scholarly journals A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion

2020 ◽  
Author(s):  
Qianmu Li ◽  
Shunmei Meng ◽  
Hanrui Zhang ◽  
Yaozong Liu ◽  
Haiyuan Shen ◽  
...  
Keyword(s):  
Test Methods ◽  
Sensor Data ◽  
Test Cases ◽  
Industrial Control ◽  
Code Coverage ◽  
Fuzz Testing ◽  
Internet Control ◽  
Industrial Internet ◽  
Control Terminal ◽  
Taint Tracking

Abstract The safety of Industrial Internet Control Systems has been a hotspot in the information security. To meet needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such security threats, academia and industry generally adopt fuzzy test methods. However, the current industrial control protocol fuzzy test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multi-modal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch, and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent, and greatly increases the probability of anomaly detection in the protocol implementation.

scholarly journals A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion

2020 ◽  
Author(s):  
Qianmu Li ◽  
Shunmei Meng ◽  
Hanrui Zhang ◽  
Yaozong Liu ◽  
Haiyuan Shen ◽  
...  
Keyword(s):  
Test Methods ◽  
Sensor Data ◽  
Test Cases ◽  
Industrial Control ◽  
Code Coverage ◽  
Fuzz Testing ◽  
Internet Control ◽  
Industrial Internet ◽  
Control Terminal ◽  
Taint Tracking

Abstract The safety of Industrial Internet Control Systems has been a hotspot in the information security. To meet needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such security threats, academia and industry generally adopt fuzzy test methods. However, the current industrial control protocol fuzzy test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multi-modal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch, and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent, and greatly increases the probability of anomaly detection in the protocol implementation

scholarly journals A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion

2020 ◽  
Author(s):  
Qianmu Li ◽  
Shunmei Meng ◽  
Hanrui Zhang ◽  
Yaozong Liu ◽  
Haiyuan Shen ◽  
...  
Keyword(s):  
Test Methods ◽  
Sensor Data ◽  
Test Cases ◽  
Industrial Control ◽  
Code Coverage ◽  
Fuzz Testing ◽  
Internet Control ◽  
Industrial Internet ◽  
Control Terminal ◽  
Taint Tracking

Abstract The safety of Industrial Internet Control Systems has been a hotspot in the information security. To meet needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such security threats, academia and industry generally adopt fuzz test methods. However, the current industrial control protocol fuzz test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multi-modal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch, and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent, and greatly increases the probability of anomaly detection in the protocol implementation.

scholarly journals A dynamic taint tracking optimized fuzz testing method based on multi-modal sensor data fusion

2020 ◽  
Vol 2020 (1) ◽  
Author(s):  
Qianmu Li ◽  
Yaozong Liu ◽  
Shunmei Meng ◽  
Hanrui Zhang ◽  
Haiyuan Shen ◽  
...  
Keyword(s):  
Data Fusion ◽  
Sensor Data ◽  
Sensor Data Fusion ◽  
Testing Method ◽  
Fuzz Testing ◽  
Taint Tracking

Design of the IDCTMV Human-Machine Ergonomics Test System

2014 ◽  
Vol 599-601 ◽  
pp. 900-903
Author(s):  
Quan Wang ◽  
Wei Ping Liu ◽  
Yi Jin ◽  
Bin He Fu
Keyword(s):  
Reaction Time ◽  
Subjective Evaluation ◽  
Test System ◽  
Test Methods ◽  
Operation Performance ◽  
Operation Procedure ◽  
Simulated Test ◽  
Control Terminal ◽  
And Control ◽  
Integrated Display

This paper presented the scenario of the IDCTMV Human-Machine Ergonomics test system with the programming idea of the modularization. Based on LabVIEW, the IDCTMV simulated test software and subjective evaluation software were designed and developed. The subjective evaluation results and operation performance data including the reaction time of crews, the rate of errors, and the rate of over reports were tested by the simulation of the integrated display and control terminal for the typical operation procedure, which solved the problems of lacking test methods for the study of the IDCTMV Human-Machine Ergonomics.

