Specification-Based Test Generation for Security-Critical Systems Using Mutations

In specification-based testing, test sequences are generated from an abstract system specification to provide confidence in the correctness of an implementation. For security-critical systems, finding tests likely to detect possible vulnerabilities is particularly difficult, as they usually involve subtle and complex execution scenarios and consideration of domain-specific concepts such as cryptography and random numbers. We present research aiming to generate test sequences for transaction systems from a formal security model supported by the CASE tool Auto-Focus. The test sequences are determined with respect to the system’s required security properties, using mutations of the system specification and attack scenarios. To be able to apply them to an existing implementation, the abstract test sequences are concretized.