Results 1  10
of
26
A symbolic framework for modelbased testing
 FATES 2006 AND RV 2006. LNCS
, 2006
"... The starting point for ModelBased Testing is an implementation relation that formally defines when a formal model representing the System Under Test conforms to a formal model constituting its specification. An implementation relation for the formalism of Labelled Transition Systems is ioco. For ..."
Abstract

Cited by 25 (4 self)
 Add to MetaCart
The starting point for ModelBased Testing is an implementation relation that formally defines when a formal model representing the System Under Test conforms to a formal model constituting its specification. An implementation relation for the formalism of Labelled Transition Systems is ioco. For ioco several test generation algorithms and test tools have been built. In this paper we define a framework for the symbolic implementation relation sioco which lifts ioco to Symbolic Transition Systems. These are transition systems with an explicit notion of data and datadependent control flow. The introduction of symbolism avoids the statespace explosion during test generation, and it preserves the information present in data definitions and constraints for use during the test selection process. We show the soundness and completeness of the symbolic notions w.r.t. their underlying Labelled Transition Systems’ counterparts.
Testsequence generation with HOLTestGen – with an application to firewall testing
 In International Conference on Tests and Proofs
, 2007
"... Abstract HOLTestGen is a specification and test case generation environment extending the interactive theorem prover Isabelle/HOL. Its method is twostaged: first, the original formula is partitioned into test cases by transformation into a normal form called test theorem. Second, the test cases ar ..."
Abstract

Cited by 16 (12 self)
 Add to MetaCart
(Show Context)
Abstract HOLTestGen is a specification and test case generation environment extending the interactive theorem prover Isabelle/HOL. Its method is twostaged: first, the original formula is partitioned into test cases by transformation into a normal form called test theorem. Second, the test cases are analyzed for ground instances (the test data) satisfying the constraints of the test cases. Particular emphasis is put on the control of explicit test hypotheses which can be proven over concrete programs. Although originally designed for blackbox unittests, HOLTestGen’s underlying logic and deduction engine is powerful enough to be used in testsequence generation, too. We develop the theory for testsequence generation with HOLTestGen and describe its use in a substantial casestudy in the field of computer security, namely the blackbox test of configured firewalls. Key words: symbolic test case generations, test sequence generation, black box testing, theorem proving, Isabelle/HOL, computer security 1
Parameterized Unit Tests with Unit Meister
 in Proceedings of the Joint 10th European Software Engineering Conference (ESEC) and the 13th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE13
, 2005
"... Parameterized unit tests extend the current industry practice of using closed unit tests defined as parameterless methods. Traditional closed unit tests are reobtained by instantiating the parameterized unit tests. We have developed the prototype tool Unit Meister, which uses symbolic execution and ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
(Show Context)
Parameterized unit tests extend the current industry practice of using closed unit tests defined as parameterless methods. Traditional closed unit tests are reobtained by instantiating the parameterized unit tests. We have developed the prototype tool Unit Meister, which uses symbolic execution and constraint solving to automatically compute a minimal set of inputs that exercise a parameterized unit test given certain coverage criteria. In addition, the parameterized unit tests can be used as symbolic summaries during symbolic execution, which allows our approach to scale for arbitrary abstraction levels. Unit Meister has a commandline interface, and is also
P.: Testing Data Types Implementations from Algebraic Specifications
, 2008
"... Abstract. Algebraic specifications of data types provide a natural basis for testing data types implementations. In this framework, the conformance relation is based on the satisfaction of axioms. This makes it possible to formally state the fundamental concepts of testing: exhaustive test set, test ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Algebraic specifications of data types provide a natural basis for testing data types implementations. In this framework, the conformance relation is based on the satisfaction of axioms. This makes it possible to formally state the fundamental concepts of testing: exhaustive test set, testability hypotheses, oracle. Various criteria for selecting finite test sets have been proposed. They depend on the form of the axioms, and on the possibilities of observation of the implementation under test. This last point is related to the wellknown oracle problem. As the main interest of algebraic specifications is data type abstraction, testing a concrete implementation raises the issue of the gap between the abstract description and the concrete representation. The observational semantics of algebraic specifications bring solutions on the basis of the socalled observable contexts. After a description of testing methods based on algebraic specifications, the chapter gives a brief presentation of some tools and case studies, and presents some applications to other formal methods involving datatypes.
Testing from algebraic specifications: test data set selection by unfolding axioms
 Formal Approaches to Software Testing (FATES ’05), Lecture Notes in Computer Science
, 2006
"... Abstract. This paper deals with test data set selection from algebraic specifications. Test data set are generated from selection criteria which are usually defined to cover specification axioms. The unfolding selection criterion consists in covering the input domain of an operation using case analy ..."
Abstract

