Where academic tradition
meets the exciting future

Vulnerability Assessment of Web Services with Model-Based Mutation Testing

Faezeh Siavashi, Dragos Truscan, Juri Vain, Vulnerability Assessment of Web Services with Model-Based Mutation Testing. In: 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS), 301–312, IEEE, 2018.

http://dx.doi.org/10.1109/QRS.2018.00043

Abstract:

We present a model-based mutation testing approach, for evaluating the authentication and authorization of web services in a multi-user context. Model of a web service and its security requirements are designed using UPPAAL Timed Automata. The model is mutated to create invalid behavior which is used for test generation to reveal faults in the system under test. The approach is supported by a model-based mutation testing tool, μUTA, that automatically generates mutants, selects a collection of suitable mutants for testing and generates test cases from them. We modify a previously defined mutation operator and introduce three new operators for additional mutants. We define criteria for the mutation-selection and demonstrate the approach on a blog web service. Results show that the approach can discover authorization faults that were not detected by traditional methods.

Files:

Full publication in PDF-format

BibTeX entry:

@INPROCEEDINGS{inpSiTrVa18b,
  title = {Vulnerability Assessment of Web Services with Model-Based Mutation Testing},
  booktitle = {2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)},
  author = {Siavashi, Faezeh and Truscan, Dragos and Vain, Juri},
  publisher = {IEEE},
  pages = {301–312},
  year = {2018},
  keywords = {authorisation;automata theory;program testing;Web services;vulnerability assessment;model-based mutation testing approach;authentication;authorization;multiuser context;UPPAAL Timed Automata;test generation;test cases;mutation-selection;mutation operator;blog Web service;security requirements;Testing;Automata;Web services;Clocks;Authorization;Authentication;Model-Based Mutation Testing;Timed Automata Mutation;User Behavioral model;UPPAAL;Security Testing},
}

Belongs to TUCS Research Unit(s): Software Engineering Laboratory (SE Lab)

Edit publication