Model Inference and Security Testing in the SPaCIoS Project

Abstract : The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One is based on remote interaction (typically through an HTTP connection) to observe the runtime behaviour and infer a model in black-box mode. The other is based on analysis of application code when available. This paper presents the reverse engineering parts of the project, along with an illustration of how vulnerabilities can be found with various SPaCIoS tool components on a typical security benchmark.
Type de document :
Communication dans un congrès
IEEE Working Conference on Reverse Engineering, CSMR-WCRE 2014, 2014, Antwerp, Belgium. pp.411-414, 2014
Liste complète des métadonnées

https://hal.inria.fr/hal-00976110
Contributeur : Catherine Oriat <>
Soumis le : mercredi 9 avril 2014 - 16:20:01
Dernière modification le : jeudi 11 octobre 2018 - 08:48:04

Identifiants

  • HAL Id : hal-00976110, version 1

Collections

Citation

Matthias Büchler, Karim Hossen, Petru Florin Mihancea, Marius Minea, Roland Groz, et al.. Model Inference and Security Testing in the SPaCIoS Project. IEEE Working Conference on Reverse Engineering, CSMR-WCRE 2014, 2014, Antwerp, Belgium. pp.411-414, 2014. 〈hal-00976110〉

Partager

Métriques

Consultations de la notice

244