| 1 | Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry
A Generic Metamodel For Security Policies Mutation
Proceedings of the IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08)Lillehammer, Norway, 9-11 April 2008. |
|
| | Abstract: We present a new approach for mutation analysis of security policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel: we defined policies with RBAC and OrBAC and mutated these policies. |
| | @INPROCEEDINGS{MouelhiFB08,
author = {Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry},
title = {A Generic Metamodel For Security Policies Mutation},
booktitle = {Proceedings of the IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08)},
year = {2008},
address = {Lillehammer, Norway},
month = {9-11 April},
pages = {278-286}
} |
| 2 | Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry and Yves Le Traon
Mutating DAC And MAC Security Policies: A Generic Metamodel Based Approach
Proceedings of the 1st International Modeling Security WorkshopToulouse, France, 28th September 2008. |
|
| | Abstract: We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model—and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants thanthe same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points. |
| | @INPROCEEDINGS{MouelhiFBL08a,
author = {Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry and Yves Le Traon},
title = {Mutating DAC And MAC Security Policies: A Generic Metamodel Based Approach},
booktitle = {Proceedings of the 1st International Modeling Security Workshop},
year = {2008},
address = {Toulouse, France},
month = {28th September},
pages = {}
} |
| 3 | Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry
A Generic Metamodel For Security Policies Mutation
First International Conference on Software Testing Verification and Validation, {ICST} 2008, Lillehammer, Norway, April 9-11, 2008, Workshops Proceedings, 2008. |
|
| | Abstract: Available soon... |
| | @INPROCEEDINGS{mouelhi_icst_08,
author = {Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry},
title = {A Generic Metamodel For Security Policies Mutation},
booktitle = {First International Conference on Software Testing Verification and Validation, {ICST} 2008, Lillehammer, Norway, April 9-11, 2008, Workshops Proceedings},
year = {2008},
address = {},
month = {},
pages = {278--286}
} |
| 4 | Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry and Yves Le Traon
A Model-based Framework for Security Policies Specifications, Deployment and Testing
Proceedings of the 11th International Conference on Model Driven Engineering Languages and Systems (MoDELS'08)Toulouse, France, 28 September - 1 October 2008. |
|
| | Abstract: We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model—and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants thanthe same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points. |
| | @INPROCEEDINGS{MouelhiFBL08,
author = {Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry and Yves Le Traon},
title = {A Model-based Framework for Security Policies Specifications, Deployment and Testing},
booktitle = {Proceedings of the 11th International Conference on Model Driven Engineering Languages and Systems (MoDELS'08)},
year = {2008},
address = {Toulouse, France},
month = {28 September - 1 October},
pages = {537–552}
} |
| 5 | Benoit Baudry and Franck Fleurey and Yves Le Traon
Improving Test Suites for Efficient Fault Localization
Proceedings of the 28th International Conference on Software Engineering (ICSE'06)Shanghai, China, 20-28 May 2006. |
|
| | Abstract: The need for testing-for-diagnosis strategies has been identified for a long time, but the explicit link from testing to diagnosis (fault localization) is rare. Analyzing the type of information needed for efficient fault localization, we identify the attribute (called Dynamic Basic Block) that restricts the accuracy of a diagnosis algorithm. Based on this attribute, a test-for-diagnosis criterion is proposed and validated through rigorous case studies: it shows that a test suite can be improved to reach a high level of diagnosis accuracy. So, the dilemma between a reduced testing effort (with as few test cases as possible) and the diagnosis accuracy (that needs as much test cases as possible to get more information) is partly solved by selecting test cases that are dedicated to diagnosis. |
| | @INPROCEEDINGS{BaudryFT06,
author = {Benoit Baudry and Franck Fleurey and Yves Le Traon},
title = {Improving Test Suites for Efficient Fault Localization},
booktitle = {Proceedings of the 28th International Conference on Software Engineering (ICSE'06)},
year = {2006},
address = {Shanghai, China},
month = {20-28 May},
pages = {82-91}
} |
| 6 | Benoit Baudry and Franck Fleurey and Jean-Marc Jezequel and Yves Le Traon
Automatic Test Case Optimization: A Bacteriologic Algorithm
IEEE Software, 22(2), March-April 2005. |
|
| | Abstract: Improving test cases automatically is a nonlinear optimization problem. To solve this problem, we've developed a bacteriologic algorithm, adapted from genetic algorithms that can generate and optimize a set of test cases. A .NET component that parses C# source files illustrates our algorithm. |
| | @ARTICLE{BaudryFJT05a,
author = {Benoit Baudry and Franck Fleurey and Jean-Marc Jezequel and Yves Le Traon},
title = {Automatic Test Case Optimization: A Bacteriologic Algorithm},
journal = {IEEE Software},
year = {2005},
month = {March-April},
volume = {22},
number = {2},
pages = {76-82}
} |
| 7 | Benoit Baudry and Franck Fleurey and Jean-Marc Jezequel and Yves Le Traon
From Genetic to Bacteriological Algorithms for Mutation-based Testing
Software Testing, Verification and Reliability, 15(2), June 2005. |
