A Self-Executing Study of Arranging Scribble for Security Principle

Authors(2) :-Dr. G. Nagalakshmi, Vidadhala Kartheek

We gift Script worker (SITAR), a technique to automatically repair unusable low-level check scripts. instrument uses reverse engineering techniques to create Associate in Nursing abstract check for each script, maps it to Associate in Nursing annotated event-flow graph (EFG), uses repairing transformations and human input to repair the check, and synthesizes a replacement “repaired” check script. throughout this technique, instrument together repairs the relation to the user interface objects utilised within the checkpoints yielding a final check script which will be dead automatically to validate the revised computer code package. instrument amortizes the worth of human intervention across multiple scripts by accumulating the human info as annotations on the EFG. to increase computer code package responsibility and security. New cost-effective tools for computer code package quality assurance unit of measurement needed thus this, paper presents associate degree automatic check generation technique, referred to as Model-based Integration and System check Automation (MISTA), for integrated sensible and security testing of computer code package systems. Given a Model-Implementation Description (MID) specification, MISTA generates check code which will be dead instantly with the implementation beneath check. the center specification uses a high-level Petri internet to capture every control- and data-related wants for sensible testing, access management testing, or penetration testing with threat models. once generating check cases from the check model in line with a given criterion, MISTA converts the check cases into practicable check code by mapping model- level elements into implementation-level constructs. MISTA has enforced check generators for diverse check coverage criteria of check models, code generators for diverse programming and scripting languages, and check execution environments like Java, C, C++, C#, HTML-Selenium IDE, and golem Framework. MISTA has been applied to the sensible and security testing of various real-world computer code package systems.

Authors and Affiliations

Dr. G. Nagalakshmi
Head of the Department Computer Science and Engineering, siddartha Institute of Science and Technology, Puttur, Karnataka, India
Vidadhala Kartheek
Student of Software Engineering, siddartha Institute of Science and Technology, puttur, Karnataka, India

Functional Testing, Model-Based Testing, Petri Nets, Security Testing, Computer Code Assurance.

