« Click on the titles for more details »
« ITEQS 2020 is held as a virtual workshop via Zoom. Contact iteqs2020[at]easychair.org for details»
Ivan Porres, Tanwir Ahmad, Hergys Rexha, Sebastien Lafond, Dragos Truscan
We present a novel exploratory performance testing algorithm that uses machine learning to optimize the test suit generation process. The goal is to generate test suites that contain a large number of positive tests, revealing performance defects or other issues of interest in the system under test. The key idea is to use a deep neural network to predict what test could be positive and to train this network online during the test generation process, designing and executing the test suite simultaneously. The approach is completely automatic and it does not require any prior knowledge about the internals of the system under test. It can also be used effectively in a continuous integration setting where small variations of a system are tested successively. We evaluate our algorithm using two example problems: searching for bottlenecks in a web service and searching for efficient hardware configurations in a single board computer. In both examples, the presented algorithm performed several times better than a random tester and our previously published algorithm, producing test suites with a large proportion of positive tests.
Naylor G. Bachiega, Paulo S. L. Souza, Sarita M. Bruschi, Simone R. S. De Souza
Performance is one of the Extra-Functional Properties (EFPs), an essential part of software development with limited resources. In such a context of software development, containers represent a widely used abstraction technology that requires fewer resources, when compared to hypervisor-based virtualization. Containers provide access to environments and speed up development by abstracting the underlying infrastructure layer for different application domains. Volume sharing is a usual abstraction provided by containers for data persistence, which can be accomplished, especially with Network File System (NFS) or Docker's sharing method. Evaluate the performance of these volumes in containers is critical to software development; however, we did not find available in the literature such evaluation. This paper describes the volume sharing performance for containers using NFS and Docker, which is essential for data persistence. We evaluated the performance of these shared volumes simulating three application domains: database accesses from a benchmark, direct reads and writes in the file systems and concurrent accesses from an MPI parallel program. Our results show significant differences among the distinct volume sharing methods analyzed for Docker and NFS. While asynchronous NFS has better performances for the set composed of heavy workloads, bursting read and write sequences, the Docker volumes, by the other hand, outperformed for processes with concurrent accesses when using a parallel program.
Mitsuaki Tsuji, Toshinori Takai, Kazuki Kakimoto, Naoki Ishihama, Masafumi Katahira, Hajimu Iida
Recently, a hazard analysis technique STAMP/STPA has been widely accepted since it is recognized as being suitable for software-intensive systems. Using STAMP/STPA, we can find hazardous scenarios of the target system that cannot be obtained by other traditional hazard analysis methods and those scenarios can be used for validation testing. However, generally the number of obtained scenarios can be huge and the validation testing involves a considerable cost. In this study, we propose a method to prioritize hazardous scenarios identified by STAMP/STPA with the help of a statistical model-checking technique. We give a procedure for systematically transforming the model defined by STAMP/STPA to a formal model for a statistical model-checking tool. We also show the usefulness of the proposed method using an example of train gate control system
Francisco Araújo, Ibéria Medeiros, Nuno Neves
Industrial products, like vehicles and trains, integrate embedded systems implementing diverse and complicated functionalities. Such functionalities are programmable by software and contain a multitude of parameters necessary for their configuration, which have been increasing due to the market diversification and customer demand. In addition, industrial products are often built by aggregating different software parts (components), constituting thus product variants. Product variants with such variability need to be tested adequately, in particular if one is concerned with security vulnerabilities. While efficient automated testing approaches already exist, such as fuzzing, no tool is able to use results from previous testing campaigns to increase the efficiency of security testing the next product variant that shares certain functionalities. This paper presents an approach that can ignore already covered functionalities by previous tests and give more importance to blocks of code that have yet to be checked. The benefit is to avoid repeating unnecessary work, hence increasing the speed and the coverage in the new variant. The approach was implemented in a tool based on the AFL fuzzer and was validated with a set of programs of different versions. The experimental results show that the tool can perform better than AFL in our testing scenario.
Aymeric Cretin, Alexandre Vernotte, Antoine Chevrot, Fabien Peureux, Bruno Legeard
The ADS-B - Automatic Dependent Surveillance Broadcast - technology requires aircraft to broadcast their position and velocity periodically. The protocol was not specified with cyber security in minds and therefore provides no encryption nor identification. These issues, coupled with the reliance on aircraft to communicate on their status, expose air transport to new cyber security threats, and especially to FDIAs --- False Data Injection Attacks --- where an attacker modifies, blocks, or emits fake ADS-B messages to dupe controllers and surveillance systems. This paper is part of an ongoing research initiative toward FDIA test generation intended to improve the detection capabilities of surveillance systems. It focuses on the mechanisms used to alter existing legitimate ADS-B recordings as if an attacker had tempered with the communication flow. We propose a set of alteration algorithms covering the taxonomy of FDIA attacks for ADS-B previously defined in the literature. We experiment this approach by generating test data for an AI-based FDIA detection system. Experimental results show that the proposed approach is straightforward to generate attack situations and provides a efficient way to easily generate sophisticated alterations that were not picked up by the detection system.
