Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security & Privacy

ISEA-ISAP 2019: Security and Privacy pp 275–285Cite as

Testing Program Crash Based on Search Based Testing and Exception Injection

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 939))

Abstract

Program crash has always been one of the serious issues, especially in modern applications. It poses severe security concern to the applications and may pose a life threatening concern. Several such instances of program crash have been observed in popular software such as Hadoop, Eclipse and others. It is very much desirable that a program should be tested for crash well before the deployment. A method has been proposed in this paper using search based algorithm and exception injection in order to test program for crash that may caused mainly due to abnormality of external resources. The proposed method facilitates tester to locate the program location, where any such crash may happen. Moreover, it can protect program from such threats well in advance.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Anwer, F., Nazir, M., Mustafa, K.: Security testing. In: Mohanty, H., Mohanty, J.R., Balakrishnan, A. (eds.) Trends in Software Testing, pp. 35–66. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-1415-4_3

    Chapter  Google Scholar 

  2. Facebook crash is ‘worst in four years’. http://www.bbc.co.uk/newsbeat/article/11403897/facebook-crash-is-worst-in-four-years. Accessed 05 Jan 2017

  3. SQL Server Management Studio 2012/2014 crashes when closing (2013). https://connect.microsoft.com/SQLServer/feedback/details/774317/sql-server-management-studio-2012-2014-crashes-when-closing. Accessed 25 Dec 2016

  4. SAP NetWeaver Enqueue Server DoS vulnerability (2015). https://erpscan.com/advisories/erpscan-16-019-sap-netweaver-enqueue-server-dos-vulnerability. Accessed 25 Dec 2016

  5. Anwer, F., Nazir, M., Mustafa, K.: Automatic testing of inconsistency caused by improper error handling: a safety and security perspective. In: Proceedings of the 2014 International Conference on Information and Communication Technology for Competitive Strategies, p. 43. ACM (2014)

    Google Scholar 

  6. Anwer, F., Nazir, M., Mustafa, K.: Safety and security framework for exception handling in concurrent programming. In: 2013 Third International Conference on Advances in Computing and Communications (ICACC), pp. 308–311. IEEE (2013)

    Google Scholar 

  7. Natarajan, M.: Automated source code analysis to identify and remove software security vulnerabilities: case studies on Java programs. Int. J. Softw. Eng. 06(01), 3–32 (2013). http://www.ijse.org.eg/2013.asp?txtLoginUser=&txtLoginPasswd=

  8. Siedersleben, J.: Errors and exceptions – rights and obligations. In: Dony, C., Knudsen, J.L., Romanovsky, A., Tripathi, A. (eds.) Advanced Topics in Exception Handling Techniques. LNCS, vol. 4119, pp. 275–287. Springer, Heidelberg (2006). https://doi.org/10.1007/11818502_15

    Chapter  Google Scholar 

  9. Forrester, J.E., Miller, B.P.: An empirical study of the robustness of windows NT applications using random testing. In: Proceedings of the 4th USENIX Windows System Symposium, Seattle, pp. 59–68 (2000)

    Google Scholar 

  10. Csallner, C., Smaragdakis, Y.: JCrasher: an automatic robustness tester for Java. Softw.: Pract. Experience 34(11), 1025–1050 (2004)

    Google Scholar 

  11. Claessen, K., Hughes, J.: Quickcheck: a lightweight tool for random testing of haskell programs. In: ACM Sigplan Notices, vol. 46, no. 4, pp. 53–64 (2011)

    Article  Google Scholar 

  12. Cadar, C., Engler, D.: Execution generated test cases: how to make systems code crash itself. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, pp. 2–23. Springer, Heidelberg (2005). https://doi.org/10.1007/11537328_2

    Chapter  Google Scholar 

  13. Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: EXE: automatically generating inputs of death. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(2), 10 (2008)

    Article  Google Scholar 

  14. Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: ACM Sigplan Notices, vol. 40, no. 6, pp. 213–223. ACM (2005)

    Google Scholar 

  15. Godefroid, P., Levin, M.Y., Molnar, D.A., et al.: Automated whitebox fuzz testing. In: NDSS, vol. 8, pp. 151–166 (2008)

    Google Scholar 

  16. Grosso, C.D., Antoniol, G., Merlo, E., Galinier, P.: Detecting buffer overflow via automatic test input data generation. Comput. Oper. Res. 35(10), 3125–3143 (2008). http://www.sciencedirect.com/science/article/pii/S0305054807000305. Part Special Issue: Search-based Software Engineering

  17. Antoniol, G.: Keynote paper: search based software testing for software security: breaking code to make it safer. In: International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2009, pp. 87–100. IEEE (2009)

    Google Scholar 

  18. Avancini, A., Ceccato, M.: Towards security testing with taint analysis and genetic algorithms. In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, pp. 65–71. ACM (2010)

    Google Scholar 

  19. Avancini, A., Ceccato, M.: Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities. Inf. Softw. Technol. 55(12), 2209–2222 (2013)

