DocumentCode
251907
Title
Model inference and security testing in the spacios project
Author
Buchler, Marco ; Hossen, Karim ; Mihancea, P.F. ; Minea, Marius ; Groz, Roland ; Oriat, Catherine
Author_Institution
Tech. Univ. Munchen, Munich, Germany
fYear
2014
fDate
3-6 Feb. 2014
Firstpage
411
Lastpage
414
Abstract
The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One is based on remote interaction (typically through an HTTP connection) to observe the runtime behaviour and infer a model in black-box mode. The other is based on analysis of application code when available. This paper presents the reverse engineering parts of the project, along with an illustration of how vulnerabilities can be found with various SPaCIoS tool components on a typical security benchmark.
Keywords
Web services; hypermedia; program diagnostics; program verification; reverse engineering; security of data; specification languages; transport protocols; HTTP connection; SPaCIos project; Web applications; application code analysis; black-box mode; dedicated specification language; model checking; model inference; mutation-based testing; remote interaction; reverse engineering; runtime behaviour; security benchmark; security testing; tool collection; Abstracts; Analytical models; Concrete; Crawlers; Security; Semantics; Testing; Control Flow Inference; Data-Flow Inference; Reverse-Engineering; Security; Web Application;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), 2014 Software Evolution Week - IEEE Conference on
Conference_Location
Antwerp
Type
conf
DOI
10.1109/CSMR-WCRE.2014.6747207
Filename
6747207
Link To Document