Cited by 12 (10 self)
 Add to MetaCart
(Show Context)
Abstract. This paper deals with test data set selection from algebraic specifications. Test data set are generated from selection criteria which are usually defined to cover specification axioms. The unfolding selection criterion consists in covering the input domain of an operation using case analysis. The unfolding procedure can be iterated in order to split input domains of operations into finer subdomains. In this paper we propose to extend an unfolding procedure previously developed in [6, 22]. This yields a generic extension which can be applied to any positive conditional specification with constructors.
Verified Firewall Policy Transformations for Test Case Generation
"... Abstract—We present an optimization technique for modelbased generation of test cases for firewalls. Starting from a formal model for firewall policies in higherorder logic, we derive a collection of semanticspreserving policy transformation rules and an algorithm that optimizes the specification ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Abstract—We present an optimization technique for modelbased generation of test cases for firewalls. Starting from a formal model for firewall policies in higherorder logic, we derive a collection of semanticspreserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage. The correctness of the rules and the algorithm is established by formal proofs in Isabelle/HOL. Finally, we use the normalized policies to generate test cases with the domainspecific firewall testing tool HOLTESTGEN/FW. The resulting procedure is characterized by a gain in efficiency of two orders of magnitude. It can handle configurations with hundreds of rules such as frequently occur in practice. Our approach can be seen as an instance of a methodology to tame inherent statespace explosions in test case generation for security policies. KeywordsSecurity testing, modelbased testing I.
An MDA framework supporting OCL
 ELECTRONIC COMMUNICATIONS OF THE EASST
, 2006
"... We present an mda framework, developed in the functional programming language sml, that tries to bridge the gap between formal software development and the needs of industrial software development, e.g., code generation. Overall, our toolchain provides support for software modeling using uml/ocl a ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
We present an mda framework, developed in the functional programming language sml, that tries to bridge the gap between formal software development and the needs of industrial software development, e.g., code generation. Overall, our toolchain provides support for software modeling using uml/ocl and guides the user from typechecking and model transformations to code generation and formal analysis of the uml/ocl model. We conclude with a report on our experiences in using a functional language for implementing mda tools.
Modelbased firewall conformance testing
 In 8th International Workshop on Formal Approaches to Testing of Software, Tokyo,Japan
, 2008
"... Abstract Firewalls are a cornerstone of todays security infrastructure for networks. Their configuration, implementing a firewall policy, is inherently complex, hard to understand, and difficult to validate. We present a substantial case study performed with the modelbased testing tool HOLTestGen. ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Abstract Firewalls are a cornerstone of todays security infrastructure for networks. Their configuration, implementing a firewall policy, is inherently complex, hard to understand, and difficult to validate. We present a substantial case study performed with the modelbased testing tool HOLTestGen. Based on a formal model of firewalls and their policies in higherorder logic (HOL), we first present a derived theory for simplifying policies. We discuss different test plans for test specifications. Finally, we show how to integrate these issues to a domainspecific firewall testing tool HOLTestGen/fw.
Integrating Testing and Interactive Theorem Proving
 In: ACL2 ’11: Proceedings of the ninth international workshop on the ACL2 theorem
"... Abstract. Using an interactive theorem prover to reason about programs involves a sequence of interactions where the user challenges the theorem prover with conjectures. Invariably, many of the conjectures posed are in fact false, and users often spend considerable effort examining the theorem pro ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Using an interactive theorem prover to reason about programs involves a sequence of interactions where the user challenges the theorem prover with conjectures. Invariably, many of the conjectures posed are in fact false, and users often spend considerable effort examining the theorem prover’s output before realizing this. We present a synergistic integration of testing with theorem proving, implemented in the ACL2 Sedan (ACL2s), for automatically generating concrete counterexamples. Our method uses the full power of the theorem prover and associated libraries to simplify conjectures; this simplification can transform conjectures for which finding counterexamples is hard into conjectures where finding counterexamples is trivial. In fact, our approach even leads to better theorem proving, e.g., if testing shows that a generalization step leads to a false conjecture, we force the theorem prover to backtrack, allowing it to pursue more fruitful options that may yield a proof. The focus of the paper is on the engineering of a synergistic integration of testing with interactive theorem proving; this includes extending ACL2 with new functionality that we expect to be of general interest. We also discuss our experience in using ACL2s to teach freshman students how to reason about their programs. 1
An Approach to Modular and Testable Security Models of Realworld Healthcare Applications
, 2011
"... We present a generic modular policy modelling framework and instantiate it with a substantial case study for modelbased testing of some key security mechanisms of applications and services of the NPfIT. NPfIT, the National Programme for IT, is a very largescale development project aiming to moderni ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
We present a generic modular policy modelling framework and instantiate it with a substantial case study for modelbased testing of some key security mechanisms of applications and services of the NPfIT. NPfIT, the National Programme for IT, is a very largescale development project aiming to modernise the IT infrastructure of the National Health Service (NHS) in England. Consisting of heterogeneous and distributed applications, it is an ideal target for modelbased testing techniques of a large system exhibiting critical security features. We model the four information governance principles, comprising a rolebased access control model, as well as policy rules governing the concepts of patient consent, sealed envelopes and legitimate relationships. The model is given in Higherorder Logic (HOL) and processed together with suitable test specifications in the holTestGen system, that generates test sequences according to them. Particular emphasis is put on the modular description of security policies and their generic combination and its consequences for modelbased testing.