Title:On the limitations of finite state models as sources of tests for access control and authentication

Speaker: Aditya Mathur (Purdue University)

Time: 3:00pm, Thursday July 26

Venue: Lecture room, Lab for Computer Science, Level 3 Building #5, Institute of Software, CAS


Two experiments were conducted to assess the ¡°goodness¡± of finite state
models as sources of tests for testing implementations of access control
and authentication. The traditional finite state machine (FSM) and UML
statechart models were considered. In one experiment an FSM served as a
model of the expected behavior of an implementation required to enforce a
Role Based Access Control policy. While the tests generated from the FSM
show excellent fault detection effectiveness, they are astronomical in
number. Several heuristics were then used to reduce the model size, and
hence the number of tests. The heuristics led to a practical technique for
test generation though the tests generated show lower fault detection
effectiveness. In another experiment a statechart was used to model the
expected behavior of an implementation of the TLS protocol. Tests were
then generated from the flattened and reduced version of this statechart
using the testing tree method. Execution of the GnuTLS implementation
against the generated tests revealed a significant chunk of untested code
as indicated by MC/DC coverage. A ¡°what if¡± analysis revealed that
errors in the untested code may turn out to be serious security
vulnerabilities. Both experiments reveal the limitations of model based
testing and suggest the use of at least one orthogonal technique to
supplement tests generated by finite state models.

Speaker's Bio:

Aditya Mathur is the Head of and professor in the department of Computer
Science at Purdue University, West Lafayette, Indiana. His research is in
software testing and reliability. His contributions include the saturation
effect, coverage based models of software reliability, techniques for
software testing on high performance computers, empirical comparison of
various code coverage criteria, and new approaches to the control of
software development processes. His most recent book, titled ¡°Foundations
of Software Testing,¡± is to appear in August 2007. This book is intended
to be a text for undergraduate and graduate courses in Software Testing
and intends to take education in software testing to the same level of
sophistication and respect as some other areas in Computer Science.