Towards Security-aware Mutation Testing

Thomas Loise; Xavier Devroey; Gilles Perrouin; Mike Papadakis; Patrick Heymans

doi:10.1109/icstw.2017.24

Towards Security-aware Mutation Testing

Thomas Loise, Xavier Devroey, Gilles Perrouin, Mike Papadakis, Patrick Heymans

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférence › Article dans les actes d'une conférence/un colloque

89 Téléchargements (Pure)

Résumé

Mutation analysis forms a popular software analysis technique that has been demonstrated to be useful in supporting multiple software engineering activities. Yet, the use of mutation analysis in tackling security issues has received little attention. In view of this, we design security aware mutation operators to support mutation analysis. Using a known set of common security vulnerability patterns, we introduce 15 security-aware mutation operators for Java. We then implement them in the PIT mutation engine and evaluate them. Our preliminary results demonstrate that standard PIT operators are unlikely to introduce vulnerabilities similar to ours. We also show that our security-aware mutation operators are indeed applicable and prevalent on open source projects, providing evidence that mutation analysis can support security testing activities.

langue originale	Anglais
titre	Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017
Sous-titre	Mutation 2017
Editeur	IEEE
Pages	97-102
Nombre de pages	6
ISBN (Electronique)	9781509066766
Les DOIs	https://doi.org/10.1109/icstw.2017.24
Etat de la publication	Publié - 13 mars 2017
Evénement	12th International Workshop on Mutation Analysis (Mutation 2017) - Tokyo, Japon Durée: 13 mars 2017 → 13 mars 2017 Numéro de conférence: 12 https://sites.google.com/site/mutation2017/

Série de publications

Nom	Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017

Comité scientifique

Comité scientifique	12th International Workshop on Mutation Analysis (Mutation 2017)
Titre abrégé	Mutation 2017
Pays/Territoire	Japon
La ville	Tokyo
période	13/03/17 → 13/03/17
Adresse Internet	https://sites.google.com/site/mutation2017/

Accès au document

10.1109/icstw.2017.24

Mutation2017
IEEE Copyright Notice © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 135 KBLicense: autre

Autres fichiers et liens

Link to publication in Scopus

Thesis-X-Devroey: Behavioural Model Based Testing of Software Product Lines
Devroey, X., Heymans, P., Schobbens, P. Y. & Perrouin, G.
1/09/11 → 30/08/17
Projet: Projet de thèse

Contient cette citation

Loise, T., Devroey, X., Perrouin, G., Papadakis, M., & Heymans, P. (2017). Towards Security-aware Mutation Testing. Dans Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017: Mutation 2017 (p. 97-102). Article 7899041 (Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017). IEEE. https://doi.org/10.1109/icstw.2017.24

Loise, Thomas ; Devroey, Xavier ; Perrouin, Gilles et al. / Towards Security-aware Mutation Testing. Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017: Mutation 2017. IEEE, 2017. p. 97-102 (Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017).

@inproceedings{c4a7f023d7a348b0a221898cc862d0f0,

title = "Towards Security-aware Mutation Testing",

abstract = "Mutation analysis forms a popular software analysis technique that has been demonstrated to be useful in supporting multiple software engineering activities. Yet, the use of mutation analysis in tackling security issues has received little attention. In view of this, we design security aware mutation operators to support mutation analysis. Using a known set of common security vulnerability patterns, we introduce 15 security-aware mutation operators for Java. We then implement them in the PIT mutation engine and evaluate them. Our preliminary results demonstrate that standard PIT operators are unlikely to introduce vulnerabilities similar to ours. We also show that our security-aware mutation operators are indeed applicable and prevalent on open source projects, providing evidence that mutation analysis can support security testing activities. ",

keywords = "mutation analysis, mutation operators, security testing, PIT, FindBugs, Security Testing, Mutation operators, Mutation analysis",

