The AVANTSSAR validation platform is an automated toolset for validating trust and security aspects of Service-Oriented Architectures (SOAs). Models and security properties are specified in lowlevel AVANTSSAR Specification Language (ASLan) and there are three dedicated model-checkers that can validate if such models satisfy the security properties. However, the implementation may deviate from the specification and may contain some vulnerabilities that an attacker could exploit to violate the defined security properties. We have designed a set of semantic mutation operators to inject such vulnerabilities in an ASLan specification. Here we present the implementation of those mutation operators as Extensible Stylesheet Language Transformation (XSLT) scripts. Then, we evaluate the interest of using semantic mutation operators instead of syntactic ones by comparing the number of mutants that lead to the generation of a test case (i.e., a potential attack) and the resulting test suite for a set of existing ASLan specifications.

Evaluation of ASLan Mutation Operators

CALVI, Alberto;
2013-01-01

Abstract

The AVANTSSAR validation platform is an automated toolset for validating trust and security aspects of Service-Oriented Architectures (SOAs). Models and security properties are specified in lowlevel AVANTSSAR Specification Language (ASLan) and there are three dedicated model-checkers that can validate if such models satisfy the security properties. However, the implementation may deviate from the specification and may contain some vulnerabilities that an attacker could exploit to violate the defined security properties. We have designed a set of semantic mutation operators to inject such vulnerabilities in an ASLan specification. Here we present the implementation of those mutation operators as Extensible Stylesheet Language Transformation (XSLT) scripts. Then, we evaluate the interest of using semantic mutation operators instead of syntactic ones by comparing the number of mutants that lead to the generation of a test case (i.e., a potential attack) and the resulting test suite for a set of existing ASLan specifications.
2013
9783642389153
9783642389160
formal testing methods; white-box testing; test purpose; test selection; automated test case generation
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/624374
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact