Model‐based mutation testing from security protocols in HLPSL
Identifieur interne : 000780 ( Main/Exploration ); précédent : 000779; suivant : 000781Model‐based mutation testing from security protocols in HLPSL
Auteurs : Frédéric Dadeau [France] ; Pierre-Cyrille Héam [France] ; Rafik Kheddam [France] ; Ghazi Maatoug [France] ; Michael Rusinowitch [France]Source :
- Software Testing, Verification and Reliability [ 0960-0833 ] ; 2015-08.
English descriptors
Abstract
In recent years, important efforts have been made for offering a dedicated language for modelling and verifying security protocols. Outcome of the European project AVISPA, the high‐level security protocol language (HLPSL) aims at providing a means for verifying usual security properties (such as data secrecy) in message exchanges between agents. However, verifying the security protocol model does not guarantee that the actual implementation of the protocol will fulfil these properties. This article presents a model‐based testing approach, relying on the mutation of HLPSL models to generate abstract test cases. The proposed mutations aim at introducing leaks in the security protocols and represent real‐world implementation errors. The mutated models are then analysed by the automated validation of Internet security protocols and applications tool set, which produces, when the mutant protocol is declared unsafe, counterexample traces exploiting the security flaws and, thus, providing test cases. A dedicated framework is then used to concretize the abstract attack traces, bridging the gap between the formal model level and the implementation level. This model‐based testing technique has been experimented on a wide range of security protocols, in order to evaluate the mutation operators. This process has also been fully tool‐supported, from the mutation of the HLPSL model to the concretization of the abstract test cases into test scripts. It has been applied to a realistic case study of the Paypal payment protocol, which made it possible to discover a vulnerability in an implementation of an e‐commerce framework. Copyright © 2014 John Wiley & Sons, Ltd.
This article proposes a model‐based mutation testing approach for security protocols written in HLPSL. Mutation operators for protocol models, expressing real‐world implementation choices or mistakes, are presented and evaluated on a large bench of real‐world protocols. Finally, it describes a framework that helps automating the execution of the generated test cases. Copyright © 2014 John Wiley & Sons, Ltd.
Url:
DOI: 10.1002/stvr.1531
Affiliations:
- France
- Auvergne-Rhône-Alpes, Grand Est, Lorraine (région), Rhône-Alpes
- Valence (Drôme), Villers les Nancy
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 002990
- to stream Istex, to step Curation: 002953
- to stream Istex, to step Checkpoint: 000014
- to stream Hal, to step Corpus: 003263
- to stream Hal, to step Curation: 003263
- to stream Hal, to step Checkpoint: 000397
- to stream Main, to step Merge: 000769
- to stream Main, to step Curation: 000780
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Model‐based mutation testing from security protocols in HLPSL</title><author><name sortKey="Dadeau, Frederic" sort="Dadeau, Frederic" uniqKey="Dadeau F" first="Frédéric" last="Dadeau">Frédéric Dadeau</name></author><author><name sortKey="Heam, Pierre Yrille" sort="Heam, Pierre Yrille" uniqKey="Heam P" first="Pierre-Cyrille" last="Héam">Pierre-Cyrille Héam</name></author><author><name sortKey="Kheddam, Rafik" sort="Kheddam, Rafik" uniqKey="Kheddam R" first="Rafik" last="Kheddam">Rafik Kheddam</name></author><author><name sortKey="Maatoug, Ghazi" sort="Maatoug, Ghazi" uniqKey="Maatoug G" first="Ghazi" last="Maatoug">Ghazi Maatoug</name></author><author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michael" last="Rusinowitch">Michael Rusinowitch</name></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:B0BE6FC04FED32EEF520F42344EDF10BC7E7DF02</idno><date when="2015" year="2015">2015</date><idno type="doi">10.1002/stvr.1531</idno><idno type="url">https://api.istex.fr/ark:/67375/WNG-T5QQKJ8V-8/fulltext.pdf</idno><idno