author = "Thomas Loise and Xavier Devroey and Gilles Perrouin and Mike Papadakis and Patrick Heymans",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE. Copyright: Copyright 2017 Elsevier B.V., All rights reserved.; 12th International Workshop on Mutation Analysis (Mutation 2017), Mutation 2017 ; Conference date: 13-03-2017 Through 13-03-2017",

year = "2017",

month = mar,

day = "13",

doi = "10.1109/icstw.2017.24",

language = "English",

series = "Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017",

publisher = "IEEE",

pages = "97--102",

booktitle = "Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017",

url = "https://sites.google.com/site/mutation2017/",

}

Loise, T, Devroey, X , Perrouin, G, Papadakis, M & Heymans, P 2017, Towards Security-aware Mutation Testing. Dans Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017: Mutation 2017., 7899041, Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017, IEEE, p. 97-102, 12th International Workshop on Mutation Analysis (Mutation 2017), Tokyo, Japon, 13/03/17. https://doi.org/10.1109/icstw.2017.24

Towards Security-aware Mutation Testing. / Loise, Thomas; Devroey, Xavier ; Perrouin, Gilles et al.
Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017: Mutation 2017. IEEE, 2017. p. 97-102 7899041 (Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017).

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférence › Article dans les actes d'une conférence/un colloque

TY - GEN

T1 - Towards Security-aware Mutation Testing

AU - Loise, Thomas

AU - Devroey, Xavier

AU - Perrouin, Gilles

AU - Papadakis, Mike

AU - Heymans, Patrick

N1 - Conference code: 12

PY - 2017/3/13

Y1 - 2017/3/13

N2 - Mutation analysis forms a popular software analysis technique that has been demonstrated to be useful in supporting multiple software engineering activities. Yet, the use of mutation analysis in tackling security issues has received little attention. In view of this, we design security aware mutation operators to support mutation analysis. Using a known set of common security vulnerability patterns, we introduce 15 security-aware mutation operators for Java. We then implement them in the PIT mutation engine and evaluate them. Our preliminary results demonstrate that standard PIT operators are unlikely to introduce vulnerabilities similar to ours. We also show that our security-aware mutation operators are indeed applicable and prevalent on open source projects, providing evidence that mutation analysis can support security testing activities.

AB - Mutation analysis forms a popular software analysis technique that has been demonstrated to be useful in supporting multiple software engineering activities. Yet, the use of mutation analysis in tackling security issues has received little attention. In view of this, we design security aware mutation operators to support mutation analysis. Using a known set of common security vulnerability patterns, we introduce 15 security-aware mutation operators for Java. We then implement them in the PIT mutation engine and evaluate them. Our preliminary results demonstrate that standard PIT operators are unlikely to introduce vulnerabilities similar to ours. We also show that our security-aware mutation operators are indeed applicable and prevalent on open source projects, providing evidence that mutation analysis can support security testing activities.

KW - mutation analysis

KW - mutation operators

KW - security testing

KW - PIT

KW - FindBugs

KW - Security Testing

KW - Mutation operators

KW - Mutation analysis

UR - http://www.scopus.com/inward/record.url?scp=85018446786&partnerID=8YFLogxK

U2 - 10.1109/icstw.2017.24

DO - 10.1109/icstw.2017.24

M3 - Conference contribution

T3 - Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017

SP - 97

EP - 102

BT - Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017

PB - IEEE

T2 - 12th International Workshop on Mutation Analysis (Mutation 2017)

Y2 - 13 March 2017 through 13 March 2017

ER -

Loise T, Devroey X , Perrouin G, Papadakis M, Heymans P. Towards Security-aware Mutation Testing. Dans Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017: Mutation 2017. IEEE. 2017. p. 97-102. 7899041. (Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017). doi: 10.1109/icstw.2017.24

Towards Security-aware Mutation Testing

Résumé

Série de publications

Comité scientifique

Accès au document

Autres fichiers et liens

Empreinte digitale

Projets

Thesis-X-Devroey: Behavioural Model Based Testing of Software Product Lines

Contient cette citation