Weilin CHEN,Hao ZHOU,Baohua ZHAO

DOI: https://doi.org/10.3321/j.issn:0253-987X.2008.12.010

2008-01-01

Abstract:Considering the data flow description in protocol security testing, mutation analysis is introduced based on constructed type algebra, and a new protocol security testing method is proposed. Mutant operators are designed based on protocol specification, security mutation formulas are generated from existing conformance testing expressions, and then practical security testing cases are transformed from these formulas. The steps of protocol security testing using the method are described. The method is well integrated with conformance testing to cover some known protocol security vulnerabilities, and has the ability to reveal potential problems.

周晓煜,赵保华,屈玉贵

DOI: https://doi.org/10.3321/j.issn:0372-2112.2002.z1.060

2002-01-01

Abstract:The constructed type algebra specification has been used to specify communication protocols in protocol conformance testing. In this paper,mutation analysis is introduced into the constructed type algebra specification. Several kinds of mutant operators are designed and the method using mutation analysis based on constructed type algebra specification is proposed. This method provides a new probable direction for the protocol conformance testing based on the constructed type algebra specification.

xing han,qiaoyan wen,zhao zhang

DOI: https://doi.org/10.1109/ICCSNT.2012.6526099

2012-01-01

Abstract:Mutation-based fuzz testing is a very effective approach to improve the security and reliability of protocol implementations, however, present mutation-based fuzzing technique is only effective on one field at one time, and not effective on multiple fields. What's more, there are not effective tools on fuzzing protocols based on MAC Layer. This paper presents an efficient mutation-based approach based on RATM model for multi-fields fuzzing test, which analysis the relationship among the protocol fields and the influence relationship of the fields collected. Based on these relationships, it can directly mutate corresponding testing case that might trigger the suspect vulnerabilities. And also by analyzing the results of testing, it changes the parameters of RATM to improve the quality of testing cases; besides, our methods could also fuzz protocol implementations based on MAC layer very effectively. Moreover, we design a testing framework to validate the effectiveness of RATM. We applied our approach to compare with peach on several protocol implementations and the results showed that our approach can find flaws of protocol implementation in one field and also multiple fields very effectively.

Zhao Zhang,Qiao-Yan Wen,Wen Tang

DOI: https://doi.org/10.1109/csss.2012.208

2012-01-01

Abstract:Security flaws existed in protocol implementations might be exploited by malicious attackers and the consequences can be very serious. Therefore, detecting vulnerabilities of network protocol implementations is becoming a hot research topic recently. However, protocol security test is a very complex, challenging and error-prone task, as constructing test packets manually or randomly are not practical. This paper presents an efficient mutation-based approach for detecting implementation flaws of network protocol. Compared with other protocol testing tools, our approach divides the procedure of protocol testing into many phases, and flexible design can cover many testing cases for the protocol implementations under testing, and could apply for testing various protocol implementations quite easily. Besides, this approach is more comprehensible that makes the protocol security test easier to carry out. To assess the usefulness of this approach, several experiments are performed on four FTP server implementations and the results showed that our approach can find flaws of protocol implementation very easily. The method is of the important application value and can improve the security of network protocols.

Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.

Cai Guoyong,Lin Yuming

2007-01-01

Abstract:Mutation testing is an effective approach to measure and guarantee a certain degree of software quality. However traditional approach of mutation testing still needs to improve. Based on studies of program slice and mutant techniques, a novel slice-mutant based program testing method is proposed. The method consists of a new criterion to evaluate the quality of a test suite and a corresponding test process to enact the approach. An algorithm to generate slice-mutant is also given. With test experiments of a case program, the approach's validness and powerful error detecting ability are comparing to the traditional mutation testing method. The proposed method complements the traditional mutation testing method and provides a way to achieve higher software quality guarantee.

Chuanming Jing,Zhiliang Wang,Xingang Shi,Xia Yin,Jianping Wu

DOI: https://doi.org/10.1109/AINA.2008.98

2008-01-01

Abstract:The critical requirement on reliability, fault-tolerance and security of network devices highlights the necessity of protocol robustness testing. Mutation testing of protocol messages is an important part of robustness testing, but related theory and practices are not well developed. This paper builds a NFSM model for mutation testing of protocol messages and proposes two types of normal-verification sequence to enhance verdict mechanism. For single-field mutation testing of protocol messages, we propose the concept of compound anomalous test case to further simplify test sequences. As a standard test specification language, TTCN-3 reveals strong excellence in conformance testing, so we apply TTCN-3 to mutation testing and extend it according to test requirements. Using our method we test OSPFv2 sufficiently with a test system based on extended TTCN-3. The results indicate that our method has good capability of error-finding.