scholarly journals Selection of Best Test Cases using Support Vector Machine for ARPT

2019 ◽  
Vol 8 (3) ◽  
pp. 4265-4271
Keyword(s):  
Support Vector Machine ◽  
Software Testing ◽  
Support Vector ◽  
Test Cases ◽  
Testing Strategy ◽  
Random Partition ◽  
Code Coverage ◽  
Time Consumption ◽  
Branch Coverage ◽  
Selection Of

Software testing is an essential activity in software industries for quality assurance; subsequently, it can be effectively removing defects before software deployment. Mostly good software testing strategy is to accomplish the fundamental testing objective while solving the trade-offs between effectiveness and efficiency testing issues. Adaptive and Random Partition software Testing (ARPT) approach was a combination of Adaptive Testing (AT) and Random Partition Approach (RPT) used to test software effectively. It has two variants they are ARPT-1 and ARPT-2. In ARPT-1, AT was used to select a certain number of test cases and then RPT was used to select a number of test cases before returning to AT. In ARPT-2, AT was used to select the first m test cases and then switch to RPT for the remaining tests. The computational complexity for random partitioning in ARPT was solved by cluster the test cases using a different clustering algorithm. The parameters of ARPT-1 and ARPT-2 needs to be estimated for different software, it leads to high computation overhead and time consumption. It was solved by Improvised BAT optimization algorithms and this approach is named as Optimized ARPT1 (OARPT1) and OARPT2. By using all test cases in OARPT will leads to high time consumption and computational overhead. In order to avoid this problem, OARPT1 with Support Vector Machine (OARPT1-SVM) and OARPT2- SVM are introduced in this paper. The SVM is used for selection of best test cases for OARPT-1 and OARPT-2 testing strategy. The SVM constructs hyper plane in a multi-dimensional space which is used to separate test cases which have high code and branch coverage and test cases which have low code and branch coverage. Thus, the SVM selects the best test cases for OARPT-1 and OARPT-2. The selected test cases are used in OARPT-1 and OARPT-2 to test software. In the experiment, three different software is used to prove the effectiveness of proposed OARPT1- SVM and OARPT2-SVM testing strategies in terms of time consumption, defect detection efficiency, branch coverage and code coverage.

scholarly journals FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

2021 ◽  
pp. 363-367 ◽  
Author(s):  
Kaled M. Alshmrany ◽  
Rafael S. Menezes ◽  
Mikhail R. Gadelha ◽  
Lucas C. Cordeiro
Keyword(s):  
Model Checking ◽  
Symbolic Execution ◽  
Bounded Model Checking ◽  
Test Cases ◽  
Security Vulnerabilities ◽  
C Programs ◽  
Code Coverage

AbstractWe describe and evaluate a novel white-box fuzzer for C programs named , which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. successfully participates in Test-Comp’21 and achieves first place in the category and second place in the category.

Morpheus Web Testing: A Tool for Generating Test Cases for Widget Based Web Applications

2021 ◽  
Author(s):  
Romulo de Almeida Neves ◽  
Willian Massami Watanabe ◽  
Rafael Oliveira
Keyword(s):  
User Interfaces ◽  
Web Application ◽  
Web Applications ◽  
Test Cases ◽  
Code Coverage ◽  
Web Testing ◽  
The Cost ◽  
Software Lifecycle ◽  
The Web

