SETER

Abstract

Resilient systems can be viewed as open distributed systems that have capabilities to dynamically adapt, in a predictable way, to unexpected and harmful events, including faults and errors. Engineering such systems is a challenging issue which implies reasoning explicitly and in a consistent way about functional and non-functional characteristics of systems.

The difficulty to build resilient systems and the economic pressure to produce software with constraints on costs, quality, security, reliability, etc... enforce the use of practical solutions founded on scientific knowledge. One of these solutions is to propose an innovative testing process. Testing is an activity that aims at both demonstrating discrepancies between a systems actual and intended behaviours and increasing the confidence that there is no such discrepancy. One of the main features of a system to test is the security of the system, especially for those which are safety or business critical. The security of a system classically relates to the confidentiality and integrity of data as well as the availability of systems. Testing security properties is a real challenge, especially for resilient systems which have the capability to dynamically evolve to improve the security attributes.

Imagine for instance a requirement of a resilient property such as "if the key of the encryption algorithm is known by an unauthorized person then the encryption algorithm has to be dynamically changed and etc...". This resilience requirement addresses a security attribute because it concerns confidentiality and a solution has to be designed to ensure this requirement. The aim of the SETER project is to define a new testing approach that will ease the verification of resilient programs that implement such security properties. This approach must be aware that confidentiality and integrity can be compromised in many different ways (and consequently the resilient system can evolve in many different ways too), that availability guarantees are difficult to ensure, and that it must be compliant with the other tests addressing the core functionalities of the system. Current trends advocate the idea that resilience should become an integral part of all steps of software development. Moreover, testing is important for detecting errors early in the development life cycle. The earlier an error is detected, the easier and cheaper it is to resolve. Therefore, the objective of the SETER project fits with these ideas by proposing new security testing approaches for resilient systems the earlier possible during the software development lifecycle to propose more secure and more reliable system. In order to do so, several main tasks must be addressed:

• Definition of  a modeling language supporting the explicit specification of resilience and security properties in the definition of the system's requirements,
• Definition of a testing approach able to generate tests in the basis of this specification language. This approach will have to deal with the intrinsic dynamic variabilities of resilient systems, by providing efficient techniques to select and minimize test cases (reuse of common parts, modularity, etc.). 
• Development of test metrics in order to evaluate test selection and generation;
• Development of large case studies.

Keywords

Model-Driven Engineering, Testing, Requirements Engineering, Fault Tolerance, Security, Resilient and Self-Adaptive/Self-* Systems, Modularity, Reuse & Dynamic Software Product Lines.

Contact

Prof. Nicolas Guelfi

Dr. Gilles Perrouin: gilles 'dot' perrouin 'at' uni 'dot' lu.