    Article  Google Scholar 

  20. Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, vol. 8, pp. 209–224 (2008)

    Google Scholar 

  21. Anwer, F., Nazir, M., Mustafa, K.: Testing program for security using symbolic execution and exception injection. Indian J. Sci. Technol. 9(19) (2016)

    Google Scholar 

  22. Csalner, C., Smaragdakis, Y.: Check‘n’crash: combining static checking and testing. In: Proceedings of the 27th International Conference on Software Engineering, pp. 422–431. ACM (2005)

    Google Scholar 

  23. Pacheco, C., Ernst, M.D.: Randoop: feedback-directed random testing for Java. In: Companion to the 22nd ACM SIGPLAN Conference on Object-Oriented Programming Systems and Applications Companion, pp. 815–816. ACM (2007)

    Google Scholar 

  24. Bhattacharya, N., Sakti, A., Antoniol, G., Guéhéneuc, Y.-G., Pesant, G.: Divide-by-zero exception raising via branch coverage. In: Cohen, M.B., Ó Cinnéide, M. (eds.) SSBSE 2011. LNCS, vol. 6956, pp. 204–218. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23716-4_19

    Chapter  Google Scholar 

  25. Romano, D., Di Penta, M., Antoniol, G.: An approach for search based testing of null pointer exceptions. In: 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation (ICST), pp. 160–169. IEEE (2011)

    Google Scholar 

  26. Barr, E.T., Vo, T., Le, V., Su, Z.: Automatic detection of floating-point exceptions. In: ACM SIGPLAN Notices, vol. 48, no. 1, pp. 549–560 (2013)

    Article  MATH  Google Scholar 

  27. Fraser, G., Arcuri, A.: 1600 faults in 100 projects: automatically finding faults while achieving high coverage with evosuite. Empirical Softw. Eng. 20(3), 611–639 (2015)

    Article  Google Scholar 

  28. Zhang, P., Elbaum, S.: Amplifying tests to validate exception handling code. In: Proceedings of the 34th International Conference on Software Engineering, pp. 595–605. IEEE Press (2012)

    Google Scholar 

  29. Tonella, P.: Evolutionary testing of classes. In: ACM SIGSOFT Software Engineering Notes, vol. 29, no. 4, pp. 119–128. ACM (2004)

    Google Scholar 

  30. Zhang, P., Elbaum, S.: Amplifying tests to validate exception handling code: an extended study in the mobile application domain. ACM Trans. Softw. Eng. Methodol. (TOSEM) 23(4), 32 (2014)

    Article  Google Scholar 

  31. Robillard, M.P., Murphy, G.C.: Static analysis to support the evolution of exception structure in object-oriented systems. ACM Trans. Softw. Eng. Methodol. (TOSEM) 12(2), 191–221 (2003)

    Article  Google Scholar 

  32. Fu, C., Ryder, B.G.: Navigating error recovery code in Java applications. In: Proceedings of the 2005 OOPSLA workshop on Eclipse technology eXchange, pp. 40–44. ACM (2005)

    Google Scholar 

  33. Wu, X., Xu, Z., Wei, J.: Static detection of bugs caused by incorrect exception handling in Java programs. In: 2011 11th International Conference on Quality Software, pp. 61–66. IEEE (2011)

    Google Scholar 

  34. Kiczales, G., Mezini, M.: Aspect-oriented programming and modular reasoning. In: Proceedings of the 27th International Conference on Software Engineering, pp. 49–58. ACM (2005)

    Google Scholar 

  35. Laddad, R.: AspectJ in action: enterprise AOP with spring applications. Manning Publications Co., Shelter Island (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Aligarh Muslim University, Aligarh, India

    Faisal Anwer

  2. Department of Computer Science, Jamia Millia Islamia (A Central University), New Delhi, India

    Mohd. Nazir & Khurram Mustafa

Authors
  1. Faisal Anwer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohd. Nazir
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khurram Mustafa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Faisal Anwer .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Guwahati, Guwahati, India

    Sukumar Nandi

  2. Indian Institute of Technology Jammu, Jammu, India

    Devesh Jinwala

  3. Indian Institute of Technology Bombay, Mumbai, India

    Virendra Singh

  4. Malaviya National Institute of Technology, Jaipur, India

    Vijay Laxmi

  5. Indian Institute of Technology Jammu, Jammu, Jammu and Kashmir, India

    Manoj Singh Gaur

  6. Department of Technical Education, Government of Gujarat, Rajkot, India

    Parvez Faruki

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Anwer, F., Nazir, M., Mustafa, K. (2019). Testing Program Crash Based on Search Based Testing and Exception Injection. In: Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., Faruki, P. (eds) Security and Privacy. ISEA-ISAP 2019. Communications in Computer and Information Science, vol 939. Springer, Singapore. https://doi.org/10.1007/978-981-13-7561-3_20

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-7561-3_20

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-7560-6

  • Online ISBN: 978-981-13-7561-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation