Bruno Legeard

Hoist scheduling problem: an approach based on constraint logic programming

Scheduling the movements of a hoist in printed circuit board electroplating is known is the hoist scheduling problem (HSP). The objective of the HSP is to find an optimal cyclic sequence of moves for hoists. Results are already available for this problem, using classical operational research tools. They are briefly presented. Most of the proposed solutions are limited to the very specific initial model and are consequently difficult to apply in industrial problems. The constraint logic programming (CLP) approach to the problem is presented. A CLP model of the problem that allows modeling and solving more realistic cases is presented, and the results and the analysis of the solutions are outlined.<<ETX>>

Risk-Based Vulnerability Testing Using Security Test Patterns

This paper introduces an original security testing approach guided by risk assessment, by means of risk coverage, to perform and automate vulnerability testing for Web applications. This approach, called Risk-Based Vulnerability Testing, adapts Model-Based Testing techniques, which are mostly used currently to address functional features. It also extends Model-Based Vulnerability Testing techniques by driving the testing process using security test patterns selected from risk assessment results. The adaptation of such techniques for Risk-Based Vulnerability Testing defines novel features in this research domain. In this paper, we describe the principles of our approach, which is based on a mixed modeling of the System Under Test: the model used for automated test generation captures some behavioral aspects of the Web applications, but also includes vulnerability test purposes to drive the test generation process.

Recent Advances in Model-Based Testing

This chapter gives an overview of the field of model-based testing (MBT), particularly the recent advances in the last decade. It gives a summary of the MBT process, the modeling languages that are currently used by the various communities who practice MBT, the technologies used to generate tests from models, and discusses best practices, such as traceability between models and tests. It also briefly describes several findings from a recent survey of MBT users in industry, outlines the increasingly popular use of MBT for security testing, and discusses future challenges for MBT.

Applying a def-use approach on signal exchange to implement SysML model-based testing

Model-Based Testing (MBT) uses a model of the System Under Test as reference to automatically derive test cases. Since it is often not reasonable to cover all the behaviours formalized in the model, coverage criteria are applied to select a relevant subset of model behaviours. In this paper, we propose a dedicated test coverage criterion, based on Def-Use criteria on signal exchange, to implement MBT approach from Systems Modeling Language (SysML) test models to validate mechatronic systems. This novel criterion is introduced and the relevance of the approach from SysML models is discussed regarding results obtained with a dedicated MBT toolchain implementing this criterion.

Model-Based Testing for Internet of Things Systems

Abstract The Internet of Things (IoT) is nowadays globally a mean of innovation and transformation for many companies. Applications extend to a large number of domains, such as smart cities, smart homes, and health care. The Gartner Group estimates an increase up to 21 billion connected things by 2020. The large span of “things” introduces problematic aspects, such as interoperability due to the heterogeneity of communication protocols and the lack of a globally accepted standard. The large span of usages introduces problems regarding secure deployments and scalability of the network over large-scale infrastructures. This chapter describes the challenges for the IoT testing, includes state-of-the-art testing of IoT systems using models, and presents a model-based testing as a service approach to respond to its challenges through demonstrations with real use cases involving two of the most accepted standards worldwide: FIWARE and oneM2M.

Complementary test selection criteria for model-based testing of security components

This article presents a successful industrial application of a model-based testing approach to the validation of security components. We present a smart combination of three test selection criteria applied to testing security requirements of components such as Hardware Security Modules. This combination relies on the use of static test selection criteria, namely structural model coverage, complemented by dynamic test selection criteria, based on abstract test scenarios or temporal properties, designed to target corner cases of security functional requirements. Our approach is implemented in an industrial and scalable MBT tool. We evaluated and successfully applied it on three real-world security components. The outcome of these experiences showed that the three test selection criteria target distinct kinds of errors in the software and are able to reveal inconsistencies in the specification. Moreover, a 5-year experience of working with both manufacturers and evaluators of security components, along with other industrial collaborations, showed that the approach is easy to adopt in the industry and the time spent to learn the methodology is negligible with respect to its benefits. Finally, the approach can be completely applied in a more general context on systems that underlay thorough validation of compliance to specifications or audits.

Achieving SCA Conformance Testing with Model-Based Testing

The Software Communications Architecture (SCA) is a software architecture provided and published by the Joint Tactical Networking Center (JTNC). Facing the multiplicity of the waveforms and the diversity of the platform architectures and form factors, the original aims of the SCA are to facilitate the waveform development in terms of portability and waveform deployments onto heterogeneous Software Defined Radio (SDR) platforms. In this paper, we present an approach using Model-Based Testing (MBT) to ensure the conformance of a software radio platform with SCA requirements. In this approach, an MBT model is developed on the basis of SCA specifications, and conformance tests and scripts are generated and then run on the targeted software radio platform. This approach has been developed within a French research project, called OSeP, with results regarding modeling for automated test generation for SCA conformance testing. The techniques involved in this project focus on functional requirements and automatically generate Java executable test scripts, which aim to evaluate the functional conformance of the software implementation with respect to their associated requirements.

Risk-Driven Vulnerability Testing: Results from eHealth Experiments Using Patterns and Model-Based Approach

This paper introduces and reports on an original tooled risk-driven security testing process called Pattern-driven and Model-based Vulnerability Testing. This fully automated testing process, drawing on risk-driven strategies and Model-Based Testing MBT techniques, aims to improve the capability of detection of various Web application vulnerabilities, in particular SQL injections, Cross-Site Scripting, and Cross-Site Request Forgery. It is based on a mixed modeling of the system under test: an MBT model captures the behavioral aspects of the Web application, while formalized vulnerability test patterns, selected from risk assessment results, drive the overall test generation process. An empirical evaluation, conducted on a complex and freely-accessible eHealth system developed by Info World, shows that this novel process is appropriate for automatically generating and executing risk-driven vulnerability test cases and is promising to be deployed for large-scale Web applications.

Une procédure de décision pour un problème de satisfiabilité dans un univers ensembliste héréditairement fini

In this paper, we deal with the satisfiability problem for systems of constraints over hereditarily finite sets. This problem is central for integrating sets in programming languages, and particularly for constraint logic programming languages. The approach we propose here is based on reducing systems of set constraints into systems of linear integer equalities and inequalities (with bounded domain). The complexity of the reduction is on O(n 3 ).

Sequences constraint solving in constraint logic programming

This paper deals with consistency techniques over sequences constraints embedded in Constraint Logic Programming CLPS. CLP Sequences constraints are defined over Hereditarily Homogeneous Finite Sets HHFS built on atomic elements to characterise a family of admissible sequences. The relations we are dealing with are classical sets relations (/spl isin/,/spl sub/,=,/spl ne/) and sequencing relations as potential, metric and range constraints. We define the semantics of these relations with a characteristic range function. The consistency techniques used are incremental reduction of the normal form based on a tree like representation called P-Q-R trees. This allows us to reduce the set of admissible sequences before generating solutions.<<ETX>>