Towards Security Aware Mutation Testing

  • Thomas Loise

Student thesis: Master typesMaster in Computer science


Mutation analysis forms a popular software analysis technique that has been demonstrated
to be useful in supporting multiple software engineering activities. Yet, the use of mutation
analysis in tackling security issues has received little attention. In view of this, we design security
aware mutation operators to support mutation analysis. Using a known set of common
security vulnerability patterns, we introduce 15 security-aware mutation operators for Java.
We then implement them in the PIT mutation engine and evaluate them. Our preliminary
results demonstrate that standard PIT operators are unlikely to introduce vulnerabilities similar
to ours. We also show that our security-aware mutation operators are indeed applicable
and prevalent on open source projects, providing evidence that mutation analysis can support
security testing activities.
Date of Award23 Jun 2017
Original languageFrench
Awarding Institution
  • University of Namur
SupervisorAnthony Cleve (President), Patrick Heymans (Supervisor), Gilles Perrouin (Co-Supervisor) & Xavier Devroey (Co-Supervisor)

Cite this