GENERALLY ACCESSIBLE. Model- Based Testing. Forces and Solutions. Prof. Walter Kriha, Hochschule der Medien Stuttgart, Computer Science and Media Faculty September 16, 2005. SECTION 1. Problem View. Example: I nternet S ervice. When „search“ returns passwords. User Registry.
Forces and Solutions
Prof. Walter Kriha, Hochschule der Medien Stuttgart,
Computer Science and Media Faculty
September 16, 2005
When „search“ returns passwords...
Deploying an application into this environment can take month after month of laborious testing. But how can you be sure that core security concepts (like trust zones, end-to-end security, secrecy etc.) are met and maintained by the software? Automation of tests is a key requirement! Execution of tests must be fully traced.
Technical and Social
It will take advanced tools for developers to perform continuous and early testing of those complex systems
An endless story?
Same Origin Concept
Every new feature in a browser (frames, pop-up windows, tabs, bookmarks etc.) seems to violate this simple principle of protection. Take a look at the mozilla security buglist. Why is that so?
Concepts and Implementations
Is it possible to capture advanced security concepts in models and use them for (automatic) testing? Another example that needs much better testing is the implementation of dynamic Role-based-access-control (RBAC) systems which rely on static data, rules and environment values to reach a verdict.
From no concept to a representation of test concepts
No test concept
textual input, manual tests, automated reporting: What do they want me to test?
I wonder what this change will do?
model and test language supported by tools. The model itself contains concepts through profiles.
Another application change, need to fix test scripts too
The concepts need to be caught in models and used to drive test engines, simulators or generate code against the production software
This is only one example of many different ways to use MBT. With UML 2.0 activity diagrams are an effective way to represent „unit-of-work“ like concepts which appear naturally in testing.
Where are the benefits?
According to Pretschner et.al. testing without a model gives the worst results.
EAI example: How to avoid the textual step
Execute instructions in EAI server
Business creates Transformation Rules with specialized UML editor
Create Meta-data and Actions for Interpreter/Server
Server (UML VM)
A successful example how model driven development enables even end-users to create precise specifications of data transformations. Shouldn't this be possible with testing as well?
For an example of the use of UML for model checking take a look at UMLsec.
Model-Based Testing is not the same as Model-Driven Development.
Exept and HDM
Based on a common understanding of concept based learning and development HDM and Exept will explore the above topics in projects and courses at HDM.