Please use this identifier to cite or link to this item:
Title: A tool supported methodology to passively test asynchronous systems with multiple users
Authors: merayo, MG
Hierons, RM
Nunez, M
Issue Date: 2018
Publisher: Elsevier
Citation: Information and Software Technology
Abstract: Context: Testing usually involves the interaction of the tester with the system under test. However, there are many situations in which this interaction is not feasible and so one requires a passive approach in which the system is analysed to look for failures or unexpected behaviours. The entities of a complex system usually communicate in an asynchronous manner and this complicates the testing tasks since the observed order of events need not be the same as the order in which the events were produced. In previous work, we presented a formal passive testing theory for a single user and system communicating through an asynchronous channel. We were able to check that a trace generated by the system satisfies a given property. Objective: This papers extends our work, for detecting potential intrusions and unexpected behaviours, to the case where many users simultaneously communicate with a central server. We evaluate the practical value of the theoretical framework with a non-trivial system. Method: We developed a novel complete theoretical framework to analyse asynchronous systems with multiple users. All the algorithms are fully implemented. Experiments were performed over the Nextcloud platform to show the applicability of our framework. The experiments include an attack so that actual vulnerabilities could be revealed. Results: The application of our methodology, supported by a tool fully implementing it, was able to reveal a vulnerability in the WebDAV protocol running on Nextcloud. Conclusion: The extension of our previous work is not only useful from a theoretical point of view but also increases the applicability of the original work. We are now able to analyse systems where the interaction with different users can lead to unexpected behaviours. We have been able to find a vulnerability in a real system, showing the usefulness of our work
ISSN: 0950-5849
Appears in Collections:Dept of Computer Science Embargoed Research Papers

Files in This Item:
File Description SizeFormat 
FullText.pdfEmbargoed until 01 Jan 2030514.44 kBAdobe PDFView/Open    Request a copy

Items in BURA are protected by copyright, with all rights reserved, unless otherwise indicated.