空间系统项目中的模型推理和安全测试

2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE) Pub Date : 2014-02-27 DOI:10.1109/CSMR-WCRE.2014.6747207

Matthias Büchler, Karim Hossen, Petru Florin Mihancea, M. Minea, Roland Groz, Catherine Oriat

{"title":"空间系统项目中的模型推理和安全测试","authors":"Matthias Büchler, Karim Hossen, Petru Florin Mihancea, M. Minea, Roland Groz, Catherine Oriat","doi":"10.1109/CSMR-WCRE.2014.6747207","DOIUrl":null,"url":null,"abstract":"The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One is based on remote interaction (typically through an HTTP connection) to observe the runtime behaviour and infer a model in black-box mode. The other is based on analysis of application code when available. This paper presents the reverse engineering parts of the project, along with an illustration of how vulnerabilities can be found with various SPaCIoS tool components on a typical security benchmark.","PeriodicalId":166271,"journal":{"name":"2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Model inference and security testing in the spacios project\",\"authors\":\"Matthias Büchler, Karim Hossen, Petru Florin Mihancea, M. Minea, Roland Groz, Catherine Oriat\",\"doi\":\"10.1109/CSMR-WCRE.2014.6747207\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One is based on remote interaction (typically through an HTTP connection) to observe the runtime behaviour and infer a model in black-box mode. The other is based on analysis of application code when available. This paper presents the reverse engineering parts of the project, along with an illustration of how vulnerabilities can be found with various SPaCIoS tool components on a typical security benchmark.\",\"PeriodicalId\":166271,\"journal\":{\"name\":\"2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-02-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSMR-WCRE.2014.6747207\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSMR-WCRE.2014.6747207","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

SPaCIoS项目的目标是验证和测试服务和web应用程序的安全属性。它提出了一种以专用规范语言描述的模型为中心的方法和工具集，支持模型推理、基于突变的测试和模型检查。该项目开发了两种方法来从实现中对模型进行逆向工程。一种是基于远程交互(通常通过HTTP连接)来观察运行时行为并在黑盒模式下推断模型。另一种是基于可用时对应用程序代码的分析。本文介绍了该项目的逆向工程部分，以及如何在典型的安全基准测试中使用各种SPaCIoS工具组件发现漏洞的说明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Model inference and security testing in the spacios project

The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One is based on remote interaction (typically through an HTTP connection) to observe the runtime behaviour and infer a model in black-box mode. The other is based on analysis of application code when available. This paper presents the reverse engineering parts of the project, along with an illustration of how vulnerabilities can be found with various SPaCIoS tool components on a typical security benchmark.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)

自引率

0.00%

发文量