  1. J. Zender, I.Schiefewrdecker, and P.Mosterman, Eds., Model-Based Testing for Embedded Syst.Boca Raton, FL, USA: CRC Press, 2011.
  2. M.Utting and B.Legeard, Practical Model-Based Testing: A Tools Approach.San Francisco, CA, USA: Morgan Kaufmann, 2006.
  3. H.J.Genrich, "Predicate/move nets," in Petri Nets: Central Models and Their Properties.New York, NY, USA: Springer, 1987, pp.207-247.
  4. K.Jensen, Colored Petri Nets: Basic Concepts, Analysis Methods and Practical Use.New York, NY, USA: Springer-Verlag, 1992, vol.26.
  5. T.Murata, "Petri nets: Properties, investigation and applications," Proc.IEEE, vol.77, no.4, pp.541-580, Apr.1989.
  6. W.Reisig, "Petri nets and arithmetical particulars," Theoret.Comput.Sci., vol.80, pp.1-34, 1991.
  7. D.Xu, "An instrument for mechanized test code era from abnormal state Petri nets," in Proc.32nd Int.Conf.Applicat.also, Theory of Petri Nets and Concurrency (Petri Nets 2011), LNCS 6709, Springer-Verlag, Berlin, Heidelberg, Germany, Newcastle, U.K., Jun.2011, pp.308-317.
  8. D.Xu, L.Thomas, M.Kent, T.Mouelhi, and Y.Le Traon, "A model-based way to deal with mechanized testing of get to control strategies," in Proc.seventeenth ACM Symp.Get to Control Models and Technologies (SACMAT'12), Newark, NJ, USA, Jun.2012.
  9. D.Xu, M.Tu, M.Sanford, L.Thomas, D.Woodraska, and W.Xu, "Mechanized security test era with formal danger models," IEEE Trans.Depend.Secure Comput., vol.9, no.4, pp.525-539, Jul./Aug.2012.
  10. D.Xu and K.E.Nygard, "Danger driven demonstrating and check of secure programming utilizing viewpoint situated Petri nets," IEEE Trans.Softw.Eng., vol.32, no.4, pp.265-278, Apr.2006.
  11. D.Xu, J.Yin, Y.Deng, and J.Ding, "A formal building model for intelligent operator versatility," IEEE Trans.Softw.Eng., vol.29, no.1, pp.31-45, Jan.2003.
  12. D.Xu, R.A.Volz, T.R.Ioerger, and J.Yen, "Displaying and examining multi-operator practices utilizing predicate/move nets," Int.J.Softw.Eng.Knowl.Eng., vol.13, no.1, pp.103-124, 2003.
  13. N.J.Nilsson, Principles of Artificial Intelligence.San Francisco, CA, USA: Morgan Kaufmann, 1980.
  14. R.V.Fastener, Testing Object-Oriented Systems: Models, Patterns, and Tools.Perusing, MA, USA: Addison-Wesley, 2000.
  15. [Online].Accessible: http://www.magentocommerce.com
  16. [Online].Accessible: http://www.zen-cart.com
  17. Y.Jia and M.Harman, "An investigation and study of the improvement of change testing," IEEE Trans.Softw.Eng., vol.37, no.5, pp.649-678, 2010.
  18. Y.L.Traon, T.Mouelhi, A.Pretschner, and B.Baudry, "Test-driven evaluation of get to control in heritage applications," in Proc.first IEEE Int.Conf.Programming, Testing, Verification and Validation (ICST'08), Norway, 2008, pp.238-247.
  19. T.Mouelhi, F.Fleurey, B.Baudry, and Y.L.Traon, "A model-based system for security strategy detail, arrangement and testing," in Proc.ACM/IEEE eleventh Int.Conf.Show Driven Eng.Dialects and Syst.(MODELS'08), Toulouse, France, 2008.
  20. [Online].Accessible: https://sites.google.com/site/servalteam/apparatuses/Mutax
  21. OWASP.The Ten Most Critical Web Application Security Risks [Online].Accessible: http://www.owasp.org
  22. M.Shafique and Y.Labiche, A deliberate survey of model based testing apparatus bolster Carleton Univ., 2010, Tech.Rep.SCE-10-04.
  23. J.Jacky, M.Veanes, C.Campbell, and W.Schulte, Model-based Software Testing and Analysis with C#.Cambridge, U.K.: Cambridge Univ.Press, 2008.
  24. H.S.Hong, Y.G.Kim, S.D.Cha, D.H.Bae, and H.Ural, "A test arrangement determination strategy for statecharts," J.Softw.Test., Verif., Rel., vol.10, no.4, pp.203-227, 2000.
  25. L.Gallagher, J.Offutt, and T.Cincotta, "Coordination testing of objectoriented segments utilizing limited state machines," J.Softw.Test., Verif., Rel., vol.16, no.4, pp.215-266, 2006.
  26. L.Gallagher and J.Offutt, "Test arrangement era for coordination testing of part programming," Comput.J., Advance Access, Nov.2007.
  27. L.Briand, Y.Labiche, and Q.Lin, "Enhancing the scope criteria of UML state machines utilizing information stream investigation," J.Softw.Test., Verif., Rel., vol.20, no.3, pp.177-207, Sep.2010.
  28. M.v.d.Bijl, Applied model-based testing: Automatically create, execute, and assess Tests, 2011 [Online].Accessible: fmt.cs.utwente.nl/dwftt2007/introductions/MacBij_MBT_POS_public.pdf
  29. J.Offutt, S.Liu, A.Abdurazik, and P.Ammann, "Creating test information from state-based details," J.Softw.Test., Verif., Rel., vol.13, no.1, pp.25-53, 2003.
  30. M.Gaudel, A.Denise, S.Gouraud, R.Lassaigne, J.Oudinet, and S.Peyronnet, "Scope one-sided arbitrary investigation of substantial models," in Proc.fourth ETAPS Workshop on Model Based Testing, 10 of Electron.Notes in Theoretical Comput.Sci., 2008, vol.220, pp.3-14.
  31. C.Jard and T.Jéron, "TGV: Theory, standards and calculations: An instrument for the programmed amalgamation of conformance test cases for non-deterministic responsive frameworks," Int.J.Softw.Instruments Technol.Exchange (STTT), vol.7, no.4, pp.297-315, Aug.2005.
  32. P.Pelliccione, H.Muccini, A.Bucchiarone, and F.Facchini, "TeStor: Deriving test successions from display based details," in Proc.eighth Int.SIGSOFT Symp.Part Based Software Eng.(CBSE'05),m LNCS 3489, 2005, pp.267-282.
