A Natural Language Programming Approach for Requirements-Based Security Testing

X., Phu; Pastore, Fabrizio; Göknil, Arda; Briand, Lionel C.

doi:10.1109/issre.2018.00017

Cited by 22 publications

(10 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Future work includes the extension of UMTG to deal with different types of testing problems and the identification of solutions to further the scalability of the strategy due to constraint solving for very large systems. We are currently working on UMTG-inspired approaches for security testing of Web systems [33], [34]. We also aim to address scalability issues by evaluating the feasibility of adopting alternative solving approaches, including SMT solvers [126], answer set programming [127], higher-order relational constraint solving [128], and the combination of constraint solving and search-based optimization [95], [129].…”

Section: Discussionmentioning

confidence: 99%

“…It enables the extraction of behavioral information by reducing imprecision and incompleteness in use case specifications. RUCM has been successfully applied in many domains (e.g., [23], [24], [25], [26], [27], [28], [29], [30], [31], [32], [33], [34], [35]). It has been previously evaluated through controlled experiments and showed to be usable and beneficial with respect to making use case specifications less ambiguous and more amenable to precise analysis and design [12].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Automatic Generation of Acceptance Test Cases From Use Case Specifications: An NLP-Based Approach

Wang

Pastore

Göknil

et al. 2022

IIEEE Trans. Software Eng.

Self Cite

View full text Add to dashboard Cite

Acceptance testing is a validation activity performed to ensure the conformance of software systems with respect to their functional requirements. In safety critical systems, it plays a crucial role since it is enforced by software standards, which mandate that each requirement be validated by such testing in a clearly traceable manner. Test engineers need to identify all the representative test execution scenarios from requirements, determine the runtime conditions that trigger these scenarios, and finally provide the input data that satisfy these conditions. Given that requirements specifications are typically large and often provided in natural language (e.g., use case specifications), the generation of acceptance test cases tends to be expensive and error-prone. In this paper, we present Use Case Modeling for System-level, Acceptance Tests Generation (UMTG), an approach that supports the generation of executable, system-level, acceptance test cases from requirements specifications in natural language, with the goal of reducing the manual effort required to generate test cases and ensuring requirements coverage. More specifically, UMTG automates the generation of acceptance test cases based on use case specifications and a domain model for the system under test, which are commonly produced in many development environments. Unlike existing approaches, it does not impose strong restrictions on the expressiveness of use case specifications. We rely on recent advances in natural language processing to automatically identify test scenarios and to generate formal constraints that capture conditions triggering the execution of the scenarios, thus enabling the generation of test data. In two industrial case studies, UMTG automatically and correctly translated 95% of the use case specification steps into formal constraints required for test data generation; furthermore, it generated test cases that exercise not only all the test scenarios manually implemented by experts, but also some critical scenarios not previously considered.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Automatic Generation of Acceptance Test Cases From Use Case Specifications: An NLP-Based Approach

Wang

Pastore

Göknil

et al. 2022

IIEEE Trans. Software Eng.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The technique is aided by an application that allows natural language specifications to be automatically translated into Statechart models. In [34], the authors addressed the problem of automatically creating executable security test scenarios from natural language security requirements.…”

Section: Related Workmentioning

confidence: 99%

Towards an Automated Model-Based Test Generation Approach from Controlled Natural Language Specifications Written in Arabic

Krichen¹,

Mechti²

2021

Preprint

View full text Add to dashboard Cite

<div>We propose a new model-based testing approach which takes as input a set of requirements described in Arabic Controlled Natural Language (CNL) which is a subset of the Arabic language generated by a specific grammar. The semantics of the considered requirements is defined using the Case Grammar Theory (CTG). The requirements are translated into Transition Relations which serve as an input for test cases generation tools.</div>

show abstract

“…MCP is the tool supporting our approach for automatically generating security vulnerability test cases from misuse case specifications, described in a recent conference paper [20]. Fig.…”

Section: Tool Overviewmentioning

confidence: 99%

MCP: A Security Testing Tool Driven by Requirements

Pastore

Göknil

et al. 2019

2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)

Self Cite

View full text Add to dashboard Cite

We present MCP, a tool for automatically generating executable security test cases from misuse case specifications in natural language (i.e., use case specifications capturing the behavior of malicious users). MCP relies on Natural Language Processing (NLP), a restricted form of misuse case specifications, and a test driver API implementing basic utility functions for security testing. NLP is used to identify the activities performed by the malicious user and the control flow of misuse case specifications. MCP matches the malicious user's activities to the methods of the provided test driver API in order to generate executable security test cases that perform the activities described in the misuse case specifications. MCP has been successfully evaluated on an industrial case study.

show abstract

A Natural Language Programming Approach for Requirements-Based Security Testing

Cited by 22 publications

References 57 publications

Automatic Generation of Acceptance Test Cases From Use Case Specifications: An NLP-Based Approach

Automatic Generation of Acceptance Test Cases From Use Case Specifications: An NLP-Based Approach

Towards an Automated Model-Based Test Generation Approach from Controlled Natural Language Specifications Written in Arabic

MCP: A Security Testing Tool Driven by Requirements

Contact Info

Product

Resources

About