The objective of software testing is to stress a program to reveal programming defects. Goal of security testing is, more specifically, to reveal defects that could lead to security problems. Security testing, however, has been mostly interested in the automatic generation of test cases that "try" to reveal a vulnerability, rather than assessing if test cases actually "managed" to reveal vulnerabilities. %the development of a security oracle to assess a test case itself. In this paper, we cope with the latter problem. We investigated on the feasibility of using tree kernel methods to implement a classifier able to evaluate if a test case revealed a vulnerability, i.e. a security oracle for injection attacks. We compared seven different variants of tree kernel methods in terms of their effectiveness in detecting attacks.

Towards a Security Oracle Based on Tree Kernel Methods

Avancini, Andrea;Ceccato, Mariano
2012-01-01

Abstract

The objective of software testing is to stress a program to reveal programming defects. Goal of security testing is, more specifically, to reveal defects that could lead to security problems. Security testing, however, has been mostly interested in the automatic generation of test cases that "try" to reveal a vulnerability, rather than assessing if test cases actually "managed" to reveal vulnerabilities. %the development of a security oracle to assess a test case itself. In this paper, we cope with the latter problem. We investigated on the feasibility of using tree kernel methods to implement a classifier able to evaluate if a test case revealed a vulnerability, i.e. a security oracle for injection attacks. We compared seven different variants of tree kernel methods in terms of their effectiveness in detecting attacks.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11582/101801
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
social impact