Prof. Franz WotawaGraz University of Technology
Testing non-functional properties like security, reliability, or even resilience has gained a lot of attention recently. In my talk, I focus on security and there in particular on providing testing methodologies that can be used to detect known vulnerabilities in order to avoid making mistakes twice. Techniques and methods, I discuss including planning-based and ontology-based testing make use of methods originating from artificial intelligence to create test cases for detecting security issues. Besides providing the foundations behind those methods, I also report on most recent experimental results obtained when using these methods for detecting vulnerabilities regarding injection and cross-side scripting. In addition, we discuss open issues and current research topics in security testing.
Muhammad Abbas, Abdul Rauf, Mehrdad Saadatmand, Eduard Paul Enoiu and Daniel Sundmark
Categorizing existing test specifications can provide insights on coverage of the test suite to extra-functional properties. Manual approaches for test categorization can be time-consuming and prone to error. In this short paper, we propose a semi-automated approach for semantic keywords-based textual test categorization for extra-functional properties. The approach is the first step towards coverage-based test case selection based on extra-functional properties. We report a preliminary evaluation of industrial data for test categorization for safety aspects. Results show that keyword-based approaches can be used to categorize tests for extra-functional properties and can be improved by considering contextual information of keywords.
The workshop does not accept papers that focus purely on functional testing!
Download: Flyer as PDF ----- Call-for-Papers as text
Towards the goal of ITEQS, the topics of interest for the workshop include, but are not limited to, the following:
As the presence and role of computer systems in our daily life increases, we rely more and more on the services that are provided by software. On one hand, more tasks and functions are delegated to software systems (e.g., in the automotive domain), and on the other hand, the expectations and demands on the variety of services provided by these systems are dramatically growing (e.g., in mobile phones). In this context, the success of a software product may not only be dependent on logical correctness of its functions, but also on their quality characteristics and how they perform. Such system characteristics, which are referred to and captured as Extra-Functional Properties (EFPs), or Non-Functional Properties, have determinant importance particularly in resource constrained systems. For instance, in real-time embedded domain there can be limitations on available memory, CPU and processing capability, power consumption, and so on, that need to be considered along with timing requirements of an application. Considering the rapid development towards increased integration of software with the social and physical world that we see today, quality aspects become more important in an increasing number of the systems and devices we use and depend on. These systems therefore, need to be tested with a special attention to EFPs such as safety, security, performance and robustness.
Testing a system with respect to its EFPs, however, poses specific challenges and traditional functional testing methods and approaches may not simply be applicable. Examples of such challenges are: fault localization, the need to have appropriate techniques for different types of EFPs, the role and impact of the environment in testing EFPs, observability and testability issues, coverage and test-stop criteria, modeling EFPs and generating meaningful test cases, mutation operators for EFPs, etc.
ITEQS provides a well-focused forum with the goal of bringing together researchers and practitioners to share ideas, identify challenges, propose solutions and techniques, and in general expand the state of the art in testing EFPs and quality characteristics of software systems and services.
Check the topics of interest for more details.
The workshop promotes two types of contributions in IEEE double-column format:
Each submitted paper will receive at least three reviews. To be faithful to the scope and goals of the workshop, papers that focus only on functional aspects and fail to address any EFPs and quality attributes will not be accepted.
Papers must conform to the IEEE double-column format (http://www.ieee.org/conferences_events/conferences/publishing/templates.html). Authors can submit their papers through easychair at: https://easychair.org/conferences/?conf=iteqs2020. Accepted and presented papers will be included in the IEEE CPS Proceedings.
Contact us: iteqs2020 [at] easychair [dot] org or mehrdad.saadatmand [at] ri [dot] se
General chair
RISE SICS Västerås, Sweden
Program chair
Åbo Akademi University, Finland
Program chair
Mälardalen University, Sweden
CNR (National Research Council), Italy
Aalborg University, Denmark
Queen’s University, Belfast, UK
Mälardalen University, Sweden
Carleton University, Canada
George Mason University, USA
Mälardalen University, Sweden
National University of Computer and Emerging Sciences, Pakistan
University of Luxembourg, Luxembourg
Karlstad University, Sweden
Simula Research Laboratory, Norway
IT University of Copenhagen, Denmark
Graz University of Technology, Austria
organizations that support us
