The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The European Test Symposium 2017 (ETS’17) was held at Amathus Beach Hotel, Limassol, Cyprus, 22–26 May 2017. ETS has been established as one of the main international forums and the larger forum in Europe that brings together the academic and industrial test community to discuss emerging ideas, views, and trends in the area of electronic-based circuits and system testing. ETS’17 was organized by the...
With recent advances and demands for data storage, new architectures for data controller chips are picking pace. Accordingly, the test methodologies for such chips are also becoming crucial since the large shipping volumes of those chips demand very few field returns. Along with the advances there is a need for a robust test strategy with some novel techniques which can be enabled to test the SOC...
In this paper we present a case study of applying fitness dimensions in API design assessment. We argue that API assessment is company specific and should take into consideration various stakeholders in the API ecosystem. We identified new fitness dimensions and introduced the notion of design considerations for fitness dimensions such as priorities, tradeoffs, and technical versus cognitive classification.
With a growing amount of transferred data in an interconnected world, the insurance of a secure communication between two peers becomes a critical task in the software industry. A leak of critical data can cause tremendous costs in a financial, social but also political manner. For this sake, cryptographic protocols are implemented and regulate the data transfer, thus ensuring the safety of transferred...
This talk presents results recently published in Software Testing, Verification and Reliability. In recent years, important efforts have been made for offering a dedicated language for modelling and verifying/proving security protocols. However, verifying the security protocol model does not guarantee that the actual implementation of the protocol will fulfil these properties. In this talk we present...
Issues related to verification and security are increasingly important in modern electronic systems. In particular, the huge complexity of electronic systems has led to growth in quality, reliability and security needs in several application domains as well as pressure for low cost products. There is a corresponding increasing demand for costeffective verification techniques and security solutions...
Identifying hot items have been found useful in many network monitoring applications to detect network anomalies. There are different variants of this problem and we work on a special case where the traffic of the hot items are distributed in multiple dynamic data streams. Most of the existing methods for identifying hot items do not work for our problem, except one which used Group Testing based...
A number of well-established software quality metrics are in use in code testing. It is our position that for many code-testing metrics for security equivalent requirements level metrics should be defined. Such requirements-level security metrics should be used in evaluating the quality of software security early on, in order to ensure that the resultant software system possesses the required security...
This paper argues about a new conceptual modeling language for the White-Box (WB) security analysis. In the WB security domain, an attacker may have access to the inner structure of an application or even the entire binary code. It becomes pretty easy for attackers to inspect, reverse engineer, and tamper the application with the information they steal. The basis of this paper is the 14 patterns developed...
Industrial control systems (ICS) are at the heart of critical infrastructures and security is therefore important for such systems. In order to determine the security level of existing and planned systems, ICS products should be efficiently and comprehensively assessed. In this paper we present a methodology for assessing the security of a product or a system that can be used by security experts and...
In the Internet of services (IoS), web applications are the most common way to provide resources to the users. The complexity of these applications grew up with the number of different development techniques and technologies used. Model-based testing (MBT) has proved its efficiency in software testing but retrieving the corresponding model of an application is still a complex task. In this paper,...
In this paper we present a modeling formal framework to specify nets of virtual organizations. In these nets are defined not only the employees that are working in each organization but also there are included some properties that allow to ensure the security. This framework makes it easier to write and understand the security properties behavior. In addition to the syntax and semantics we provide...
Over the last fifteen years, Web applications have evolved from the early simple and hyper-text based ones into the more complex, interactive, usable and adaptive applications of the new generations. New paradigms, architectures, and technologies for developing Web-based systems continuously emerge and transform this specific context. At the same time, new techniques and tools for effectively testing...
From its inception in 1999 to its fifteenth anniversary in 2013, the Web Systems Evolution (WSE) series of events have provided a forum for researchers and practitioners to present original work on subjects related to the disciplined evolution of large-scale Web sites and the development and deployment of Web applications. This paper summarizes the central themes of WSE over the years, with a brief...
Penetration testing is a time consuming process which combines different mechanisms (security standards, protocols, best practices, vulnerability databases, techniques and guidelines) to evaluate computer systems and network vulnerabilities. It's main goal is to identify security weaknesses by using methods and procedures that are commonly used by malicious attackers. Furthermore, the best companies...
The European ITEA2 project DIAMONDS (Development and Industrial Application of Multi-Domain Security Testing Technologies) develops under the direction of Fraunhofer FOKUS, Berlin efficient and automated security test methods for security-critical, networked systems in various industrial domains such as industrial automation, banking and telecommunications. DIAMONDS develops methods to design objective,...
We present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algorithm (GA). GA uses the learned formal model to automatically generate inputs with better fitness values...
The correctness of mission-critical software is an important part of information security, but oracle problem and test data generation are constraints for some programs. Although metamorphic testing (MT) is practical for programs with oracle problem and evolutionary testing (ET) is a good application of genetic algorithm (GA) for automatic test data generation, fitness functions used in ET are not...
Software testing is one of the most time consuming activities in the software development cycle. Current research suggests that aspect-oriented programming (AOP) can enhance testing and has the potential to be more effective than macros or test interfaces. There are two major weaknesses when using aspects which are the inability of aspect code to be woven at all execution points and the lack of direct...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.