type="wicri:Area/Istex/Corpus">002990</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">002990</idno><idno type="wicri:Area/Istex/Curation">002953</idno><idno type="wicri:Area/Istex/Checkpoint">000014</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">000014</idno><idno type="wicri:doubleKey">0960-0833:2015:Dadeau F:model:based:mutation</idno><idno type="wicri:source">HAL</idno><idno type="RBID">Hal:hal-01090881</idno><idno type="url">https://hal.inria.fr/hal-01090881</idno><idno type="wicri:Area/Hal/Corpus">003263</idno><idno type="wicri:Area/Hal/Curation">003263</idno><idno type="wicri:Area/Hal/Checkpoint">000397</idno><idno type="wicri:explorRef" wicri:stream="Hal" wicri:step="Checkpoint">000397</idno><idno type="wicri:Area/Main/Merge">000769</idno><idno type="wicri:Area/Main/Curation">000780</idno><idno type="wicri:Area/Main/Exploration">000780</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main">Model‐based mutation testing from security protocols in HLPSL</title><author><name sortKey="Dadeau, Frederic" sort="Dadeau, Frederic" uniqKey="Dadeau F" first="Frédéric" last="Dadeau">Frédéric Dadeau</name><affiliation wicri:level="1"><country xml:lang="fr">France</country><wicri:regionArea>Femto‐ST institute/INRIA CASSIS, 16 route de Gray, 25030 Besançon, France</wicri:regionArea><wicri:noRegion>France</wicri:noRegion><wicri:noRegion>France</wicri:noRegion></affiliation><affiliation></affiliation><affiliation wicri:level="1"><country wicri:rule="url">France</country></affiliation></author><author><name sortKey="Heam, Pierre Yrille" sort="Heam, Pierre Yrille" uniqKey="Heam P" first="Pierre-Cyrille" last="Héam">Pierre-Cyrille Héam</name><affiliation wicri:level="1"><country xml:lang="fr">France</country><wicri:regionArea>Femto‐ST institute/INRIA CASSIS, 16 route de Gray, 25030 Besançon, France</wicri:regionArea><wicri:noRegion>France</wicri:noRegion><wicri:noRegion>France</wicri:noRegion></affiliation><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>INRIA Nancy Grand Est et LORIA, 615, rue du Jardin Botanique, CEDEX, 54602 Villers les Nancy</wicri:regionArea><placeName><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region><settlement type="city">Villers les Nancy</settlement></placeName></affiliation></author><author><name sortKey="Kheddam, Rafik" sort="Kheddam, Rafik" uniqKey="Kheddam R" first="Rafik" last="Kheddam">Rafik Kheddam</name><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>Univ. Grenoble Alpes, LCIS, 26900, Valence</wicri:regionArea><placeName><region type="region" nuts="2">Auvergne-Rhône-Alpes</region><region type="old region" nuts="2">Rhône-Alpes</region><settlement type="city">Valence (Drôme)</settlement></placeName></affiliation></author><author><name sortKey="Maatoug, Ghazi" sort="Maatoug, Ghazi" uniqKey="Maatoug G" first="Ghazi" last="Maatoug">Ghazi Maatoug</name><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>INRIA Nancy Grand Est et LORIA, 615, rue du Jardin Botanique, CEDEX, 54602 Villers les Nancy</wicri:regionArea><placeName><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region><settlement type="city">Villers les Nancy</settlement></placeName></affiliation></author><author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michael" last="Rusinowitch">Michael Rusinowitch</name><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>INRIA Nancy Grand Est et LORIA, 615, rue du Jardin Botanique, CEDEX, 54602 Villers les Nancy</wicri:regionArea><placeName><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region><settlement type="city">Villers les Nancy</settlement></placeName></affiliation></author></analytic><monogr></monogr><series><title level="j" type="main">Software Testing, Verification and Reliability</title><title level="j" type="sub">Mutation Testing</title><title level="j" type="alt">SOFTWARE TESTING, VERIFICATION AND RELIABILITY</title><idno type="ISSN">0960-0833</idno><idno type="eISSN">1099-1689</idno><imprint><biblScope unit="vol">25</biblScope><biblScope unit="issue">5-7</biblScope><biblScope unit="page" from="684">684</biblScope><biblScope unit="page" to="711">711</biblScope><biblScope unit="page-count">28</biblScope><date