Two Complementary Tools for the Formal Testing of Distributed Systems with Time Constraints

Cavalli, Ana; de, Edgardo Montes; Mallouli, Wissam; Lallali, Mounir

doi:10.1109/ds-rt.2008.43

Cited by 23 publications

(17 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a first version of the tool [28], conditions in the VDCs were translated into patterns of instructions that may appear in the execution trace. This worked correctly in particular cases, however, to be able to detect VDCs for executables produced from different code variations, by different compilers, another more generic technique has been developed, which is presented here.…”

Section: Using Vdcs In Testinv-codementioning

confidence: 99%

An advanced approach for modeling and detecting software vulnerabilities

Shahmehri

Mammar

et al. 2012

Information and Software Technology

View full text Add to dashboard Cite

Context. Passive testing is a technique in which traces collected from the execution of a system under test are examined for evidence of flaws in the system.Objective. In this paper we present a method for detecting the presence of security vulnerabilities by detecting evidence of their causes in execution traces. This is a new approach to security vulnerability detection.Method. Our method uses formal models of vulnerability causes, known as security goal models and vulnerability detection conditions (VDCs). The former are used to identify the causes of vulnerabilities and model their dependencies, and the latter to give a formal interpretation that is suitable for vulnerability detection using passive testing techniques. We have implemented modeling tools for security goal models and vulnerability detection conditions, as well as TestInv-Code, a tool that checks execution traces of compiled programs for evidence of VDCs.Results. We present the full definitions of security goal models and vulnerability detection conditions, as well as structured methods for creating both. We describe the design and implementation of TestInv-Code. Finally we show results obtained from running TestInv-Code to detect typical vulnerabilities in several open source projects. By testing versions with known vulnerabilities, we can quantify the effectiveness of the approach.Conclusion. Although the current implementation has some limitations, passive testing for vulnerability detection works well, and using models as the basis for testing ensures that users of the testing tool can easily extend it to handle new vulnerabilities.

show abstract

Section: Using Vdcs In Testinv-codementioning

confidence: 99%

An advanced approach for modeling and detecting software vulnerabilities

Shahmehri

Mammar

et al. 2012

Information and Software Technology

View full text Add to dashboard Cite

show abstract

“…To automatically generate test cases from the secure specification of Travel, we use the TestGen-IF [15] test generation tool. This tools implements a timed test generation algorithm based on a Hit-or-Jump exploration strategy [16].…”

Section: Test Generationmentioning

confidence: 99%

A Formal Framework to Integrate Timed Security Rules within a TEFSM-Based System Specification

Mallouli

Mammar

Cavalli

2009

2009 16th Asia-Pacific Software Engineering Conference

Self Cite

View full text Add to dashboard Cite

Formal methods are very useful in software industry and are becoming of paramount importance in practical engineering techniques. They involve the design and the modeling of various system aspects expressed usually through different paradigms. In this paper, we propose to combine two modeling formalisms in order to express both functional and security timed requirements of a system. First, the system behavior is specified based on its functional requirements using TEFSM (Timed Extended Finite State Machine) formalism. Second, this model is augmented by applying a set of dedicated algorithms to integrate timed security requirements specified in Nomad language. This language is well adapted to express security properties such as permissions, prohibitions and obligations with time considerations. The resulting secure model can be used for several purposes such as code generation, specification correctness proof, model checking or automatic test generation. In this paper, we applied our approach to a France Telecom(France Telecom is the main telecommunication company in France) Travel service in order to demonstrate its feasibility.

show abstract

“…Based on the methodology of our work, we developed the TIPS tool [6] that performs automated analysis of the captured traces to determine if the given timed extended invariants are satisfied or not. The TIPS tool aims to passively test a deployed communicating system under test to verify if it respects a set of properties.…”

Section: Passive Testing Toolmentioning

confidence: 99%

Timed Extended Invariants for the Passive Testing of Web Services

Morales

Maag

Cavalli

et al. 2010

2010 IEEE International Conference on Web Services

Self Cite

View full text Add to dashboard Cite

The service-oriented approach is becoming more and more popular to integrate highly heterogeneous systems. Web services are the natural evolution of conventional middleware technologies to support Web-based and enterpriselevel integration. Formal testing of such Web-based technology is a key point to guarantee its reliability. In this paper, we choose a non-intrusive approach based on monitoring to propose a conformance passive testing methodology to check that a composed Web service respects its functional requirements. This methodology is based on a set of formal invariants representing properties to be tested including data and time constraints. Passive testing of an industrial system (that uses a composition of Web services)is briefly presented to demonstrate the effectiveness of the proposed approach.

show abstract

Two Complementary Tools for the Formal Testing of Distributed Systems with Time Constraints

Abstract: Abstract

Cited by 23 publications

References 10 publications

An advanced approach for modeling and detecting software vulnerabilities

An advanced approach for modeling and detecting software vulnerabilities

A Formal Framework to Integrate Timed Security Rules within a TEFSM-Based System Specification

Timed Extended Invariants for the Passive Testing of Web Services

Contact Info

Product

Resources

About