Context: Widgets are reusable User Interfaces (UIs) components frequently delivered in Web applications.In the web application, widgets implement different interaction scenarios, such as buttons, menus, and text input.Problem: Tests are performed manually, so the cost associated with preparing and executing test cases is high.Objective: Automate the process of generating functional test cases for web applications, using intermediate artifacts of the web development process that structure widgets in the web application. The goal of this process is to ensure the quality of the software, reduce overall software lifecycle time and the costs associated with tests.Method:We elaborated a test generation strategy and implemented this strategy in a tool, Morpheus Web Testing. Morpheus Web Testing extracts widget information from Java Server Faces artifacts to generate test cases for JSF web applications. We conducted a case study for comparing Morpheus Web Testing with a state of the art tool (CrawlJax).Results: The results indicate evidence that the approach Morpheus Web Testing managed to reach greater code coverage compared to a CrawlJax.Conclusion: The achieved coverage values represent evidence that the results obtained from the proposed approach contribute to the process of automated test software engineering in the industry.

scholarly journals Advances in Future Internet and the Industrial Internet of Things

Symmetry ◽  
2019 ◽  
Vol 11 (2) ◽  
pp. 244 ◽  
Author(s):  
Jong Park
Keyword(s):  
Internet Of Things ◽  
Communication Networks ◽  
Future Internet ◽  
Resource Provisioning ◽  
Sensor Data ◽  
Third Wave ◽  
Industrial Internet Of Things ◽  
Privacy And Security ◽  
Industrial Internet ◽  
Use Of Internet

After the emergence of the Internet and mobile communication networks, the IoT has been considered as the third wave of information technology. The Industrial Internet of Things (IIoT) is the use of Internet of Things (IoT) technologies in manufacturing. IIoT incorporates machine learning and big data technology, sensor data, and machine-to-machine (M2M) communications that have existed in industrial areas for years. In the future, people and objects will be connected at any time, any place, with anything and anyone and will utilize any network and services. IIoT is creating a new world in which people and businesses can manage their assets in more informed ways and can make more opportune and better-informed decisions. Many advanced IIoT and 5G technologies have been successfully applied in everyday life, but there are still many practical problems tackled by traditional methods which are generally difficult to experimentally solve in the advanced Industrial Internet of Things. Therefore, in this special issue, we accepted five articles in three different dimensions: communication networks, optimized resource provisioning and data forwarding, privacy and security.

Virtual Test Environment for Self-Optimizing Systems

2013 ◽  
Author(s):  
Jörg Stöcklein ◽  
Daniel Baldin ◽  
Wolfgang Müller ◽  
Tao Xie
Keyword(s):  
Operating System ◽  
Real Time ◽  
Virtual Prototype ◽  
Test Cases ◽  
Test Environment ◽  
Dead Code ◽  
Real Time Operating System ◽  
The Real ◽  
Code Coverage ◽  
Virtual Test

In our paper we present a virtual test environment for self-optimizing systems based on mutant based testing to validate user tasks of a real-time operating system. This allows the efficient validation of the code coverage of the test cases and therefore helps to detect errors in order to improving the reliability of the system software. Technically we are able to run and test the software on both systems. By writing application software and setting up the virtual test environment properly, we define our test cases. To validate the code coverage for our test cases, we use the approach of mutant based testing. By running this mutated code on our virtual prototype in the virtual test environment, we are able to efficiently validate the code coverage and are able to detect bugs in the application code or detect dead code that is not executed. Finding non-executing code leads to redefinition of our test cases by either changing the test environment or the application code in the case of dead code. We implemented the virtual test environment on top of the third party low cost VR system Unity 3D, which is frequently used in entertainment and education. We demonstrate our concepts by the example of our BeBot robot vehicles. The implementation is based on our self-optimizing real-time operating system ORCOS and we used the tool CERTITUDE(TM) for generating the mutations in our application code. Our BeBot virtual prototype in our virtual test environment implements the same low-level interface to the underlying hardware as the real BeBot. This allows a redirection of commands in ORCOS to either the real or the virtual BeBot in order to provide a VR based platform for early software development as well as ensures comparable conditions under both environments. Our example applies a virtual BeBot that drives through a labyrinth utilizing its IR sensors for navigation. The mutant based testing checks if all situations implemented by the software to navigate through the labyrinth are covered by our tests.

Sign in / Sign up

Export Citation Format

Share Document