Elizabeta Fourneret

Selective Test Generation Method for Evolving Critical Systems

We present in this paper the implementation of a model-based testing technique for evolving systems. These latters are described in UML using class/object diagrams and state charts, augmented with OCL constraints. Based on two versions of a given model, an automated process deduces the impact of model evolutions on the existing tests. Our methodology then classifies tests into different test suites to test evolution, regression, stagnation and deletion on the concrete system. We introduce the notion of tests and test suites life cycles that help defining the purpose of each test at a given step of the system evolution, and thus, their classification in different test suites. The approach is illustrated on a realistic case study, and the improvements w.r.t. other regression testing techniques are discussed.

SeTGaM: Generalized Technique for Regression Testing Based on UML/OCL Models

In this paper we introduce SeTGaM, a Model-Based Regression Testing (MBRT) approach based on UML/OCL behavioral models. SeTGaM is a test selection and classification approach that also generates new tests to cover new functionalities of a new version of a system. We extract the behavior of the system from guards/transitions of state charts or pre/post conditions in operations of class diagrams to which we apply impact analysis. This makes it possible to apply our approach to models that use state charts and class diagrams or models without state charts (that only consist of class diagrams). This makes the technique applicable to a larger number of industrial systems. We also propose to reduce the number of false positive dependencies by using a constraint solver. We implemented our approach as plug in for IBM Rational Software Architect and evaluated the tool on two case study systems including an industrial system from the smart card domain. The evaluation confirms that the approach is effective in identifying changes and reducing the effort needed to test a new version of the system. The results also show that the approach is efficient with execution times between 2-3 minutes for most cases. SeTGaM was also able to precisely identify all modification revealing tests.

Evolution of security engineering artifacts: a state of the art survey

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research.

Model-Based Testing as a Service for IoT Platforms

The Internet of Things (IoT) has increased its footprint becoming globally a ‘must have’ for today’s most innovative companies. Applications extend to multitude of domains, such as smart cities, healthcare, logistics, manufacturing, etc. Gartner Group estimates an increase up to 21 billion connected things by 2020. To manage ‘things’ heterogeneity and data streams over large scale and secured deployments, IoT and data platforms are becoming a central part of the IoT. To respond to this fast growing demand we see more and more platforms being developed, requiring systematic testing. Combining Model-Based Testing (MBT) technique and a service-oriented solution, we present Model-Based Testing As A Service (MBTAAS) for testing data and IoT platforms. In this paper, we present a first step towards MBTAAS for data and IoT Platforms, with experimentation on FIWARE, one of the EU most emerging IoT enabled platforms.

Using UML for Modeling Procedural Legal Rules: Approach and a Study of Luxembourg’s Tax Law

Many laws, e.g., those concerning taxes and social benefits, need to be operationalized and implemented into public administration procedures and eGovernment applications. Where such operationalization is warranted, the legal frameworks that interpret the underlying laws are typically prescriptive, providing procedural rules for ensuring legal compliance. We propose a UML-based approach for modeling procedural legal rules. With help from legal experts, we investigate actual legal texts, identifying both the information needs and sources of complexity in the formalization of procedural legal rules. Building on this study, we develop a UML profile that enables more precise modeling of such legal rules. To be able to use logic-based tools for compliance analysis, we automatically transform models of procedural legal rules into the Object Constraint Language (OCL). We report on an application of our approach to Luxembourg’s Income Tax Law providing initial evidence for the feasibility and usefulness of our approach.

Security certification and labelling in Internet of Things

In recent years, security and privacy aspects of IoT have received considerable attention from the industry and research communities. Because IoT will be more pervasive in the everyday life of the citizens, and it may be used in safety related applications (e.g., road transportation), its security threats may be more damaging than conventional Internet threats. Due to processing and memory constraints, the provision of security functions could be quite challenging in IoT. In addition, IoT devices must operate in a dynamic environment in terms of communication interfaces and fast upgrade cycle (e.g., patching), which imposes severe security requirements to designer and developers. Privacy aspects are also relevant because of the large amount of data collected by IoT sensors. In this context, the security certification of IoT devices is an important element to support the development and deployment of trusted IoT systems and applications. The objective of this paper is to investigate IoT security certification taking into consideration the current security certification frameworks, standards, and their related limitations identified by the industry and research communities. This paper proposes a new approach for security certification in IoT, which addresses the identified limitations and links formal models to testing and certification.

Improving Internet of Things device certification with policy-based management

The fast growing rate of the IoT systems with strong pressure to put devices on the market as soon as possible makes these systems vulnerable targets for cyber criminals, as recently seen in the Mirai botnet Distributed Denial-of-Service (DDoS) attack. A way to mitigate these threats is to enforce a comprehensive security certification process of IoT devices based on common standards. In this paper, we present an approach to improve certification of IoT devices using a combination of model-based testing and policy-based management in order to detect post certification vulnerabilities and act on them by introducing runtime policy enforcement capabilities. More precisely, we address these attacks using policy enforcement in order to correct vulnerable IoT device behavior and protect users even if security and privacy were not properly addressed by the device manufactures. We describe the details of our approach and, focusing on authorization vulnerabilities, we present a case study for the oneM2M standard showing how our solution can be applied in practice.

Orchestrating security and system engineering for evolving systems

How to design a security engineering process that can cope with the dynamic evolution of Future Internet scenarios and the rigidity of existing system engineering processes? The SecureChange approach is to orchestrate (as opposed to integrate) security and system engineering concerns by two types of relations between engineering processes: (i) vertical relations between successive security-related processes; and (ii) horizontal relations between mainstream system engineering processes and concurrent security-related processes. This approach can be extended to cover the complete system/ software lifecycle, from early security requirement elicitation to runtime configuration and monitoring, via high-level architecting, detailed design, development, integration and design-time testing. In this paper we illustrate the high-level scientific principles of the approach.

Model-Based Testing for Internet of Things Systems

Abstract The Internet of Things (IoT) is nowadays globally a mean of innovation and transformation for many companies. Applications extend to a large number of domains, such as smart cities, smart homes, and health care. The Gartner Group estimates an increase up to 21 billion connected things by 2020. The large span of “things” introduces problematic aspects, such as interoperability due to the heterogeneity of communication protocols and the lack of a globally accepted standard. The large span of usages introduces problems regarding secure deployments and scalability of the network over large-scale infrastructures. This chapter describes the challenges for the IoT testing, includes state-of-the-art testing of IoT systems using models, and presents a model-based testing as a service approach to respond to its challenges through demonstrations with real use cases involving two of the most accepted standards worldwide: FIWARE and oneM2M.

Complementary test selection criteria for model-based testing of security components

This article presents a successful industrial application of a model-based testing approach to the validation of security components. We present a smart combination of three test selection criteria applied to testing security requirements of components such as Hardware Security Modules. This combination relies on the use of static test selection criteria, namely structural model coverage, complemented by dynamic test selection criteria, based on abstract test scenarios or temporal properties, designed to target corner cases of security functional requirements. Our approach is implemented in an industrial and scalable MBT tool. We evaluated and successfully applied it on three real-world security components. The outcome of these experiences showed that the three test selection criteria target distinct kinds of errors in the software and are able to reveal inconsistencies in the specification. Moreover, a 5-year experience of working with both manufacturers and evaluators of security components, along with other industrial collaborations, showed that the approach is easy to adopt in the industry and the time spent to learn the methodology is negligible with respect to its benefits. Finally, the approach can be completely applied in a more general context on systems that underlay thorough validation of compliance to specifications or audits.