Metamorphic Testing for Cybersecurity

Tsong Yueh Chen; Fei Ching Kuo; Wenjuan Ma; Willy Susilo; Dave Towey; Jeffrey Voas; Zhi Quan Zhou

doi:10.1109/MC.2016.176

Metamorphic Testing for Cybersecurity

Tsong Yueh Chen, Fei Ching Kuo, Wenjuan Ma, Willy Susilo, Dave Towey, Jeffrey Voas, Zhi Quan Zhou

School of Computer Science

Research output: Contribution to specialist publication › Article

64 Citations (Scopus)

41 Downloads (Pure)

Abstract

Metamorphic testing (MT) can enhance security testing by providing an alternative to using a test oracle, which is often unavailable or impractical. The authors report how MT detected previously unknown bugs in real-world critical applications such as code obfuscators, giving evidence that software testing requires diverse perspectives to achieve greater cybersecurity.

Original language	English
Pages	48-55
Number of pages	8
Volume	49
No.	6
Specialist publication	Computer
DOIs	https://doi.org/10.1109/MC.2016.176
Publication status	Published - Jun 2016

Keywords

Heartbleed bug
Web testing
cybersecurity
cyberthreats
fuzzing
logic error
metamorphic testing
obfuscator testing
oracle problem
software testing
software vulnerability

ASJC Scopus subject areas

General Computer Science

Access to Document

10.1109/MC.2016.176

MT.for.Cybersecurity.AcceptedAccepted author manuscript, 471 KB

Cite this

@misc{3d06dc884fd343dd9cfce3af6335957d,

title = "Metamorphic Testing for Cybersecurity",

abstract = "Metamorphic testing (MT) can enhance security testing by providing an alternative to using a test oracle, which is often unavailable or impractical. The authors report how MT detected previously unknown bugs in real-world critical applications such as code obfuscators, giving evidence that software testing requires diverse perspectives to achieve greater cybersecurity.",

keywords = "Heartbleed bug, Web testing, cybersecurity, cyberthreats, fuzzing, logic error, metamorphic testing, obfuscator testing, oracle problem, software testing, software vulnerability",

author = "Chen, {Tsong Yueh} and Kuo, {Fei Ching} and Wenjuan Ma and Willy Susilo and Dave Towey and Jeffrey Voas and Zhou, {Zhi Quan}",

note = "Publisher Copyright: {\textcopyright} 1970-2012 IEEE.",

year = "2016",

month = jun,

doi = "10.1109/MC.2016.176",

language = "English",

volume = "49",

pages = "48--55",

journal = "Computer",

issn = "0018-9162",

publisher = "IEEE Computer Society",

}

TY - GEN

T1 - Metamorphic Testing for Cybersecurity

AU - Chen, Tsong Yueh

AU - Kuo, Fei Ching

AU - Ma, Wenjuan

AU - Susilo, Willy

AU - Towey, Dave

AU - Voas, Jeffrey

AU - Zhou, Zhi Quan

PY - 2016/6

Y1 - 2016/6

N2 - Metamorphic testing (MT) can enhance security testing by providing an alternative to using a test oracle, which is often unavailable or impractical. The authors report how MT detected previously unknown bugs in real-world critical applications such as code obfuscators, giving evidence that software testing requires diverse perspectives to achieve greater cybersecurity.

AB - Metamorphic testing (MT) can enhance security testing by providing an alternative to using a test oracle, which is often unavailable or impractical. The authors report how MT detected previously unknown bugs in real-world critical applications such as code obfuscators, giving evidence that software testing requires diverse perspectives to achieve greater cybersecurity.

KW - Heartbleed bug

KW - Web testing

KW - cybersecurity

KW - cyberthreats

KW - fuzzing

KW - logic error

KW - metamorphic testing

KW - obfuscator testing

KW - oracle problem

KW - software testing

KW - software vulnerability

UR - http://www.scopus.com/inward/record.url?scp=84976515867&partnerID=8YFLogxK

U2 - 10.1109/MC.2016.176

DO - 10.1109/MC.2016.176

M3 - Article

AN - SCOPUS:84976515867

SN - 0018-9162

VL - 49

SP - 48

EP - 55

JO - Computer

JF - Computer

ER -

Metamorphic Testing for Cybersecurity

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this