IEEE Security and Privacy
Threat Modeling
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
IEEE Security and Privacy
Is mutation an appropriate tool for testing experiments?
Proceedings of the 27th international conference on Software engineering
Information and Software Technology
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Automated Test Generation for Access Control Policies via Change-Impact Analysis
ICSEW '07 Proceedings of the 29th International Conference on Software Engineering Workshops
A Threat Model Driven Approach for Security Testing
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Mutation Analysis for Security Tests Qualification
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Testing Security Policies: Going Beyond Functional Testing
ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks
PRDC '07 Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing
Model-Based Tests for Access Control Policies
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
A Model-Based Framework for Security Policy Specification, Deployment and Testing
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets
IEEE Transactions on Software Engineering
MUSIC: Mutation-based SQL Injection Vulnerability Checking
QSIC '08 Proceedings of the 2008 The Eighth International Conference on Quality Software
MUTEC: Mutation-based testing of Cross Site Scripting
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
(Un-)Covering Equivalent Mutants
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
An Analysis and Survey of the Development of Mutation Testing
IEEE Transactions on Software Engineering
| Hi-index | 0.00 |
Security has become a priority for software development and many security testing techniques have been developed over the years. Benchmarks based on real-world systems, however, are in great demand for evaluating the vulnerability detection capability of these techniques. To develop such a benchmark, this paper presents an approach to security mutation analysis of FileZilla Server, a popular FTP server implementation as a case study. In the existing mutation testing research, mutants are created through syntactic changes. Such syntactic changes may not result in meaningful security vulnerabilities in security-intensive software. Our approach creates security mutants by considering the causes and consequences of vulnerabilities. The causes of vulnerabilities include design-level (e.g., incorrect policy enforcement) and implementation-level defects (such programming errors as buffer overflow and unsafe function calls). The consequences of vulnerabilities refer to various potential attacks, such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE). Using this approach, we have created 30 distinct mutants for FileZilla Server. They have been applied to the evaluation of two security testing methods that use attack trees and attack nets as threat models for test generation. The results show that, while these testing methods can kill most of the mutants, they have an important limitation -- they cannot detect the vulnerabilities that are not captured by the threat models.