AbstractMutation analysis forms a popular software analysis technique that has been demonstrated
to be useful in supporting multiple software engineering activities. Yet, the use of mutation
analysis in tackling security issues has received little attention. In view of this, we design security
aware mutation operators to support mutation analysis. Using a known set of common
security vulnerability patterns, we introduce 15 security-aware mutation operators for Java.
We then implement them in the PIT mutation engine and evaluate them. Our preliminary
results demonstrate that standard PIT operators are unlikely to introduce vulnerabilities similar
to ours. We also show that our security-aware mutation operators are indeed applicable
and prevalent on open source projects, providing evidence that mutation analysis can support
security testing activities.
|Date of Award||23 Jun 2017|
|Supervisor||Anthony Cleve (President), Patrick Heymans (Supervisor), Gilles Perrouin (Co-Supervisor) & Xavier Devroey (Co-Supervisor)|