Software unit test coverage and adequacy
ACM Computing Surveys (CSUR)
Software fault injection: inoculating programs against errors
Software fault injection: inoculating programs against errors
Specification-Based Test Generation for Security-Critical Systems Using Mutations
ICFEM '02 Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Using Model Checking to Generate Tests from Specifications
ICFEM '98 Proceedings of the Second IEEE International Conference on Formal Engineering Methods
Using a Model Checker to Test Safety Properties
ICECCS '01 Proceedings of the Seventh International Conference on Engineering of Complex Computer Systems
Coverage metrics for requirements-based testing
Proceedings of the 2006 international symposium on Software testing and analysis
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Mutation Analysis for Security Tests Qualification
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Testing Security Policies: Going Beyond Functional Testing
ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
Model-Based Tests for Access Control Policies
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Model-Based Firewall Conformance Testing
TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
Testing Security Policies for Web Applications
ICSTW '08 Proceedings of the 2008 IEEE International Conference on Software Testing Verification and Validation Workshop
Complementary Criteria for Testing Temporal Logic Properties
TAP '09 Proceedings of the 3rd International Conference on Tests and Proofs
Testing with model checkers: a survey
Software Testing, Verification & Reliability
Using coverage to automate and improve test purpose based testing
Information and Software Technology
Mutation-Based Test Generation from Security Protocols in HLPSL
ICST '11 Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
An Analysis and Survey of the Development of Mutation Testing
IEEE Transactions on Software Engineering
Towards filtering and alerting rule rewriting on single-component policies
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Test generation for network security rules
TestCom'06 Proceedings of the 18th IFIP TC6/WG6.1 international conference on Testing of Communicating Systems
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems
From model-checking to automated testing of security protocols: bridging the gap
TAP'12 Proceedings of the 6th international conference on Tests and Proofs
Modeling test cases for security protocols with SecureMDD
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
The last decade has witnessed impressive progress in terms of dedicated approaches to formally analyzing security properties of models. However, related approaches to generating tests generally rely on purely syntactic test selection criteria. In this paper, we consider models of protocols and describe an approach to generate tests from security properties. Security-specific mutation operators are defined and used to introduce potential security-specific leaks into the model. Then, if the leak is confirmed by a model analyzer, a test case for the security property is generated. We present examples for security-relevant mutants at the model level and show how they correspond to security-flawed implementations, thus providing evidence that model-level mutants are indeed useful for doing security testing.