Gerardo Morales

Timed Extended Invariants for the Passive Testing of Web Services

The service-oriented approach is becoming more and more popular to integrate highly heterogeneous systems. Web services are the natural evolution of conventional middleware technologies to support Web-based and enterprise level integration. Formal testing of such Web-based technology is a key point to guarantee its reliability. In this paper, we choose a non-intrusive approach based on monitoring to propose a conformance passive testing methodology to check that a composed Web service respects its functional requirements. This methodology is based on a set of formal invariants representing properties to be tested including data and time constraints. Passive testing of an industrial system (that uses a composition of Web services) is briefly presented to demonstrate the effectiveness of the proposed approach.

Behavior evaluation for trust management based on formal distributed network monitoring

Collaborative systems are growing in use and in popularity. The need to boost the methods concerning the interoperability is growing as well; therefore, trustworthy interactions of the different systems are a priority. The systems need to interact with users and other applications. The decision regarding with whom and how to interact with other users or applications depends on each application or system. In this paper, we focus on providing trust verdicts by evaluating the behaviors of different agents, making use of distributed network monitoring. This will provide trust management systems based on “soft trust” information regarding a trustee experience. We propose a formal distributed network monitoring approach to analyze the packets exchanged by the entities, in order to prove a system is acting in a trustworthy manner. Based on formal “trust properties”, we analyze the systems’ behaviors, then, we provide trust verdicts regarding those “trust properties”. Furthermore, automatized testing is performed using a suite of tools we have developed, and finally, our methodology is applied to a real industrial DNS use case scenario.

Testing trust properties using a formal distributed network monitoring approach

Collaborative systems are growing in use and in popularity. The need to boost the methods concerned by the interoperability is growing as well; making thus trustworthy interactions of the different systems a priority. The systems need to interact with users and with other applications in trusting each other. The decision regarding with who and how to interact with other users or applications depends on each application or system. In this paper, we focus on “soft trust”, that is trust management systems based on observations of the trustee behaviors to evaluate the trustee experience. Furthermore, we propose a formal distributed network monitoring approach to analyze the packets that the trustor and trustee exchange in order to prove the trustee is acting in a trustworthy manner. Based on formal “trust properties” defining the analyzed systems, the monitored systems behaviors on which these properties are checked provide, through testing verdicts, an evaluation of the trustor/trustee. Finally, our methodology is applied to a real industrial DNS use case scenario.

Regression and Performance Testing of an e-Learning Web Application: dotLRN

Along with the continuous development of big and complex Web applications such as dotLRN, it is mandatory to execute in a scheduled way a set of test cases to assure its functional stability and to make sure that the Web application still runs whatever the modifications applied to the implementation. This article highlights the importance of testing and presents the types of test that are needed to assure not just the stability but also the scalability of the dotLRN platform by testing some non-functional aspects. This article presents different methods that can be applied to test in general any Web application. Then a methodology to manually develop the test conformance in order to automatically test the regression of the implementation is proposed. Finally this paper presents our proposal to cover the performance and load tests of the dotLRN Web application.

Strip Interoperability for Wireless Ad Hoc Routing Protocols

Wireless Ad hoc Networks are rapidly growing in popularity because of their flexibility and wide range of applications (Indoor Communications, Intelligent Transportation, Emergency Operations, Public Safety, etc.). However, while it becomes easier to set up such networks, one of the main constraints is the heterogeneity of the nearby devices (or nodes). Moreover, it is still very difficult to make them communicate if these nodes use different routing protocols. In this paper, we present a novel approach that makes use of layer 3 protocols to guarantee interoperability between networks. We introduce the notion of Strip Interoperability, a new mechanism that aims to address this problem by creating a bridge between heterogeneous wireless ad hoc networks. An implementation of our approach through a real case study is shown to illustrate the applicability of our mechanism.

Testing Security Policies for Web Applications

Due to the increasing complexity of Web systems, security testing is becoming a critical activity to guarantee the respect of such systems to their security requirements. To challenge this issue, we rely in this paper on model based active testing. We first specify the Web system behavior using IF formalism. Second, we integrate security rules -modeled in Nomad language- within this IF model using specific algorithms. Then, we perform automatic test generation using a dedicated tool, called HJ2If, developed in our laboratory. Finally, we briefly present a Travel agency system as an ongoing case study to demonstrate the reliability of our framework.

A Reliable and Scalable Classification-Based Hybrid IPS

Intrusion Prevention Systems (IPS) are considered essential components that need to assure the reliability of information security. In terms of information security, incrementing the intrusion detection rate on anomaly attacks and decreasing the high false positive rate has been the two major concerns for every sysadmin. The huge amount of logs generated by different assets in the network are not always capable to be correlated and reviewed to determine possible security breaches. We implemented a new reliable and scalable classification-based hybrid IPS that can easily manage the processing of all the authentication log information of different IPSs in the network. This enhanced framework can determine in a more precise manner if a communication can be considered legitimate or an intrusion. This classification method increases the intrusion detection rate and decreases the false positive rate. Our main objective in this paper is to enforce redundancy on different modules of the framework. Our results show that a framework with these features can be easily deployed in networks to ensure reliable security.

Modeling and testing secure web applications

In modern networks, the heterogeneity and the increasing distribution of applications, such as telecommunication protocols,Web-based systems and real-time systems, make security management complex. These applications are more and more open and rely on networking parts of computer systems that generally make use of different solutions. In the context of the deployment of such applications and services, the security officials are led to empirically bring security solutions together. The consistency of these assemblies is difficult to achieve. Nowadays, many security features are available. We can cite for instance cryptographic protocols, management infrastructures of public keys (PKI), firewalls, control access mechanisms within operating systems and applications, intrusion detection systems or anti-viral mechanisms etc.

Modeling and Testing SecureWeb Applications

In modern networks, the heterogeneity and the increasing distribution of applications, such as telecommunication protocols,Web-based systems and real-time systems, make security management complex. These applications are more and more open and rely on networking parts of computer systems that generally make use of different solutions. In the context of the deployment of such applications and services, the security officials are led to empirically bring security solutions together. The consistency of these assemblies is difficult to achieve. Nowadays, many security features are available. We can cite for instance cryptographic protocols, management infrastructures of public keys (PKI), firewalls, control access mechanisms within operating systems and applications, intrusion detection systems or anti-viral mechanisms etc.

TEAR: A Multi-purpose Formal Language Specification for TEsting at Runtime

Collaborative systems are growing in use and in popularity. The need to boost the methods concerning the interoperability is growing as well, therefore, trustworthy interactions of the different systems are a priority. We have proposed a formal distributed network monitoring approach to analyze the packets exchanged by the entities, in order to prove a system is acting in a trustworthy manner. Using this approach, some limitations regarding the testers resources have been found. In this paper, we identify the constraints and propose and new language suited for testing at runtime in different environments.