Model Inference and Security Testing in the SPaCIoS Project

被引:0
|
作者
Buechler, Matthias [1 ]
Hossen, Karim [2 ]
Mihancea, Petru Florin [3 ]
Minea, Marius [3 ]
Groz, Roland [2 ]
Oriat, Catherine [2 ]
机构
[1] Tech Univ Munich, D-80290 Munich, Germany
[2] Univ Grenoble, LIG Lab, F-38402 Grenoble, France
[3] Romania Politehn Univ Timisoara, Inst Austria Timisoara, Timisoara, Romania
来源
2014 SOFTWARE EVOLUTION WEEK - IEEE CONFERENCE ON SOFTWARE MAINTENANCE, REENGINEERING, AND REVERSE ENGINEERING (CSMR-WCRE) | 2014年
关键词
Control Flow Inference; Data-Flow Inference; Security; Web Application; Reverse-Engineering;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One is based on remote interaction (typically through an HTTP connection) to observe the runtime behaviour and infer a model in black-box mode. The other is based on analysis of application code when available. This paper presents the reverse engineering parts of the project, along with an illustration of how vulnerabilities can be found with various SPaCIoS tool components on a typical security benchmark.
引用
收藏
页码:411 / +
页数:2
相关论文
共 50 条
  • [1] Automatic Model Inference of Web Applications for Security Testing
    Hossen, Karim
    Groz, Roland
    Oriat, Catherine
    Richier, Jean-Luc
    2014 SEVENTH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2014), 2014, : 22 - 23
  • [2] The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services
    Vigano, Luca
    2013 IEEE SIXTH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST 2013), 2013, : 497 - 498
  • [3] Model Inference and Testing
    Irfan, Muhammad Naeem
    Oriat, Catherine
    Groz, Roland
    ADVANCES IN COMPUTERS, VOL 89, 2013, 89 : 89 - 139
  • [4] Testing Part of a DSGE Model by Indirect Inference
    Minford, Patrick
    Wickens, Michael
    Xu, Yongdeng
    OXFORD BULLETIN OF ECONOMICS AND STATISTICS, 2019, 81 (01) : 178 - 194
  • [5] Testing a Model of the UK by the Method of Indirect Inference
    Patrick Minford
    Konstantinos Theodoridis
    David Meenagh
    Open Economies Review, 2009, 20 : 265 - 291
  • [6] Testing a Model of the UK by the Method of Indirect Inference
    Minford, Patrick
    Theodoridis, Konstantinos
    Meenagh, David
    OPEN ECONOMIES REVIEW, 2009, 20 (02) : 265 - 291
  • [7] Model-Based Security Testing
    Schieferdecker, Ina
    Grossmann, Juergen
    Schneider, Martin
    ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE, 2012, (80): : 1 - 12
  • [8] Testing a DSGE Model of the EU Using Indirect Inference
    Meenagh, David
    Minford, Patrick
    Wickens, Michael
    OPEN ECONOMIES REVIEW, 2009, 20 (04) : 435 - 471
  • [9] Testing a DSGE Model of the EU Using Indirect Inference
    David Meenagh
    Patrick Minford
    Michael Wickens
    Open Economies Review, 2009, 20 : 435 - 471
  • [10] Passive testing of production systems based on model inference
    Durand, William
    Salva, Sebastien
    2015 ACM/IEEE INTERNATIONAL CONFERENCE ON FORMAL METHODS AND MODELS FOR CODESIGN (MEMOCODE), 2015, : 138 - 147
12345