Interface Robustness Testing: Experience and Lessons Learned from the Ballista Project

Koopman, Philip; Devale, Kobey; DeVale, J.

doi:10.1002/9780470370506.ch11

Cited by 16 publications

(15 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors do not differentiate between valid and invalid parameters that are combined it the tests and do not quantitatively analyze the impact of simultaneous injections, i.e., the combination of invalid inputs. However, they report that simultaneous injections have not had a significant impact on the detection probability of robustness vulnerabilities [34], [28], which contradicts our results. We see three possible reasons for this deviation, which we are planning to investigate in more depth in the future: (1) Ballista and our work target different interfaces of the OS (driver interface vs. API), (2) the quoted Ballista results were obtained more than a decade ago and may not hold for newer systems, and (3) the results may significantly differ due to the different fault models.…”

Section: A Simultaneous Injections Into Function Call Parameterscontrasting

confidence: 99%

See 1 more Smart Citation

simFI: From single to simultaneous software fault injections

Winter

Tretter

Sattler

et al. 2013

2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

Abstract-Software-implemented fault injection (SWIFI) is an established experimental technique to evaluate the robustness of software systems. While a large number of SWIFI frameworks exist, virtually all are based on a single-fault assumption, i.e., interactions of simultaneously occurring independent faults are not investigated. As software systems containing more than a single fault often are the norm than an exception [1] and current safety standards require the consideration of "multi-point faults"[2], the validity of this single-fault assumption is at question for contemporary software systems.To address the issue and support simultaneous SWIFI (simFI), we analyze how independent faults can manifest in a generic software composition model and extend an existing SWIFI tool to support some characteristic simultaneous fault types. We implement three simultaneous fault models and demonstrate their utility in evaluating the robustness of the Windows CE kernel. Our findings indicate that simultaneous fault injections prove highly efficient in triggering robustness vulnerabilities.

show abstract

Section: A Simultaneous Injections Into Function Call Parameterscontrasting

confidence: 99%

“…Service invocations at the kernel/driver interface are triggered by synthetic workloads designed to trigger executions of the targeted drivers. The applied failure detectors are capable of detecting four different classically known outcomes of an injection run [28]. Upon fault injection the system may respond with the following:…”

Section: A Experimental Setupmentioning

confidence: 99%

simFI: From single to simultaneous software fault injections

Winter

Tretter

Sattler

et al. 2013

2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

show abstract

“…Our approach is closely related to an interface-level automated robustness testing [14,13]. Kropp et al implemented Ballista [14] to automate a robustness testing of POSIX API, but they typically focus on exercising exceptional parameters, rather than generating the sequence of API calls.…”

Section: Related Workmentioning

confidence: 99%

Automated system-level safety testing using constraint patterns for automotive operating systems

Byun

Choi

2015

Proceedings of the 30th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

The automotive operating system is a typical safety-critical system that is tightly coupled with the operational environment through system services. However, existing automated techniques come short of testing the interface of such operating systems. We introduced an automated test generation method for system-level safety testing of the automotive operating systems, by utilizing the operational constraints defined in the specification. This work extends the idea by adding configuration-dependent and state-dependent constraint patterns, and by developing a tool chain to automate the constraint-based system-level testing. The effectiveness of our approach is demonstrated through a series of experiments, and a comparative analysis is performed between our method and concolic testing.

show abstract

“…Additionally, it has been shown that even very good designers often have blind spots and miss exceptional situations in comparatively simple software systems. [32] Fault injection and robustness testing are relatively mature technologies for assessing the performance of a system under exceptional conditions [33], and can help avoid designer and tester blind spots when testing exceptional condition responses. Traditional fault injection involves inserting bit flips into memory and communication networks.…”

Section: Fault Injectionmentioning

confidence: 99%

Challenges in Autonomous Vehicle Testing and Validation

Koopman

Wagner

2016

SAE Int. J. Trans. Safety

Self Cite

506

297

View full text Add to dashboard Cite

Software testing is all too often simply a bug hunt rather than a wellconsidered exercise in ensuring quality. A more methodical approach than a simple cycle of system-level test-fail-patch-test will be required to deploy safe autonomous vehicles at scale. The ISO 26262 development V process sets up a framework that ties each type of testing to a corresponding design or requirement document, but presents challenges when adapted to deal with the sorts of novel testing problems that face autonomous vehicles. This paper identifies five major challenge areas in testing according to the V model for autonomous vehicles: driver out of the loop, complex requirements, non-deterministic algorithms, inductive learning algorithms, and failoperational systems. General solution approaches that seem promising across these different challenge areas include: phased deployment using successively relaxed operational scenarios, use of a monitor/actuator pair architecture to separate the most complex autonomy functions from simpler safety functions, and fault injection as a way to perform more efficient edge case testing. While significant challenges remain in safety-certifying the type of algorithms that provide high-level autonomy themselves, it seems within reach to instead architect the system and its accompanying design process to be able to employ existing software safety approaches.

show abstract

Interface Robustness Testing: Experience and Lessons Learned from the Ballista Project

Cited by 16 publications

References 32 publications

simFI: From single to simultaneous software fault injections

simFI: From single to simultaneous software fault injections

Automated system-level safety testing using constraint patterns for automotive operating systems

Challenges in Autonomous Vehicle Testing and Validation

Contact Info

Product

Resources

About