|
| | Abstract: The level of confidence in a software component is often linked to the quality of its test cases. This quality can in turn be evaluated with mutation analysis: faults are injected into the software component (making mutants of it) to check the proportion of mutants detected (‘killed’) by the test cases. But while the generation of a set of basic test cases is easy, improving its quality may require prohibitive effort. This paper focuses on the issue of automating the test optimization. The application of genetic algorithms would appear to be an interesting way of tackling it. The optimization problem is modelled as follows: a test case can be considered as a predator while a mutant program is analogous to a prey. The aim of the selection process is to generate test cases able to kill as many mutants as possible, starting from an initial set of predators, which is the test cases set provided by the programmer. To overcome disappointing experimentation results, on .Net components and unit Eiffel classes, a slight variation on this idea is studied, no longer at the ‘animal’ level (lions killing zebras, say) but at the bacteriological level. The bacteriological level indeed better reflects the test case optimization issue: it mainly differs from the genetic one by the introduction of a memorization function and the suppression of the crossover operator. The purpose of this paper is to explain how the genetic algorithms have been adapted to fit with the issue of test optimization. The resulting algorithm differs so much from genetic algorithms that it has been given another name: bacteriological algorithm. |
| | @ARTICLE{BaudryFJT05,
author = {Benoit Baudry and Franck Fleurey and Jean-Marc Jezequel and Yves Le Traon},
title = {From Genetic to Bacteriological Algorithms for Mutation-based Testing},
journal = {Software Testing, Verification and Reliability},
year = {2005},
month = {June},
volume = {15},
number = {2},
pages = {73 - 96}
} |
| 8 | Benoit Baudry and Franck Fleurey and Jean-Marc Jezequel and Yves Le Traon
Genes and Bacteria for Automatic Test Cases Optimization in the .NET Environment
Proceedings of the 13th International Symposium on Software Reliability Engineering (ISSRE'02)Annapolis, Maryland, 12-15 November 2002. |
|
| | Abstract: The level of confidence in a software component is often linked to the quality of its test cases. This quality can in turn be evaluated with mutation analysis: faulty components (mutants) are systematically generated to check the proportion of mutants detected ("killed") by the test cases. But while the generation of basic test cases set is easy, improving its quality may require prohibitive effort. This paper focuses on the issue of automating the test optimization. We looked at genetic algorithms to solve this problem and modeled it as follows: a test case can be considered as a predator while a mutant program is analogous to a prey. The aim of the selection process is to generate test cases able to kill as many mutants as possible. To overcome disappointing experimentation results on the studied .Net system, we propose a slight variation on this idea, no longer at the "animal" level (lions killing zebras) but at the bacteriological level. The bacteriological level indeed better reflects the test case optimization issue: it introduces of a memorization function and the suppresses the crossover operator. We describe this model and show how it behaves on the case study. |
| | @INPROCEEDINGS{BaudryFJT02a,
author = {Benoit Baudry and Franck Fleurey and Jean-Marc Jezequel and Yves Le Traon},
title = {Genes and Bacteria for Automatic Test Cases Optimization in the .NET Environment},
booktitle = {Proceedings of the 13th International Symposium on Software Reliability Engineering (ISSRE'02)},
year = {2002},
address = {Annapolis, Maryland},
month = {12-15 November},
pages = {195-206}
} |
| 9 | Benoit Baudry and Franck Fleurey and Jean-Marc Jezequel and Yves Le Traon
Automatic Test Case Optimization Using a Bacteriological Adaptation Model: Application to .NET Components
Proceedings of the 17th IEEE International Conference on Automated Software Engineering (ASE'02)Edinburgh, Scotland, 23-27 September 2002. |
|
| | Abstract: In this paper, we present several complementary computational intelligence techniques that we explored in the field of .Net component testing. Mutation testing serves as the common backbone for applying classical and new artificial intelligence (AI) algorithms. With mutation tools, we know how to estimate the revealing power of test cases. With AI, we aim at automatically improving test case efficiency. We therefore looked first at genetic algorithms (GA) to solve the problem of test. The aim of the selection process is to generate test cases able to kill as many mutants as possible. We then propose a new AI algorithm that fits better to the test optimization problem, called bacteriological algorithm (BA): BAs behave better that GAs for this problem. However, between GAs and BAs, a family of intermediate algorithms exists: we explore the whole spectrum of these intermediate algorithms to determine whether an algorithm exists that would be more efficient than BAs.: the approaches are compared on a .Net system. |
| | @INPROCEEDINGS{BaudryFJT02,
author = {Benoit Baudry and Franck Fleurey and Jean-Marc Jezequel and Yves Le Traon},
title = {Automatic Test Case Optimization Using a Bacteriological Adaptation Model: Application to .NET Components},
booktitle = {Proceedings of the 17th IEEE International Conference on Automated Software Engineering (ASE'02)},
year = {2002},
address = {Edinburgh, Scotland},
month = {23-27 September},
pages = {253-256}
} |
