On the limitations of finite state models as sources of tests for access control and authentication
Title:On the limitations of finite state models as sources of tests for access control and authentication
Speaker: Aditya Mathur (Purdue University)
Time: 3:00pm, Thursday July 26
Venue: Lecture room, Lab for Computer Science, Level 3 Building #5, Institute of Software, CAS
Two experiments were conducted to assess the “goodness” of finite state models as sources of tests for testing implementations of access control and authentication. The traditional finite state machine (FSM) and UML
statechart models were considered. In one experiment an FSM served as a model of the expected behavior of an implementation required to enforce a Role Based Access Control policy. While the tests generated from the FSM show excellent fault detection effectiveness, they are astronomical in number. Several heuristics were then used to reduce the model size, and hence the number of tests. The heuristics led to a practical technique for test generation though the tests generated show lower fault detection effectiveness. In another experiment a statechart was used to model the expected behavior of an implementation of the TLS protocol. Tests were
then generated from the flattened and reduced version of this statechart using the testing tree method. Execution of the GnuTLS implementation against the generated tests revealed a significant chunk of untested code as indicated by MC/DC coverage. A “what if” analysis revealed that errors in the untested code may turn out to be serious security vulnerabilities. Both experiments reveal the limitations of model based testing and suggest the use of at least one orthogonal technique to supplement tests generated by finite state models.
Aditya Mathur is the Head of and professor in the department of Computer Science at Purdue University, West Lafayette, Indiana. His research is in software testing and reliability. His contributions include the saturation
effect, coverage based models of software reliability, techniques for software testing on high performance computers, empirical comparison of various code coverage criteria, and new approaches to the control of
software development processes. His most recent book, titled “Foundations of Software Testing,” is to appear in August 2007. This book is intended to be a text for undergraduate and graduate courses in Software Testing
and intends to take education in software testing to the same level of sophistication and respect as some other areas in Computer Science.