Behavioral specification based runtime monitors for OSGi services
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
Runtime verification of service-oriented systems: a well-rounded survey
International Journal of Web and Grid Services
A formal data-centric approach for passive testing of communication protocols
IEEE/ACM Transactions on Networking (TON)
Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.00 |
This paper presents a methodology to perform passive testing of behavioural conformance for the web services based on the security rule. The proposed methodology can be used either to check a trace (offline checking) or to runtime verification (online checking) with timing constraints, including future and past time. In order to perform this: firstly, we use the Nomad language to define the security rules. Secondly, we propose an algorithm that can check simultaneously multi instances. Afterwards, with each security rule, we propose a graphical statistics, with some fixed properties, that helps the tester to easy assess about the service. In addition to the theoretical framework we have developed a software tool, called RV4WS (Runtime Verification engine for Web Service), that helps in the automation of our passive testing approach. In particular the algorithm presented in this paper is fully implemented in the tool. We also present a mechanism to collect the observable trace in this paper.