Model-Based MCDC Testing of Complex Decisions for the Java Card Applet Firewall

Certification processes require the generation of models of a design. Using Model-Based Testing, these models can double as guides for test case generation. In this paper, we consider Boolean formulas that model a decision to be taken by a part of the software. We show how to use an SMT-solver to generate test cases that fulfill the MCDC coverage criteria on these models, in the presence of strong coupling. We show that the approach can improve test coverage, and finds a bug in an implementation of the Java Card Applet Firewall. Keywords—automatic test case generation; common criteria; java card applet firewall.

[1]  John Joseph Chilenski,et al.  An Investigation of Three Forms of the Modified Condition Decision Coverage (MCDC) Criterion , 2001 .

[2]  Stephanie Motre,et al.  Using B Method to Formalize the Java Card Runtime Security Policy for a Common Criteria Evaluation , 1999 .

[3]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[4]  Karin Greimel,et al.  Formal security policy models for smart card evaluations , 2012, SAC '12.

[5]  Shaoying Liu,et al.  Generating test data from state‐based specifications , 2003, Softw. Test. Verification Reliab..

[6]  Elaine J. Weyuker,et al.  Automatically Generating Test Data from a Boolean Specification , 1994, IEEE Trans. Software Eng..

[7]  Marco Pistore,et al.  Nusmv version 2: an opensource tool for symbolic model checking , 2002, CAV 2002.

[8]  Quang Huy Nguyen,et al.  Industrial Use of Formal Methods for a High-Level Security Evaluation , 2008, FM.

[9]  Marie-Claude Gaudel,et al.  Software testing based on formal specifications: a theory and a tool , 1991, Softw. Eng. J..

[10]  Marc J. Balcer,et al.  The category-partition method for specifying and generating fuctional tests , 1988, CACM.

[11]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[12]  Gordon Fraser,et al.  Testing with model checkers: a survey , 2009 .

[13]  Steven P. Miller,et al.  Applicability of modified condition/decision coverage to software testing , 1994, Softw. Eng. J..

[14]  Michael Norrish,et al.  seL4: formal verification of an operating-system kernel , 2010, Commun. ACM.

[15]  A. Jefferson Offutt,et al.  Coverage criteria for logical expressions , 2003, 14th International Symposium on Software Reliability Engineering, 2003. ISSRE 2003..