Open AccessProceedings Article10.1109/ICSTW.2017.24

Towards Security-Aware Mutation Testing

- 13 Mar 2017

- pp 97-102

TL;DR: This work designs security aware mutation operators to support mutation analysis for Java, and introduces 15 security-aware mutation operators for Java that are applicable and prevalent on open source projects, providing evidence that mutation analysis can support security testing activities.

Abstract: Mutation analysis forms a popular software analysis technique that has been demonstrated to be useful in supporting multiple software engineering activities. Yet, the use of mutation analysis in tackling security issues has received little attention. In view of this, we design security aware mutation operators to support mutation analysis. Using a known set of common security vulnerability patterns, we introduce 15 security-aware mutation operators for Java. We then implement them in the PIT mutation engine and evaluate them. Our preliminary results demonstrate that standard PIT operators are unlikely to introduce vulnerabilities similar to ours. We also show that our security-aware mutation operators are indeed applicable and prevalent on open source projects, providing evidence that mutation analysis can support security testing activities.

AI Agents for this Paper

Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps

Most frequently asked questions

1. What have the authors contributed in "Towards security-aware mutation testing" ?

Using a known set of common security vulnerability patterns, the authors introduce 15 security-aware mutation operators for Java.. The authors also show that their security-aware mutation operators are indeed applicable and prevalent on open source projects, providing evidence that mutation analysis can support security testing activities.

2. What future works have the authors mentioned in the paper "Towards security-aware mutation testing" ?

In the future, the authors plan to extend their work towards the following directions: First, they plan to consider a much larger set of security patterns that they will mine from open source projects.. Second, the authors will assess their research questions on more subjects and confirm their observations with actual tests from fuzzing tools.

TABLE V: Number of security-aware mutants generated on 4 open source projects. The table entries record the number of mutants generated per mutation operator and project. Non referenced operators did not produce any mutants.

TABLE IV: Mutating projects with new operators

TABLE III: Injected classes of vulnerabilities that were identified by FindBugs (with the security plugin), in a sample project. We mutated this project and verified the presence of vulnerabilities by comparing the static analysis reports of the mutants and the original programs. Y signifies that the injected vulnerability was identified by FindBugs.

TABLE I: Security-aware Mutation Operators

TABLE II: Mutating iTrust with PIT’s standart operator set. The table records the number of mutants and vulnerabilities that were generated per used operator.

Citations

•Book Chapter•10.1016/BS.ADCOM.2018.03.015

Mutation Testing Advances: An Analysis and Survey

Mike Papadakis, +5 more

- 01 Jan 2019

TL;DR: This chapter presents a survey of recent advances, over the past decade, related to the fundamental problems of mutation testing and sets out the challenges and open problems for the future development of the method.

...read moreread less

482

•Journal Article

Chapter Six - Mutation Testing Advances: An Analysis and Survey.

Mike Papadakis, +5 more

- 01 Jan 2019

- Advances in Computers

163

Journal Article•10.1016/j.future.2022.03.001

Host-based IDS: A review and open issues of an anomaly detection system in IoT

Inês Martins, +5 more

- 01 Mar 2022

- Future Generation Computer Systems

TL;DR: In this paper , the authors address an overview of cybersecurity threats in IoT, important recommendations for a real-time IDS, and a realtime dataset setting to evaluate a security system covering multiple cyber threats.

...read moreread less

Proceedings Article•10.1145/3239235.3240500

Are mutants really natural?: a study on how "naturalness" helps mutant selection

Matthieu Jimenez, +6 more

- 11 Oct 2018

TL;DR: This work investigates the use of natural language modelling techniques in mutation testing (a testing technique that uses artificial faults) to identify how well artificial faults simulate real ones and ultimately understand how natural the artificial faults can be.

...read moreread less

Journal Article•10.1016/j.sysarc.2022.102701

Towards mutation testing of Reinforcement Learning systems

Yuteng Lu, +2 more

- 01 Aug 2022

- Journal of Systems Architecture

TL;DR: In this article , a series of mutation operators simulating possible errors that RL systems may encounter, and a test environment is provided to reveal possible problems within RL systems, and mutation scores specialized for RL systems are used to analyze the extent of potential faults and evaluate the quality of test environments.

...read moreread less

...

Expand

References

Journal Article•10.1109/C-M.1978.218136

Hints on Test Data Selection: Help for the Practicing Programmer

Richard A. DeMillo, +2 more

- 01 Apr 1978

- IEEE Computer

TL;DR: In many cases tests of a program that uncover simple errors are also effective in uncovering much more complex errors, so-called coupling effect can be used to save work during the testing process.

...read moreread less

2.2K

Monograph•10.1017/CBO9780511809163

Introduction to Software Testing: List of Figures

Paul Ammann, +1 more

- 01 Jan 2008

TL;DR: The structure of the text directly reflects the pedagogical approach and incorporates the latest innovations in testing, including techniques to test modern types of software such as OO, web applications and embedded software.

...read moreread less

1.2K

•Book

Introduction to Software Testing

Paul Ammann, +1 more

- 01 Jan 2009

TL;DR: In this paper, the authors define testing as the process of applying a few well-defined, general-purpose test criteria to a structure or model of the software, and present an innovative approach to explaining the process.

...read moreread less

1.1K

•Journal Article•10.1016/J.ENTCS.2005.12.014

An Introduction to Software Testing

Luciano Baresi, +1 more

- 01 Feb 2006

- Electronic Notes in Theoretical Computer...

TL;DR: The main characteristics of a good quality process are discussed, the key testing phases are surveyed and modern functional and model-based testing approaches are presented.

...read moreread less

961

•Book

Software fault injection: inoculating programs against errors

Jeffrey Voas, +1 more

- 18 Nov 1997

TL;DR: This book covers: how to predict where faults are most likely to hide; how failures in the software environment should impact software performance; how to use normal beta testing to uncover potential security problems; what fault injection reveals about maintenance and reuse; and how to introduce fault injection methods into your organization.

...read moreread less

322

...

Expand

Towards Security-Aware Mutation Testing

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What have the authors contributed in "Towards security-aware mutation testing" ?

2. What future works have the authors mentioned in the paper "Towards security-aware mutation testing" ?

Figures

Citations

Mutation Testing Advances: An Analysis and Survey

Chapter Six - Mutation Testing Advances: An Analysis and Survey.

Host-based IDS: A review and open issues of an anomaly detection system in IoT

Are mutants really natural?: a study on how "naturalness" helps mutant selection

Towards mutation testing of Reinforcement Learning systems

References

Hints on Test Data Selection: Help for the Practicing Programmer

Introduction to Software Testing: List of Figures

Introduction to Software Testing

An Introduction to Software Testing

Software fault injection: inoculating programs against errors

Related Papers (5)

An Analysis and Survey of the Development of Mutation Testing

A New Mutation Analysis Method for Testing Java Exception Handling

Correlation Analysis among Java Nano-Patterns and Software Vulnerabilities

What It Would Take to Use Mutation Testing in Industry—A Study at Facebook

Exploring context-sensitive data flow analysis for early vulnerability detection