Towards a property-based testing environment with applications to security-critical software (1994) [10 citations — 2 self]

Download:

by George Fink, Calvin Ko, Myla Archer, Karl Levitt

In Proceedings of the 4th Irvine Software Symposium

http://avalon.cs.ucdavis.edu/gfink/gfink/papers/iss.ps

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Fink94towardsa,
    author = {George Fink and Calvin Ko and Myla Archer and Karl Levitt},
    title = {Towards a property-based testing environment with applications to security-critical software},
    booktitle = {In Proceedings of the 4th Irvine Software Symposium},
    year = {1994},
    pages = {39--48}
}

Abstract:

We consider an approach to testing that combines white-box and black-box techniques. Black-box testing is used for testing a program's effects against its specification. White-box testing is essential if subtle implementation errors are to be identified, e.g., errors due to race conditions. Full white-box testing is a large task. However, for many properties, only a small portion of the program is relevant--- hence property-based testing has the potential to substantially simplify much of the testing work. The portion of a program that relates to a given property can be identified through slicing. We describe the ongoing development of a Tester's Assistant, which in the long term, will include a specification-driven slicer for C programs, a test data generator, a coverage analyzer, and an execution monitor. The slicer and execution monitor are described in this paper, and applications to Unix security are indicated. Security is an important application of property-based testing because of the subtle undetected security errors in delivered operating systems. It is also a promising application because of the (unexpectedly) concise specifications that capture most security requirements, and because of the operating system support for execution monitoring. The work reported here is being supported in part

Citations

908	Program slicing – Weiser - 1984
219	Programmers Use Slices When Debugging – Weiser - 1982
144	Operating Systems Design and Implementation – Tanenbaum, Woodhull - 1997
78	Slicing Programs with Arbitrary Control-flow,” in Automated and Algorithmic – Ball
37	Targeting Safety-Related Errors During Software Requirements Analysis," presented at – Lutz - 1993
19	ADL—an interface definition language for specifying and testing software – Sankar, Hayes - 1994
13	Program slicing – Livadas, Croll - 1992
11	Automatic Runtime Consistency Checking and Debugging of Formally Specified Programs – Sankar - 1989
7	The C-Ghinsu Tool – Livadas - 1991
7	Static Analysis of Programs with Application to Malicious Code Detection – Lo - 1992
6	Common System Vulnerabilities – Spafford - 1992
3	Owen O'Malley and Cindy Tittle. Approaches to speci cationbased testing – Richardson - 1989

View or Download | Add to My Collection | Correct Errors