details of the approach and a case study on a firewall. Section 7 concludes the paper and outlines our research work planned. Related WorkA firewall controls network traffic to and from a computer, based on a security policy. Although systematic testing was an omitted area in firewall studies and relative literature, recent studies on
This paper presents efficient model checking of distributed software. Key to the achieved efficiency is a novel stateful model checking strategy that is based on the decomposition of states into a relevant and an auxiliary part. We formally show this strategy to be sound, complete, and terminating for general finite-state systems.As a case study, we implement the proposed strategy within Basset/MP-Basset, a model checker for message-passing Java programs. Our evaluation with actual deployed fault-tolerant message-passing protocols shows that the proposed stateful optimization is able to reduce model checking time and memory by up to 69% compared to the naive stateful search, and 39% compared to partial-order reduction. I. INTRODUCTIONSoftware model checking (MC) [14], [16] is a practical branch of verification for checking the actual implementation of the system. The wide usability comes at the price of low scalability as the model checking of even simple single-process programs can take several hours (or go off-scale) using stateof-the-art techniques [23].Verification complexity gets even worse for concurrent programs that run on loosely coupled processes. Our focus is on distributed protocols for various mission-critical (faulttolerant) applications where rigorous verification is desired. Example applications include atomic broadcast [21], storage [12], diagnosis [29], etc. Although the verification of faulttolerant distributed systems is known to be a hard problem due to concurrency and faults, MC has proven to be useful for debugging and verifying small instances of deployed protocols; recent approaches include MaceMC [22], CrystalBall [30], Modist [31], [18], Basset [25] and its extensions/optimizations [4], [5], [28].In MC, the possible executions of a system are modeled in terms of a state graph, where states (i.e., nodes) can be thought of as snapshots of the entire system (e.g., state of the servers, clients, communication channels) and transitions (i.e., edges) model any event that may alter the system's state (e.g., lines of code, function blocks). For MC to be scalable, the size of the graph must be feasible to manage, a challenge that is often referred to as the state explosion problem. An efficient and simple approach is stateful depth-first search [10], where the state graph is abstracted by 1) a sequence of states (called stack) that corresponds to the last run of the system, and 2) a set of states that have been explored during the model checking (called visited states).In this paper, we propose a general and sound approach to reduce the size of both the stack and the visited states for improved scalability of MC. Key to the proposed reduction is the
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.