Back to Publications
2016Computer

Metamorphic Testing for Cybersecurity

Chen, Tsong Yueh, Kuo, Fei‐Ching, Ma, Wenjuan, Susilo, Willy, Towey, Dave, Voas, Jeffrey, and Zhou, Zhi Quan

Abstract

Testing is a major approach for the detection of software defects, including vulnerabilities in security features. This article introduces metamorphic testing (MT), a relatively new testing method, and discusses how the new perspective of MT can help to conduct negative testing as well as to alleviate the oracle problem in the testing of security-related functionality and behavior. As demonstrated by the effectiveness of MT in detecting previously unknown bugs in real-world critical applications such as compilers and code obfuscators, we conclude that software testing of security-related features should be conducted from diverse perspectives in order to achieve greater cybersecurity.

Keywords

Computer scienceOracleComputer securitySecurity testingSoftware testingSecure codingSoftware security assuranceSoftwareRandom testingBlack-box testingSoftware performance testingSoftware engineeringInformation securitySoftware developmentCloud computing securitySoftware constructionProgramming languageTest caseCloud computingOperating systemSecurity serviceSecurity information and event managementMachine learning