Ina Schieferdecker

A taxonomy of risk-based testing

Software testing has often to be done under severe pressure due to limited resources and a challenging time schedule facing the demand to assure the fulfillment of the software requirements. In addition, testing should unveil those software defects that harm the mission-critical functions of the software. Risk-based testing uses risk (re-)assessments to steer all phases of the test process to optimize testing efforts and limit risks of the software-based system. Due to its importance and high practical relevance, several risk-based testing approaches were proposed in academia and industry. This paper presents a taxonomy of risk-based testing providing a framework to understand, categorize, assess, and compare risk-based testing approaches to support their selection and tailoring for specific purposes. The taxonomy is aligned with the consideration of risks in all phases of the test process and consists of the top-level classes risk drivers, risk assessment, and risk-based test process. The taxonomy of risk-based testing has been developed by analyzing the work presented in available publications on risk-based testing. Afterwards, it has been applied to the work on risk-based testing presented in this special section of the International Journal on Software Tools for Technology Transfer.

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. nModel-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

Model-Based Testing

Model-based testing (MBT) strives to automatically and systematically generate test cases. In this column, Ina Schieferdecker introduces MBT technologies and methods.

Applying Model Checking to Generate Model-Based Integration Tests from Choreography Models

Choreography models describe the communication protocols between services. Testing of service choreographies is an important task for the quality assurance of service-based systems as used e.g. in the context of service-oriented architectures (SOA). The formal modeling of service choreographies enables a model-based integration testing (MBIT) approach. We present MBIT methods for our service choreography modeling approach called Message Choreography Models (MCM). For the model-based testing of service choreographies, MCMs are translated into Event-B models and used as input for our test generator which uses the model checker ProB.

Software service engineering: Tenets and challenges

Service-Oriented Architecture (SOA) constitutes a modern, standards-based and technology-independent paradigm and architectural style for distributed enterprise computing. The SOA style promotes the publishing, discovery, and binding of loosely-coupled, network-accessible software services. With SOA systems operating in distributed and heterogeneous execution environments, the engineers of such systems are confined by the limits of traditional software engineering. In this position paper, we scrutinize the fundamental tenets underpinning the development and maintenance of SOA systems. In particular, we introduce software service engineering as an emerging discipline that entails a departure from traditional software engineering disciplines, embracing the ‘open world assumption’. We characterize software service engineering via seven defining tenets. Lastly, we survey related research challenges.

Test Data Provision for ERP Systems

Software development and testing of enterprise resource planning (ERP) systems demands dedicated methods to tackle its special features. As manual testing is not able to systematically test ERP systems due to the involved complexity, an effective testing approach should be automated, also requiring that the appropriate test data has to be provided alongside. In this paper we identify four main challenges regarding the provision of test data for automatic testing of ERP software: system test data supply, system test data stability, input test data constraints and test data correlation. Several possible solutions to these challenges are discussed. We conclude with an outlook to possible research activities.

Testing Embedded Real Time Systems with TTCN-3

The problems of testing software based systems that, like automobiles, steadily increase in complexity are still not solved. To cope with the requirements and complexities of todays systems, adequate test solutions are needed, which at least feature a minimum of flexibility, reusability and abstraction. The Testing and Test Control Notation TTCN-3 is a test specification language, which was originally developed to meet the requirements of testing telecommunication systems. The language is modular, well-structured, standardized and supports testing of communicating systems. However, the correctness of a large number of embedded systems can not be assessed by checking functional requirements only. In addition to that non-functional requirements, especially time related input-output behavior, have to be considered. The current version of TTCN-3 has only limited capabilities for testing such non-functional properties. To overcome these limitations we will extend TTCN-3 with a small set of specific language means that are dedicated to check real-time properties of embedded system. We will explain the syntax and semantics of the new constructs, compare our solution with the expressiveness of standard TTCN-3 and, as a proof of concept, provide a small example from the automotive domain that particularly motivate the use of TTCN-3 in the context of AUTOSAR.

Design of a Test Framework for Automated Interoperability Testing of Healthcare Information Systems

One of the challenges of evolving Healthcare Information Systems used in healthcare domain is their interoperability. Interoperability not only permits healthcare institutes to take advantage of using heterogeneous solutions from different vendors but it also offers the basis for creating a larger range of services at the edge of medicine/healthcare and information technology. New services can be created in a consistent way based on common approaches of structuring and representing healthcare data. This paper presents a test framework for testing interoperability of eHealth systems. As a major result, the test framework is designed for test automation and extendability with respect to test configurations and test cases.

Requirements-Driven Testing with Behavior Trees

Requirements engineering is vital for a software development projects success or failure. As todays software systems are getting more and more complex, their related requirements specifications contain often hundreds, even thousands of natural language requirements. The so called behavior engineering developed by Geoff Dromey is suitable to handle the complexity of large-scale software requirements specification by relying on a scalable requirements formalization methodology. The outcome of that methodology is a requirements model in the behavior tree notation, describing the intended, externally visible behavior of the system. By deliberately extending the behavior engineering methodology with testing activities, those requirements models can be further exploited for testing purposes like system and acceptance level testing. This also addresses the common challenge in model-based testing scenarios, namely the availability of a meaningful test model. By reusing a testable requirements model, both the system and test model can be derived from the same specification, since all requirements are intended to be captured in the requirements model properly and consistently. In this paper, we present an approach of how behavior trees can be extended with testing activities to leverage the definition of test requirements. We also briefly discuss how augmenting test-related information to make the requirements model more complete in terms of the IEEE830 standard.

On the interplay of open data, cloud services and network providers towards electric mobility in smart cities

Quality of life in an urban environment depends strongly on ecological, social and mobility aspects. A major innovation in that context is given by the emergence of electric vehicles. Additionally, the explosive growth of social networks has shown how the Internet can be used to maintain and create communities, thereby bringing mutual benefits to the involved participants. Combining both, there is an obvious potential for the realization of collaborative electric vehicle sharing within a city. In this paper, we investigate one of the key aspects required to realize the vision of electric vehicle sharing - a cloud infrastructure for handling the required data. We propose a distributed architecture for the realization of such data cloud. Further, we demonstrate how ISP networks and the electric mobility data cloud can collaborate in order to provide efficient streaming of continuous data.