Johan Oudinet scite author profile

Johan Oudinet

3Publications

121Citation Statements Received

96Citation Statements Given

How they've been cited

121

How they cite others

Affiliations

Technical University of Munich, University of Paris-Sud, Karlsruhe Institute of Technology

Publications

Order By: Most citations

Coverage-biased random exploration of large models and application to testing

Denise

Gaudel

Gouraud

et al. 2011

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Abstract. This article presents several related methods for drawing traces. First, it is shown how to draw traces uniformly at random in large models composed of several components. Then a method for drawing traces according to a given coverage criterion is presented, together with a notion of randomised coverage satisfaction. These methods rely on combinatorial algorithms, based on a representation of the model by an automaton or by a product of several automata, synchronised or not. We report several experimental results on random generation of traces in large transition systems, and on statistical testing of C programs.

show abstract

Semi-Automatic Security Testing of Web Applications from a Secure Model

Büchler

Oudinet

Pretschner

2012

View full text Add to dashboard Cite

Abstract-Web applications are a major target of attackers. The increasing complexity of such applications and the subtlety of today's attacks make it very hard for developers to manually secure their web applications. Penetration testing is considered an art; the success of a penetration tester in detecting vulnerabilities mainly depends on his skills. Recently, model-checkers dedicated to security analysis have proved their ability to identify complex attacks on web-based security protocols. However, bridging the gap between an abstract attack trace output by a model-checker and a penetration test on the real web application is still an open issue. We present here a methodology for semi-automatic testing web applications starting from a secure model. First, we mutate the model to introduce specific vulnerabilities present in web applications. Then, a model-checker outputs attack traces that exploit those vulnerabilities. Next, the attack traces are translated into concrete test cases by using a 2-step mapping. Finally, the tests are executed on the real system using an automatic procedure that may request the help of a test expert from time to time. A prototype has been implemented and evaluated on WebGoat, an insecure web application maintained by OWASP. It successfully reproduced RBAC and XSS attacks.

show abstract

Uniform Monte-Carlo Model Checking

Oudinet

Denise

Gaudel

et al. 2011

View full text Add to dashboard Cite

Abstract. Grosu and Smolka have proposed a randomised Monte-Carlo algorithm for LTL model-checking. Their method is based on random exploration of the intersection of the model and of the Büchi automaton that represents the property to be checked. The targets of this exploration are so-called lassos, i.e. elementary paths followed by elementary circuits. During this exploration outgoing transitions are chosen uniformly at random.Grosu and Smolka note that, depending on the topology, the uniform choice of outgoing transitions may lead to very low probabilities of some lassos. In such cases, very big numbers of random walks are required to reach an acceptable coverage of lassos, and thus a good probability either of satisfaction of the property or of discovery of a counter-example. In this paper, we propose an alternative sampling strategy for lassos in the line of the uniform exploration of models presented in some previous work.The problem of finding all elementary cycles in a directed graph is known to be difficult: there is no hope for a polynomial time algorithm. Therefore, we consider a well-known sub-class of directed graphs, namely the reducible flow graphs, which correspond to well-structured programs and most control-command systems.We propose an efficient algorithm for counting and generating uniformly lassos in reducible flowgraphs. This algorithm has been implemented and experimented on a pathological example. We compare the lasso coverages obtained with our new uniform method and with uniform choice among the outgoing transitions.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Johan Oudinet

Coverage-biased random exploration of large models and application to testing

Semi-Automatic Security Testing of Web Applications from a Secure Model

Uniform Monte-Carlo Model Checking

Contact Info

Product

Resources

About