SMRL: A Metamorphic Security Testing Tool for Web Systems

Mai, Xuan Phu; Göknil, Arda; Pastore, Fabrizio; Briand, Lionel

doi:10.1145/3377812.3382152

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

SMRL: A Metamorphic Security Testing Tool for Web Systems

Mai, Xuan Phu; Göknil, Arda; Pastore, Fabrizio et al.

2020 • In 2020 IEEE/ACM 42nd International Conference on Software Engineering

Peer reviewed

Permalink
https://hdl.handle.net/10993/43205

DOI
10.1145/3377812.3382152

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

smrl-icse20-demo.pdf

Author postprint (2.01 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Software Engineering; Software Security; Metamorphic Testing; Metamorphic Relations; Security Testing; Web Security; System Testing

Abstract :

[en] We present a metamorphic testing tool that alleviates the oracle problem in security testing. The tool enables engineers to specify metamorphic relations that capture security properties of Web systems. It automatically tests Web systems to detect vulnerabilities based on those relations. We provide a domain-specific language accompanied by an Eclipse editor to facilitate the specification of metamorphic relations. The tool automatically collects the input data and transforms the metamorphic relations into executable Java code in order to automatically perform security testing based on the collected data. The tool has been successfully evaluated on a commercial system and a leading open source system (Jenkins). Demo video: https://youtu.be/9kx6u9LsGxs.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)

Disciplines :

Computer science

Author, co-author :

Mai, Xuan Phu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Göknil, Arda

Pastore, Fabrizio ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Briand, Lionel ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

External co-authors :

yes

Language :

English

Title :

SMRL: A Metamorphic Security Testing Tool for Web Systems

Publication date :

2020

Event name :

International Conference on Software Engineering

Event organizer :

IEEE/ACM

Event place :

Seoul, South Korea

Event date :

from 06-07-2020 to 11-07-2020

Main work title :

2020 IEEE/ACM 42nd International Conference on Software Engineering

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

European Projects :

H2020 - 694277 - TUNE - Testing the Untestable: Model Testing of Complex Software-Intensive Systems

FnR Project :

FNR11213850 - Enhanced Daily Living And Health 2 – An Incentive Based Service, 2015 (01/06/2016-30/11/2018) - Lionel Briand

Funders :

CE - Commission Européenne [BE]

Available on ORBilu :

since 13 May 2020

Statistics

Number of views

288 (43 by Unilu)

Number of downloads

291 (20 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations