Security mutants for property-based testing

Matthias Büchler; Johan Oudinet; Alexander Pretschner

doi:10.1007/978-3-642-21768-5_6

Security mutants for property-based testing

Matthias Büchler, Johan Oudinet, Alexander Pretschner

Humanoid Technologies Lab (H2T)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

21 Scopus citations

Abstract

The last decade has witnessed impressive progress in terms of dedicated approaches to formally analyzing security properties of models. However, related approaches to generating tests generally rely on purely syntactic test selection criteria. In this paper, we consider models of protocols and describe an approach to generate tests from security properties. Security-specific mutation operators are defined and used to introduce potential security-specific leaks into the model. Then, if the leak is confirmed by a model analyzer, a test case for the security property is generated. We present examples for security-relevant mutants at the model level and show how they correspond to security-flawed implementations, thus providing evidence that model-level mutants are indeed useful for doing security testing.

Original language	English
Title of host publication	Tests and Proofs - 5th International Conference, TAP 2011, Proceedings
Pages	69-77
Number of pages	9
DOIs	https://doi.org/10.1007/978-3-642-21768-5_6
State	Published - 2011
Externally published	Yes
Event	5th International Conference on Tests and Proofs, TAP 2011 - Zurich, Switzerland Duration: 30 Jun 2011 → 1 Jul 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6706 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th International Conference on Tests and Proofs, TAP 2011
Country/Territory	Switzerland
City	Zurich
Period	30/06/11 → 1/07/11

Keywords

Mutation
Property-based testing
Security protocols
Test generation

Access to Document

10.1007/978-3-642-21768-5_6

Cite this

Büchler, M., Oudinet, J., & Pretschner, A. (2011). Security mutants for property-based testing. In Tests and Proofs - 5th International Conference, TAP 2011, Proceedings (pp. 69-77). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6706 LNCS). https://doi.org/10.1007/978-3-642-21768-5_6

@inproceedings{b1a456fe6b2447b09a1e0958e481c2ac,

title = "Security mutants for property-based testing",

abstract = "The last decade has witnessed impressive progress in terms of dedicated approaches to formally analyzing security properties of models. However, related approaches to generating tests generally rely on purely syntactic test selection criteria. In this paper, we consider models of protocols and describe an approach to generate tests from security properties. Security-specific mutation operators are defined and used to introduce potential security-specific leaks into the model. Then, if the leak is confirmed by a model analyzer, a test case for the security property is generated. We present examples for security-relevant mutants at the model level and show how they correspond to security-flawed implementations, thus providing evidence that model-level mutants are indeed useful for doing security testing.",

keywords = "Mutation, Property-based testing, Security protocols, Test generation",

author = "Matthias B{\"u}chler and Johan Oudinet and Alexander Pretschner",

year = "2011",

doi = "10.1007/978-3-642-21768-5_6",

language = "English",

isbn = "9783642217678",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "69--77",

booktitle = "Tests and Proofs - 5th International Conference, TAP 2011, Proceedings",

note = "5th International Conference on Tests and Proofs, TAP 2011 ; Conference date: 30-06-2011 Through 01-07-2011",

}

Büchler, M, Oudinet, J & Pretschner, A 2011, Security mutants for property-based testing. in Tests and Proofs - 5th International Conference, TAP 2011, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6706 LNCS, pp. 69-77, 5th International Conference on Tests and Proofs, TAP 2011, Zurich, Switzerland, 30/06/11. https://doi.org/10.1007/978-3-642-21768-5_6

Security mutants for property-based testing. / Büchler, Matthias; Oudinet, Johan; Pretschner, Alexander.
Tests and Proofs - 5th International Conference, TAP 2011, Proceedings. 2011. p. 69-77 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6706 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security mutants for property-based testing

AU - Büchler, Matthias

AU - Oudinet, Johan

AU - Pretschner, Alexander

PY - 2011

Y1 - 2011

N2 - The last decade has witnessed impressive progress in terms of dedicated approaches to formally analyzing security properties of models. However, related approaches to generating tests generally rely on purely syntactic test selection criteria. In this paper, we consider models of protocols and describe an approach to generate tests from security properties. Security-specific mutation operators are defined and used to introduce potential security-specific leaks into the model. Then, if the leak is confirmed by a model analyzer, a test case for the security property is generated. We present examples for security-relevant mutants at the model level and show how they correspond to security-flawed implementations, thus providing evidence that model-level mutants are indeed useful for doing security testing.

AB - The last decade has witnessed impressive progress in terms of dedicated approaches to formally analyzing security properties of models. However, related approaches to generating tests generally rely on purely syntactic test selection criteria. In this paper, we consider models of protocols and describe an approach to generate tests from security properties. Security-specific mutation operators are defined and used to introduce potential security-specific leaks into the model. Then, if the leak is confirmed by a model analyzer, a test case for the security property is generated. We present examples for security-relevant mutants at the model level and show how they correspond to security-flawed implementations, thus providing evidence that model-level mutants are indeed useful for doing security testing.

KW - Mutation

KW - Property-based testing

KW - Security protocols

KW - Test generation

UR - http://www.scopus.com/inward/record.url?scp=79960222774&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-21768-5_6

DO - 10.1007/978-3-642-21768-5_6

M3 - Conference contribution

AN - SCOPUS:79960222774

SN - 9783642217678

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 69

EP - 77

BT - Tests and Proofs - 5th International Conference, TAP 2011, Proceedings

T2 - 5th International Conference on Tests and Proofs, TAP 2011

Y2 - 30 June 2011 through 1 July 2011

ER -

Security mutants for property-based testing

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this