  33. S.Ali, L.Briand, M.J.Rehman, H.Asghar, M.Z.Z.Iqbal, and A.Nadeem, "A state-based way to deal with reconciliation testing in light of UML models," Inf.Softw.Technol., vol.49, no.11-12, pp.1087-1106, 2007.
  34. A.Chander, D.Dhurjati, K.Sen, and D.Yu, "Ideal test input succession era for limited state models and pushdown frameworks," in Proc.2011 Int.Conf.Programming Testing, Verification and Validation (ICST'11), Berlin, Germany, Mar.2011.
  35. R.Ubar and M.Brik, "Multi-level test era and blame analysis for limited state machines," in Dependable Computing—EDCC-2 Second Eur.Trustworthy Computing Conf., LNCS 1150, Taormina, Italy, 1996, pp.264-281.
  36. H.Zhu and X.He, "A philosophy for testing abnormal state Petri nets," Inf.Softw.Technol., vol.44, pp.473-489, 2002.
  37. S.Barbey, D.Buchs, and C.Péraire, "A hypothesis of detail based testing for protest arranged programming," in Dependable Computing—EDCC-2 Second Eur.Tried and true Computing Conf., LNCS 1150, Taormina, Italy, 1996, pp.303-320.
  38. L.Lucio, L.Pedro, and D.Buchs, "Self-loader experiment era from CO-OPN particulars," in Proc.Workshop Model-Based Testing and Object-Oriented Syst., 2006, pp.19-26.
  39. L.Lucio, "SATEL—a test aim dialect for question situated details of receptive frameworks," Ph.D.paper, Université de Genève, Center Universitaire d'Informatique, Geneva, Switzerland, 2009.
  40. J.Desel, A.Oberweis, T.Zimmer, and G.Zimmermann, "Approval of data framework models: Petri nets and experiment era," Proc.SMC'97, pp.3401-3406, 1997.
  41. C.C.Wang, W.C.Pai, and D.- J.Chiang, "Utilizing Petri net model way to deal with question situated class testing," Proc.SMC'99, pp.824-828, Oct.1999.
  42. A.Masood, R.Bhatti, A.Ghafoor, and A.Mathur, "Adaptable and powerful test era for part based get to control frameworks," IEEE Trans.Softw.Eng., vol.35, no.5, pp.654-668, 2009.
  43. A.Masood, A.Ghafoor, and A.Mathur, "Conformance testing of worldly part based get to control frameworks," IEEE Trans.Depend.Secure Comput., vol.7, no.2, pp.144-158, 2010.
  44. H.Hu and G.Ahn, "Empowering check and conformance testing for get to control show," in Proc.thirteenth ACM Symp.Get to Control Models and Technologies, 2008, pp.195-204.
  45. W.Mallouli, J.M.Orset, A.Cavalli, N.Cuppens, and F.Cuppens, "A formal approach for testing security rules," in Proc.twelfth ACM Symp.Get to Control Models and Technologies, 2007, pp.127-132.
  46. J.Jurjens, "Display based security testing utilizing UMLsec," Electron.Notes Theoret.Comput.Sci.(ENTCS), vol.220, no.1, pp.93-104, Dec.2008.
  47. K.Li, L.Mounier, and R.Groz, "Test era from security approaches indicated in Or-BAC," in Proc.31st Comput.Programming and Applicat.Conf.(COMPSAC'07), 2007, pp.255-260.
  48. A.Pretschner, Y.L.Traon, and T.Mouelhi, "Demonstrate based tests for get to control strategies," in Proc.first Int.Conf.Programming Testing Verification and Validation (ICST'08), Lillehamer, Norway, Apr.2008.
  49. J.Julliand, P.A.Masson, and R.Tissot, "Producing security tests notwithstanding practical tests," in Proc.third Int.Workshop Automation of Software Test, 2008, pp.41-44.
  50. H.Huang and H.Kirchner, "Formal determination and confirmation of secluded security arrangement in view of shaded Petri nets," IEEE Trans.Depend.Secure Comput., vol.8, no.6, pp.852-865, Nov./Dec.2011.
  51. B.Shafiq, J.Joshi, and A.Ghafoor, "Petri-net based displaying for confirmation of RBAC approaches," Tech.Rep., Center for Education and Research in Information Assurance and Security, Purdue Univ., 2002.
  52. Y.Deng, J.C.Wang, J.Tsai, and K.Beznosov, "An approach for displaying and examination of security framework designs," IEEE Trans.Information Data Eng., vol.15, no.5, pp.1099-1119, Sep.2003.
  53. K.H.Mortensen, "Programmed code era strategy in light of hued Petri net models connected on a get to control framework," in Application and Theory of Petri Nets.New York, NY, USA: Springer-Verlag, 2000, pp.367-386.
  54. K.Knorr, "Dynamic get to control through Petri net work processes," in Proc.sixteenth Annu.Conf.Comput.Security Applicat., 2000, pp.159-167.
  55. A.Marback, H.Do, K.He, S.Kondamarri, and D.Xu, "A threat modelbased approach to security testing," in Software: Practice and Experience, Expanded Version of the AST'09Workshop Paper, Feb.2013, vol.43, pp.241-258.
  56. L.Wang, W.Wong, and D.Xu, "A threat model driven approach for security testing," in Proc.3rd Int.Workshop Software Eng.for Secure Syst.(SESS'07), May 2007.
  57. B.Schneier, "Attack trees,"Dr.Dobb's J.Softw.Tools, vol.24, no.12, pp.21-29, 1999.
  58. F.Swiderski and W.Snyder, ThreatModeling.Redmond, WA, USA: Microsoft Press, 2004.
  59. J.P.McDermott, "Attack net penetration testing," in Proc.2000 Workshop New Security Paradigms, 2000, pp.15-21.

Publication Details

Published in : Volume 2 | Issue 6 | November-December 2017
Date of Publication : 2017-12-31
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 627-634
Manuscript Number : CSEIT1726193
Publisher : Technoscience Academy

ISSN : 2456-3307

Cite This Article :

Dr. G. Nagalakshmi, Vidadhala Kartheek, "A Self-Executing Study of Arranging Scribble for Security Principle", International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 6, pp.627-634, November-December-2017. |          | BibTeX | RIS | CSV

Article Preview