Please use this identifier to cite or link to this item:
|Title:||A tool supported methodology to passively test asynchronous systems with multiple users|
|Citation:||Information and Software Technology|
|Abstract:||Context: Testing usually involves the interaction of the tester with the system under test. However, there are many situations in which this interaction is not feasible and so one requires a passive approach in which the system is analysed to look for failures or unexpected behaviours. The entities of a complex system usually communicate in an asynchronous manner and this complicates the testing tasks since the observed order of events need not be the same as the order in which the events were produced. In previous work, we presented a formal passive testing theory for a single user and system communicating through an asynchronous channel. We were able to check that a trace generated by the system satisfies a given property. Objective: This papers extends our work, for detecting potential intrusions and unexpected behaviours, to the case where many users simultaneously communicate with a central server. We evaluate the practical value of the theoretical framework with a non-trivial system. Method: We developed a novel complete theoretical framework to analyse asynchronous systems with multiple users. All the algorithms are fully implemented. Experiments were performed over the Nextcloud platform to show the applicability of our framework. The experiments include an attack so that actual vulnerabilities could be revealed. Results: The application of our methodology, supported by a tool fully implementing it, was able to reveal a vulnerability in the WebDAV protocol running on Nextcloud. Conclusion: The extension of our previous work is not only useful from a theoretical point of view but also increases the applicability of the original work. We are now able to analyse systems where the interaction with different users can lead to unexpected behaviours. We have been able to find a vulnerability in a real system, showing the usefulness of our work|
|Appears in Collections:||Dept of Computer Science Embargoed Research Papers|
Files in This Item:
|FullText.pdf||Embargoed until 01 Jan 2030||514.44 kB||Adobe PDF||View/Open Request a copy|
Items in BURA are protected by copyright, with all rights reserved, unless otherwise indicated.