A Holistic Approach to Event-Based Modeling and Testing of System Vulnerabilities

Professor Fevzi Belli

University of Paderborn

Thu May 04 15:10:00 NZST 2006 in Room 031, MSCS

Abstract

Man-machine systems have several desirable global system properties such as user friendliness, reliability, safety, and security. System vulnerability is the lack, or the exposure to breaches, of any such property, potentially leading to an undesirable situation from the users point of view. Such undesirable situations could arise from internal faults, unintended environmental failures or malicious attacks from the system environment. The undesirable system fea- tures, viewed here as the sum of situations, which are complementary to the desirable ones, must be taken into ac- count in the system development process from the very beginning in assuring a stable system behavior and a robust operation. In this respect, this presentation proposes an event-based approach to modeling, analysis and testing of systems that exhibit various forms of vulnerabilities, in particular, those encountered in user interface design and safety critical systems. The emphasis of the work is on the holistic treatment of both desirable and undesirable sys- tem features in a similar manner at an identical level of abstraction.

The presentation introduces an elementary test terminology, based on finite-state automata theory and Petri nets, and demonstrates the applicability as well as the effectiveness of the approach using realistic examples drawn from dif- ferent domains.

Biography

Fevzi completed a PhD in formal methods for verifying software systems at Berlin Technical University in. He spent several years as a software engineer Munich, writing programs to test other programs. After a brief stint as a senior scientist at the SHAPE Technical Center of NATO at The Hague, he became in 1989 a professor at a major German university. He also works as a consultant, providing specialist validation and verification services to a number of large compa- nies. He has an interest and experience in model-based testing, requirements validation, review and inspection, test automation and practical light-weight formal methods. He was general chair and program chair of and invited speaker at several IEEE and ACM conferences on those topics. Please visit here for publications.