Navegación

Búsqueda

Búsqueda avanzada

Resultados de búsqueda para Testing

AMADEUS: Towards the AutoMAteD secUrity teSting

The proper configuration of systems has become a fundamental factor to avoid cybersecurity risks. Thereby, the analysis of cybersecurity vulnerabilities is a mandatory task, but the number of vulnerabilities and system configurations that can be threatened is extremely high. In this paper, we propose a method that uses software product line techniques to analyse the vulnerable configuration of the systems. We propose a solution, entitled AMADEUS, to enable and support the automatic analysis and testing of cybersecurity vulnerabilities of configuration systems based on feature models. AMADEUS is a holistic solution that is able to automate the analysis of the specific infrastructures in the organisations, the existing vulnerabilities, and the possible configurations extracted from the vulnerability repositories. By using this information, AMADEUS generates automatically the feature models, that are used for reasoning capabilities to extract knowledge, such as to determine attack vectors with certain features. AMADEUS has been validated by demonstrating the capacities of feature models to support the threat scenario, in which a wide variety of vulnerabilities extracted from a real repository are involved. Furthermore, we open the door to new applications where software product line engineering and cybersecurity can be empowered.

Autores: Angel Jesus Varela Vaca / Rafael M. Gasca / José Antonio Carmona-Fombella / Maria Teresa Gómez López / 
Palabras Clave: cybersecurity - feature model - pentesting - reasoning - Testing - vulnerabilities - vulnerable configuration

Many-Objective Test Suite Generation for Software Product Lines

A Software Product Line (SPL) is a set of products builtfrom a number of features, the set of valid products being dened bya feature model. Typically, it does not make sense to test all productsdened by an SPL and one instead chooses a set of products to test(test selection) and, ideally, derives a good order in which to test them(test prioritisation). Since one cannot know in advance which productswill reveal faults, test selection and prioritisation are normally based onobjective functions that are known to relate to likely effectiveness orcost. This article introduces a new technique, the grid-based evolutionstrategy (GrES), which considers several objective functions that assessa selection or prioritisation and aims to optimise on all of these. Theproblem is thus a many-objective optimisation problem. We use a newapproach, in which all of the objective functions are considered but one(pairwise coverage) is seen as the most important. We also derive a novelevolution strategy based on domain knowledge. The results of the evalua-tion, on randomly generated and realistic feature models, were promising,with GrES outperforming previously proposed techniques and a range ofmany-objective optimisation algorithms.

Autores: Rob Hierons / Miqing Li / Xiaohui Liu / José Antonio Parejo Maestre / Sergio Segura Rueda / Xin Yao / 
Palabras Clave: Evolutionary algorithms - many-objectives optimization - Search-Based Software Engineering - software product lines - Testing

Reparación de pruebas de interfaz de usuario en Android como un problema de búsqueda

Las pruebas de interfaz de usuario son una técnica muy popular gracias a su capacidad para validar el comportamiento de la aplicación tal y como lo experimentaría el usuario, y por su facilidad para generar los casos de prueba. Sin embargo, una de las limitaciones más importantes de este tipo de pruebas es su fragilidad ante los cambios de la propia interfaz de usuario, que suelen producirse durante el desarrollo del sistema. En este artículo formulamos la reparación de estas pruebas ante cambios en la intefaz o funcionalidad de la aplicación como un problema de búsqueda. Además, proponemos un algoritmo heurístico para su resolución basado en GRASP. Esta propuesta se ha implementado y validado en el dominio especifico de aplicaciones móviles para dispositivos Android. Los resultados obtenidos demuestran su aplicabilidad con varios casos de estudio para cambios de diversa envergadura.

Autores: Adrián Cantón Fernandez / José Antonio Parejo Maestre / Sergio Segura / Antonio Ruiz-Cortés / 
Palabras Clave: Android - GRASP - SBSE - test case repair - Testing

Towards the Definition of Test Coverage Criteria for RESTful Web APIs

Web APIs following the REST architectural style (so-called RESTful Web APIs) have become the de-facto standard for software integration. As RESTful APIs gain momentum, so does the testing of them. However, there is a lack of mechanisms to assess the adequacy of testing approaches in this context, which makes it difficult to measure and compare the effectiveness of different testing techniques. In this work-in-progress paper, we take a step forward towards a framework for the assessment and comparison of testing approaches for RESTful Web APIs. To that end, we propose a preliminary catalogue of test coverage criteria. These criteria measure the adequacy of test suites based on the degree to which they exercise the different input and output elements of RESTful Web services. To the best of our knowledge, this is the first attempt to measure the adequacy of testing approaches for RESTful Web APIs.

Autores: Alberto Martin-Lopez / Sergio Segura / Antonio Ruiz-Cortés / 
Palabras Clave: coverage criteria - REST - Testing - web services

Spectrum-Based Fault Localization in Model Transformations

Model transformations play a cornerstone role in Model-Driven Engineering as they provide the essential mechanisms for manipulating and transforming models. The correctness of software built using MDE techniques greatly relies on the correctness of model transformations. However, it is challenging and error prone to debug them, and the situation gets more critical as the size and complexity of model transformations grow, where manual debugging is no longer possible.Spectrum-Based Fault Localization (SBFL) uses the results of test cases and their corresponding code coverage information to estimate the likelihood of each program component (e.g., statements) of being faulty. In this paper we present an approach to apply SBFL for locating the faulty rules in model transformations. We evaluate the feasibility and accuracy of the approach by comparing the effectiveness of 18 different state-of-the-art SBFL techniques at locating faults in model transformations. Evaluation results revealed that the best techniques, namely Kulcynski2, Mountford, Ochiai and Zoltar, lead the debugger to inspect a maximum of three rules in order to locate the bug in around 74% of the cases. Furthermore, we compare our approach with a static approach for fault localization in model transformations, observing a clear superiority of the proposed SBFL-based method.

