• Title/Summary/Keyword: 탐색 기반 소프트웨어 테스팅

Search Result 4, Processing Time 0.019 seconds

A Comparison of the Search Based Testing Algorithm with Metrics (메트릭에 따른 탐색 기반 테스팅 알고리즘 비교)

  • Choi, HyunJae;Chae, HeungSeok
    • Journal of KIISE
    • /
    • v.43 no.4
    • /
    • pp.480-488
    • /
    • 2016
  • Search-Based Software Testing (SBST) is an effective technique for test data generation on large domain size. Although the performance of SBST seems to be affected by the structural characteristics of Software Under Test (SUT), studies for the comparison of SBST techniques considering structural characteristics are rare. In addition to the comparison study for SBST, we analyzed the best algorithm with different structural characteristics of SUT. For the generalization of experimental results, we automatically generated 19,800 SUTs by combining four metrics, which are expected to affect the performance of SBST. According to the experiment results, Genetic algorithm showed the best performance for SUTs with high complexity and test data evaluation with count ${\leq}20,000$. On the other hand, the genetic simulated annealing and the simulated annealing showed relatively better performance for SUTs with high complexity and test data evaluation with count ${\geq}50,000$. Genetic simulated annealing, simulated annealing and hill climbing showed better performance for SUTs with low complexity.

A Method of Test Case Generation Using BPMN-Based Path Search (BPMN 기반 경로 탐색을 이용한 테스트 케이스 생성 기법)

  • Park, JeJun;Kang, DongSu
    • KIPS Transactions on Software and Data Engineering
    • /
    • v.6 no.3
    • /
    • pp.125-134
    • /
    • 2017
  • The SOA (Service Oriented Architecture) based softwares are escalated because of quickly coping with business requirement. SOA can not apply to existing test method because of loosely coupled service and massage exchange architecture. In this paper, we suggest a method of test case generation using BPMN (Business Process Model and Notation). First we model processes, then make Business Flow Graph (BFG). After searching the euler path through symmetrized BFG about input and output degrees, we generate test cases. A method of test case generation using BPMN can apply at SOA-based system, and reduce the number of test cases.

Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution (동적 기호 실행을 이용한 그래프 기반 바이너리 코드 실행 경로 탐색 플랫폼)

  • Kang, Byeongho;Im, Eul Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.437-444
    • /
    • 2014
  • In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.

Automated Method for Detecting Use-After-Free Vulnerability of Windows System Calls Using Dynamic Symbolic Execution (동적 기호 실행을 이용한 윈도우 시스템 콜 Use-After-Free 취약점 자동 탐지 방법)

  • Kang, Sangyong;Lee, Gwonwang;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.803-810
    • /
    • 2017
  • Recently, social security problems have been caused by the development of the software industry, and a variety of automation techniques have been used to verify software stability. In this paper, we propose a method of automatically detecting a use-after-free vulnerability on Windows system calls using dynamic symbolic execution, one of the software testing methods. First, a static analysis based pattern search is performed to select a target point. Based on the detected pattern points, we apply an induced path search technique that blocks branching to areas outside of interest. Through this, we overcome limitations of existing dynamic symbolic performance technology and verify whether vulnerability exists at actual target point. As a result of applying the proposed method to the Windows system call, it is confirmed that the use-after-free vulnerability, which had previously to be manually analyzed, can be detected by the proposed automation technique.