Title :
Model inference and security testing in the spacios project
Author :
Buchler, Marco ; Hossen, Karim ; Mihancea, P.F. ; Minea, Marius ; Groz, Roland ; Oriat, Catherine
Author_Institution :
Tech. Univ. Munchen, Munich, Germany
Abstract :
The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One is based on remote interaction (typically through an HTTP connection) to observe the runtime behaviour and infer a model in black-box mode. The other is based on analysis of application code when available. This paper presents the reverse engineering parts of the project, along with an illustration of how vulnerabilities can be found with various SPaCIoS tool components on a typical security benchmark.
Keywords :
Web services; hypermedia; program diagnostics; program verification; reverse engineering; security of data; specification languages; transport protocols; HTTP connection; SPaCIos project; Web applications; application code analysis; black-box mode; dedicated specification language; model checking; model inference; mutation-based testing; remote interaction; reverse engineering; runtime behaviour; security benchmark; security testing; tool collection; Abstracts; Analytical models; Concrete; Crawlers; Security; Semantics; Testing; Control Flow Inference; Data-Flow Inference; Reverse-Engineering; Security; Web Application;
Conference_Titel :
Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), 2014 Software Evolution Week - IEEE Conference on
Conference_Location :
Antwerp
DOI :
10.1109/CSMR-WCRE.2014.6747207