Shijia Gu,Weihai Li,Xin Zhao

DOI: https://doi.org/10.1109/VETECF.2011.6092833

2011-01-01

Abstract:Protocol plays a profound role among networked computers in security issues. With the development of computer network engineering, protocol has become increasingly intricate in both data format and interaction behavior, which means that more potential defects exist in protocol software implementations. These factors make protocol vulnerable to malicious attacks and raise the security requirements to an ever high level. After over ten-year progress, however, the vulnerability testing methods have not been unified to an agreement. Especially, the problems in automated test cases generation remain to be solved. This paper proposes a novel brute force vulnerability testing technique, generating test data by mutating captured protocol messages. And to formalize the perturbing process, regular expression is introduced into the approach for constructing test case templates. In addition, a multi-protocol test tool called PVD is developed to implement the test system architecture. Finally, the authors carry on a complete vulnerability testing campaign on Asterisk 1.4 SIP (Session Initiation Protocol) server, as the result, finding a number of protocol defects and achieving fairly efficient test results.

Meng Ma,Guoai Xu

DOI: https://doi.org/10.1049/cp.2010.0774

2010-01-01

Abstract:Protocol identification is the key technology of intrusion detection. There're much of traditional limitations exist in the process of character database development. This paper introduces the concept of mutation testing and designs several mutation operators for protocol identification based on Snort rules. A self-revised method is proposed and the efficiency of which is promoted. Experiment has shown that the method is effective in making automatic amendment against protocol rules within certain scope to improve the accuracy and efficiency.

Lijun Shan,Hong Zhu

DOI: https://doi.org/10.1145/1138929.1138938

2006-01-01

Abstract:Modelling tools play a crucial role in model-driven software development methods. A particular difficulty in testing such software systems is the generation of adequate test cases because the test data are structurally complicated. This paper proposes an approach called data mutation to generating a large number of test data from a few seed test cases. It is inspired in mutation testing methods, but differs from them in the way that mutation operators are defined and used. In our approach, mutation operators transform the input data rather than the program under test or the specification of the software. It is not a test adequacy measurement. Instead, it generates test cases. The paper also reports a case study with the method on testing a modelling tool and illustrates the applicability of the proposed method. Experiment data clearly demonstrated that the method can achieve a high test adequacy. It has a high fault detecting ability and good cost effectiveness.

Huihui Zhang,Tao Yue,Shaukat Ali,Chao Liu

DOI: https://doi.org/10.1145/2976767.2976784

2016-01-01

Abstract:Requirements inspection is a well-known method for detecting defects. Various defect detection techniques for requirements inspection have been widely applied in practice such as checklist and defect-based techniques. Use case modelling is a widely accepted requirements specification method in practice; therefore, inspecting defects in use case models in a cost-effective manner is an important challenge. However, it does not exist a systematic mutation analysis approach for evaluating inspection techniques for use case models. In this paper we present the methodology we followed to systematically derive mutation operators for use case models. More specifically, we first proposed a defect taxonomy defining 94 defect types, based on the IEEE Std. 830-1998 standard. Second, we systematically applied the basic guide words of the standardized Hazard and Operability Study (HAZOP) methodology to define 191 mutation operators. Last, we defined a set of guidelines for devising defect seeding strategies. The proposed methodology was evaluated by a real world case study and six case studies from the literature. Results show that all the derived mutation operators for Restricted Use Case Modelling (RUCM) models are feasible to apply and the defect taxonomy is the most comprehensive one to compare with the literature.

Gen-nan QIAN,Ya-wen WANG,Yun-zhan GONG,Fan-rong MENG

DOI: https://doi.org/10.3969/j.issn.0372-2112.2017.08.023

2017-01-01

Abstract:Mutation testing is an effective fault-based testing method.However,the application of mutation testing in engineering development has been restricted by the high testing costs caused by a large number of redundant mutants.Regarding the mutants arising from the sequential statements in a program,an algorithm based on propagation-infection-execution (PIE) model was proposed,which employs the interval abstract domain to represent program state and the interval algorithm to evaluate the redundancy relation between the mutants.Meanwhile,regarding the conditional statements in a program,the redundant mutant selection algorithms based on the predicate fault hierarchy are also presented.The algorithms are designed for simple predicate and compound predicate respectively.By analyzing the effects of these algorithms,the constrained boundary condition for the development of non-redundant mutants under the condition of stratified sampling is concluded.Siemens Test Suite and other three open source projects are used to conduct experiments to compare the proposed method with random selection method.Experimental results show that the proposed method can reduce the mutant testing time cost while maintaining a high mutation score.

CHEN Xiang,GU Qing

DOI: https://doi.org/10.3778/j.issn.1673-9418.2012.12.001

2012-01-01

Abstract:Mutation is a fault-based testing technique. This topic is widely researched for over 40 years. This paper summarizes previous research work into three modules: principal, optimization and application. In the principal module, this paper firstly introduces two fundamental hypotheses, secondly illustrates the traditional process of mutation analysis and gives definitions for the important concepts, lastly summarizes equivalent mutant detection techniques into static detection and dynamic detection categories. In the optimization module, this paper illustrates mutant selection optimization and mutant execution optimization. In the application module, this paper introduces three classical applications: test suite adequacy evaluation, test case generation and regression testing. Finally, this paper draws a conclusion and forecasts some potential future research work.

Huo Yan Chen,Su Hu

DOI: https://doi.org/10.1109/icsmc.2006.385183

2006-01-01

Abstract:The mutation testing focuses on the most possible mistakes of the software and so it has high ability to expose mistakes. However, at present it is still mainly used in procedure-oriented program testing. In recent years, object-oriented programming becomes more and more popular. This paper sets up the concepts for two new kinds of class level mutants for object-oriented program testing. One kind is of attribute mutants. The other is of method mutants. The formal description for the concepts is presented and the algorithms for generating attribute mutants and method mutants are proposed in this paper. A tool prototype for the algorithms is implemented and the related testing adequacy is also analyzed.

TianTian Wang,JiaHuan Xu,XiaoHong Su,ChenShi Li,Yang Chi

DOI: https://doi.org/10.1007/s11042-018-6603-3

IF: 2.577

2019-01-01

Multimedia Tools and Applications

Abstract:It takes a lot of time and effort to manually locate and fix software bugs. This paper proposes a method for automatically debugging operator related bugs. Testing, fault localization, and bug-fixing are closely linked based on mutation analysis. However, in the process of mutation analysis, the generation of a large number of mutants and the execution of test cases on mutants, is fairly time-consuming. To solve this problem, optimization methods for selection of mutants and test cases have been proposed. Experiment results has shown that it can improve the efficiency of mutation analysis, so that the cost of fault-localization and bug-fixing can be reduced. We also implemented the exhaustive mutation method and the random mutation method and compared these three methods. These three method have different application scenarios. As the mutation based fault localization can rank statements by suspiciousness, the method integrated with fault localization is more stable and has batter performance. Also, it is more suitable for analyzing program with multi-bugs.

Wen Tang,Aifen Sui,Wolfgang H A Schmid

DOI: https://doi.org/10.1109/ICCT.2011.6157962

2011-01-01

Abstract:Our modern society is increasingly depending on information and communication systems. This demands a high level of security and robustness on the implementations of network protocols. This paper presents a model-guided approach to discover security vulnerabilities of network protocol implementations. Our approach, resulted in security tool "Styx", introduces mutation analysis and model checking into fuzz testing and provides a synthesized protocol security testing. And it not only can perform syntax testing on the input data validation component of protocol implementations, but also is able to model the behaviors of a protocol and automatically generate test traces for the verification of its internal implemented functions. To proof the concept, experiments with the open source implementation of IKE/ISAKMP have also been provided. The results show that Styx can effectively be used to discover security vulnerabilities from network protocol implementations. © 2011 IEEE.

Guo-yong CAI,Jun-yan QIAN

DOI: https://doi.org/10.3969/j.issn.1001-3695.2008.05.032

2008-01-01

Abstract:Based on studies of program slice and mutant techniques,proposed a novel slice-mutant based program testing method.The method consisted of a new criterion to evaluate the quality of a test suite and a corresponding test process to achieve the approach.With test experiments of a case program,this paper demonstrates the approach's validness and powerful error detecting ability comparing to the traditional mutation testing method.

Changbing Ji,Zhenyu Chen,Baowen Xu,Ziyuan Wang

DOI: https://doi.org/10.1109/COMPSAC.2009.192

2009-01-01

Abstract:Java exception mechanism can effectively free a program from abnormal exits and help developers locate faults with the exception tracing stacks. It is necessary to verify whether the exception handling constructs are arranged appropriately. Some approaches have been developed to evaluate the test sets and improve the quality of them, so that they can raise more number of exceptions in programs. Mutation analysis is a practical method to evaluate the quality of test sets. This paper presents some new mutation operators for Java exception handling constructs. Moreover, equivalent mutants can be identified by our approach. A case study illustrates the effectiveness and characteristic features of these mutation operators.

Bo Huang,Qiaoyan Wen

DOI: https://doi.org/10.1109/ICCSNT.2011.6182047

2012-01-01

Abstract:Nowadays more fuzz testing research mainly focuses on some certain phase and on some certain protocol, there is not an research on integrated system realization has been emerged. This paper presents the idea of an automated fuzz testing method for all protocols. First it adopted Finite State Machine (FSM) model in fuzz testing, and after a FSM constructed an efficient algorithm is presented for state space reduction. Last it selected every sequence for the mutation test. In this method, the FSM is created by program other than mannual work that make the fuzz testing automated and suit for all protocols.

Zhenyu Chen,Axel Hollmann

2008-01-01

Abstract:Mutation-driven test case generation with model checking has been proposed to reduce the costs of specification-based mutation analysis. Most of the existing work focuses on verifying the expected behaviors in the original model, i.e. positive testing. In this paper negative testing is introduced to check the unexpected behaviors. Mutants are divided into three types: increscent, decrescent, and cross ones. Both, positive and negative testing is proposed to guarantee the detection of these mutants. A non-trivial example illustrates and validates our approach.