In recent years, a variety of encrypfion algorithms were proposed to enhance the security of software and systems. Validating whether encryption algorithms are correctly implemented is a challenging issue. Software te...In recent years, a variety of encrypfion algorithms were proposed to enhance the security of software and systems. Validating whether encryption algorithms are correctly implemented is a challenging issue. Software testing delivers an effective and practical solution, but it also faces the oracle problem (that is, under many practical situations, it is impossible or too computationally expensive to know whether the output for any given input is correct). In this paper, we propose a property-based approach to testing encryption programs in the absence of oracles. Our approach makes use of the so-called metamorphic properties of encryption algorithms to generate test cases and verify test results. Two case studies were conducted to illustrate the proposed approach and validate its effectiveness. Experimental results show that even without oracles, the proposed approach can detect nearly 50% inserted faults with at most three metamorphic relations (MRs) and fifty test cases.展开更多
基金Acknowledgements Authors would like to thank Professor Tsong Yueh Chen for his constructive comments on the earlier version of this paper and Rong Liang for her involvement in the experiments reported in this work. This research was supported by the National Natural Science Foundation of China (Grant Nos. 60903003, 61370061), the Beijing Natural Science Foundation of China (4112037), the Fundamental Research Funds for the Central Universities (FRF-SD-12-015A), the Open Funds of the State Key Laboratory of Computer Science of Chinese Academy of Science, (SYSKF1105), and the Beijing Municipal Training Program for Excellent Talents (2012D009006000002). Thanks to the anonymous reviewers who provided useful suggestions on earlier versions of this paper.
文摘In recent years, a variety of encrypfion algorithms were proposed to enhance the security of software and systems. Validating whether encryption algorithms are correctly implemented is a challenging issue. Software testing delivers an effective and practical solution, but it also faces the oracle problem (that is, under many practical situations, it is impossible or too computationally expensive to know whether the output for any given input is correct). In this paper, we propose a property-based approach to testing encryption programs in the absence of oracles. Our approach makes use of the so-called metamorphic properties of encryption algorithms to generate test cases and verify test results. Two case studies were conducted to illustrate the proposed approach and validate its effectiveness. Experimental results show that even without oracles, the proposed approach can detect nearly 50% inserted faults with at most three metamorphic relations (MRs) and fifty test cases.