Autores: Javier Troya / Sergio Segura / José Antonio Parejo Maestre / Antonio Ruiz-Cortés / 
Palabras Clave: Debugging - Fault Localization - Model Transformation - Spectrum-based - Testing

Automatic Testing of Program Slicers

Program slicing is a technique to extract the part of a program (the slice) that influences or is influenced by a set of variables at a given point (the slicing criterion). Computing minimal slices is undecidable in the general case, and obtaining the minimal slice of a given program is normally computationally prohibitive even for very small programs. Therefore, no matter what program slicer we use, in general, we cannot be sure that our slices are minimal. This is probably the fundamental reason why no benchmark collection of minimal program slices exists. In this work, we present a method to automatically produce quasi-minimal slices. Using our method, we have produced a suite of quasi-minimal slices for Erlang that we have later manually proved they are minimal. We explain the process of constructing the suite, the methodology and tools that were used, and the results obtained. The suite comes with a collection of Erlang benchmarks together with different slicing criteria and the associated minimal slices.

Autores: Sergio Pérez / Josep Sílva / Salvador Tamarit / 
Palabras Clave: Erlang - Program analysis - Program Slicing - Testing

SMT-based Test-Case Generation with Complex Preconditions

We present a system which can automatically generate an exhaustive set of black-box test-cases, up to a given size, for programs under test requiring complex preconditions. The key of the approach is to translate a formal precondition into a set of constraints belonging to the decidable logics of SMT solvers. By checking the satisfiability of the constraints, then the models returned by the solver automatically synthesize the cases.We also show how to use SMT solvers to automatically check for validity the test-case results, and also to complement the black-box cases with white-box ones. Finally, we use of solver to perform what we call automatic partial verification of the program. In summary, we propose a system in which exhaustive black-box and white-box testing, result checking, and partial verification, can all be done automatically. The only extra effort required from programmers is to write formal specifications.

Autores: Ricardo Peña / Jaime Sánchez-Hernández / Miguel Garrido / Javier Sagredo / 
Palabras Clave: formal specification - SMT solvers - test-case generation - Testing

Hacia la automatización de pruebas funcionales y de rendimiento en Android con algoritmos basados en búsqueda

Actualmente existen millones de aplicaciones para smartphone que deben ejecutarse correctamente en entornos software, hardware y de conectividad muy variados y cambiantes. El testing de dichas aplicaciones es por tanto un reto importante, para el que ligeras mejoras de la productividad suponen grandes beneficios para usuarios y desarrolladores. Este artículo presenta una primera aproximación de trabajo en curso para la la automatización de pruebas funcionales y de rendimiento en aplicaciones android usando algoritmos basados en búsqueda. La viabilidad de la propuesta se ha validado aplicándola a dos aplicaciones simples. Generando casos de pruebas que detectan cierres abruptos en la aplicación y maximizan el tiempo de ejecución.

Autores: José Antonio Parejo Maestre / Antonio Ruiz-Cortés / 
Palabras Clave: Android - automation - search based algorithms - Testing

Diseño de operadores de mutación para características de sensibilidad al contexto en aplicaciones móviles

Este artículo presenta el diseño arquitectónico de un conjunto de operadores de mutación. Este diseño mejora el tiempo y coste de implementación de nuevos operadores respecto de la experiencia previa de los autores en el desarrollo de otras herramientas de mutación. El diseño, además, se está utilizando para la creación de operadores específicamente diseñados para reproducir artificialmente errores sobre las características de sensibilidad al contexto de aplicaciones móviles.

Autores: Macario Polo / Isyed De La Caridad Rodriguez Trujillo / 
Palabras Clave: operadores de mutación - Tecnología móvil - Testing

Generacio?n de pruebas del sistema en el desarrollo del proyecto ADAGIO mediante la aplicacio?n de NDT

La ingenieri?a guiada por modelos (MDE) se ha utilizado en los u?ltimos an?os para promover mejores resultados en el desarrollo de aplicaciones web, en el campo que se ha denominado ingenieri?a web guiada por modelos (MDWE). Una de las ventajas de aplicar MDWE es que ofrece una solucio?n para reducir el coste de las pruebas sin afectar su ejecucio?n ni la calidad de las mismas. Navigational Development Techinques (NDT), es una metodologi?a que proporciona soporte para todas las fases del ciclo de vida del desarrollo de un proyecto de software, proponiendo transformaciones automa?ticas entre dichas fases, sin embargo, en este trabajo, aunque se describe brevemente co?mo se ha hecho uso de NDT para la definicio?n de las fases de requisitos y ana?lisis, se hace hincapie? en el uso de la metodologi?a para la definicio?n de la fase de pruebas de un proyecto real denominado ADAGIO. La aplicacio?n de esta metodologi?a, proporciona un mayor i?ndice de cobertura de pruebas del sistema, y, consecuentemente, un incremento en la calidad del producto.

Autores: S. Moreno-Leonardo / J.G. Enríquez / L. Morales / F.J. Dominguez-Mayo / 
Palabras Clave: Ingenieri?a web guiada por modelos - Metodología - NDT - Testing

No encuentra los resultados que busca? Prueba nuestra Búsqueda avanzada