Improving network applications security: A new heuristic to generate stress testing data

GECCO 2005 - Genetic and Evolutionary Computation Conference

Volumn , Issue , 2005, Pages 1037-1043

  Del Grosso, Concettina ^a   Antqniol, Giuliano ^a   Di Penta, Massimiliano ^a   Galinier, Philippe ^b   Merlo, Ettore ^b  

^a UNIVERSITY OF SANNIO   (Italy)

^b ÉCOLE POLYTECHNIQUE DE MONTRÉAL   (Canada)

Author keywords

Evolutionary testing; Security; Stress Testing; Test Data generation

Indexed keywords

COMPUTER NETWORKS; COMPUTER PROGRAM LISTINGS; COMPUTER SOFTWARE; EVOLUTIONARY ALGORITHMS; FUNCTION EVALUATION; STRESS ANALYSIS;

EVOLUTIONARY TESTING; SECURITY; STRESS TESTING; TEST DATA GENERATION;

SECURITY OF DATA;

EID: 32444432284     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1068009.1068185     Document Type: Conference Paper

References (23)

1. Beetlesoft RatScan. http://www.beetlesoft.com.
2. Secure software solutions, rats, the rough auditing tool for security.http://www.securesw.com/rats/.
3. G. Antoniol and E. Merlo. A static measure of a subset of intra-procedural data flow testing coverage based on node coverage. In GASCON, October 1999.
4. D. Binkley and M. Harman. Analysis and visualization of predicate dependence on formal parameters and global variables. IEEE Transactions on Software Engineering, 30(11):715-735, Nov 2004.
5. D. DaCosta, G.Dahn, S. Mancoridis, and V. Prevelakis, Characterizing the 'security vulnerability likelihood' of software functions. In Proceedings of IEEE International Conference on Software Maintenance, pages 266-276, Amsterdam, The Netherlands, Oct 2003.
6. C. Del Grosso, G. Antoniol, and M. Di Penta. An evolutionary testing approach to detect buffer overflow. In Student Paper Proceedings of the International Symposium of Software Reliability Engineering (ISSRE), St. Malo, France, Nov 2004.
7. C. Del Grosso, M. Di Penta, and G. Antoniol. An evolutionary testing approach to detect buffer overflows. In International Symposium on Software Reliability Engineering (student paper), pages 77-78, St Malo, Bretagne, France, November, 2-5 2004.
8. D. E. Goldberg. Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley Pub Co, Jan 1989.
9. R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In In Proceedings of the Winter USENIX Conference, Washington, DC, USA, Aug 1992.
10. E. Haugh and M. Bishop. Testing c programs for buffer overflow vulnerabilities.
11. B. Korel and A. Al-Yami. Assertion-oriented automated test data generation. In Proceedings of the International Conference on Software Engineering, Berlin, Germany, 1996.
12. D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In In Proceedings of the USENIX Security Symposium, Washington, DC, USA, Aug 2001.
13. P. McMinn. Search-based software test data generation: a survey. Software Testing, Verification and Reliability, 14:105-156, June 2004.
14. E. Merlo and G. Antoniol. A static measure of a subset of intra-procedural data flow testing coverage based on node coverage. In Proceedings of CASCON-99 - ponsored by IBM Canada and the National Reasearch Council of Canada, pages 173-186, Mississauga (Ontario), November 8-11 1999.
15. B. Miller, L. Fredricksen, and B. So. Empirical study of the reliability of unix utilities. Communications of the Association for Computing Machinery, 33(12) :32-44, Dec 1990.
16. O. Ruwase and M. Lam. A practical dynamic buffer overflow detector. In Proceedings of the Network and Distributed System Security (NDSS) Symposium, pages 159-169, Feb 2004.
17. N. Tracey. A search-based automated test-data generation framework for safety critical software. PhD thesis. University of York, 2000.
18. N. Tracey, J. Clark, K. Mander, and J. McDermid. Automated test data generation for exception conditions. Software - Practice and Experience, 30(1), 2000.
19. J. Viega, J. Bloch, T. Kohno, and G. McGraw. ITS4: A static vulnerability scanner for c and c++ code. In Proceedings of the 16th Annual Computer Security Applications Conference, pages 3-17, Dec 2000.
20. S. G. W. and C. W. G. Statistical Methods. Iowa State University Press, 1989.
21. D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS '00), pages 3-17, San Diego, CA, USA, Feb 2000.
22. M. Wall. GAlib - a C++ library of genetic algorithm components, http://lancet.mit.edu/ga/.
23. M. Weiser. Program slicing. IEEE Transactions on Software Engineering, 10(4):352-357, July 1984.