type="published" when="2015-08">2015-08</date></imprint><idno type="ISSN">0960-0833</idno></series></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0960-0833</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="mix" xml:lang="en"><term>AVISPA</term><term>HLPSL</term><term>mutation testing</term><term>security protocols</term><term>test generation</term></keywords></textClass></profileDesc></teiHeader><front><div type="abstract">In recent years, important efforts have been made for offering a dedicated language for modelling and verifying security protocols. Outcome of the European project AVISPA, the high‐level security protocol language (HLPSL) aims at providing a means for verifying usual security properties (such as data secrecy) in message exchanges between agents. However, verifying the security protocol model does not guarantee that the actual implementation of the protocol will fulfil these properties. This article presents a model‐based testing approach, relying on the mutation of HLPSL models to generate abstract test cases. The proposed mutations aim at introducing leaks in the security protocols and represent real‐world implementation errors. The mutated models are then analysed by the automated validation of Internet security protocols and applications tool set, which produces, when the mutant protocol is declared unsafe, counterexample traces exploiting the security flaws and, thus, providing test cases. A dedicated framework is then used to concretize the abstract attack traces, bridging the gap between the formal model level and the implementation level. This model‐based testing technique has been experimented on a wide range of security protocols, in order to evaluate the mutation operators. This process has also been fully tool‐supported, from the mutation of the HLPSL model to the concretization of the abstract test cases into test scripts. It has been applied to a realistic case study of the Paypal payment protocol, which made it possible to discover a vulnerability in an implementation of an e‐commerce framework. Copyright © 2014 John Wiley & Sons, Ltd.</div><div type="abstract">This article proposes a model‐based mutation testing approach for security protocols written in HLPSL. Mutation operators for protocol models, expressing real‐world implementation choices or mistakes, are presented and evaluated on a large bench of real‐world protocols. Finally, it describes a framework that helps automating the execution of the generated test cases. Copyright © 2014 John Wiley & Sons, Ltd.</div></front></TEI><affiliations><list><country><li>France</li></country><region><li>Auvergne-Rhône-Alpes</li><li>Grand Est</li><li>Lorraine (région)</li><li>Rhône-Alpes</li></region><settlement><li>Valence (Drôme)</li><li>Villers les Nancy</li></settlement></list><tree><country name="France"><noRegion><name sortKey="Dadeau, Frederic" sort="Dadeau, Frederic" uniqKey="Dadeau F" first="Frédéric" last="Dadeau">Frédéric Dadeau</name></noRegion><name sortKey="Dadeau, Frederic" sort="Dadeau, Frederic" uniqKey="Dadeau F" first="Frédéric" last="Dadeau">Frédéric Dadeau</name><name sortKey="Heam, Pierre Yrille" sort="Heam, Pierre Yrille" uniqKey="Heam P" first="Pierre-Cyrille" last="Héam">Pierre-Cyrille Héam</name><name sortKey="Heam, Pierre Yrille" sort="Heam, Pierre Yrille" uniqKey="Heam P" first="Pierre-Cyrille" last="Héam">Pierre-Cyrille Héam</name><name sortKey="Kheddam, Rafik" sort="Kheddam, Rafik" uniqKey="Kheddam R" first="Rafik" last="Kheddam">Rafik Kheddam</name><name sortKey="Maatoug, Ghazi" sort="Maatoug, Ghazi" uniqKey="Maatoug G" first="Ghazi" last="Maatoug">Ghazi Maatoug</name><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michael" last="Rusinowitch">Michael Rusinowitch</name></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000780 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 000780 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Lorraine
|area= InforLorV4
|flux= Main
|étape= Exploration
|type= RBID
|clé= ISTEX:B0BE6FC04FED32EEF520F42344EDF10BC7E7DF02
|texte= Model‐based mutation testing from security protocols in HLPSL
}}
| This area was generated with Dilib version V0.6.33. |  |