Project description
Automated test case generation to identify security threats
What security-related mistakes do software developers make and why do they make them? The answer to this will assist in forming a much-needed theoretical framework for the field of security testing, which identifies threats and measures vulnerabilities in software applications. The EU-funded EAST project will design new techniques that can be used to automatically generate test cases for large web/enterprise systems and that can find common types of security threats. Specifically, the tools and techniques developed in the EAST project will assist in studying and broadening our understanding of what kinds of security-related mistakes developers make in practice. Ultimately, it will contribute to software engineering, evolutionary computation and computer security, especially in developing breakthroughs in investigating the so-called oracle problem, which determines whether a test has passed or failed.
Objective
--------------------
With the EAST project, I aim to improve our understanding of the intrinsic characteristics of web/enterprise systems related to their security. I will achieve it by designing novel techniques that are able to scale to automatically generate test cases for large web/enterprise systems, and that can automatically find common types of security threats. This is a necessary stepping stone before reaching the high risk / high impact goal of designing testing systems that can adapt and learn, finding classes of security threats for which currently there is no automated solution due to the oracle-problem.
I will contribute towards this goal by constructing and studying classes of co-evolutionary algorithms that evolve in competition in separate populations of test cases for graphical user interfaces (e.g. web app GUIs) and direct network calls (e.g. HTTP).
The tools and techniques developed in the EAST project will be instrumental to study and broaden our understanding of what kinds of security-related mistakes do developers make in practice, and why they are made. Such scientific knowledge will be at the base to form a so much needed theoretical framework for the field of security testing.
The project will contribute to software engineering (insight in web/enterprise systems and automated methods for system testing), evolutionary computation (in particular co-evolutionary algorithms for the domain of software test generation), and computer security (in particular developing breakthroughs in investigating the so-called oracle-problem).
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
You need to log in or register to use this function
We are sorry... an unexpected error occurred during execution.
You need to be authenticated. Your session might have expired.
Thank you for your feedback. You will soon receive an email to confirm the submission. If you have selected to be notified about the reporting status, you will also be contacted when the reporting status will change.
Keywords
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
H2020-EU.1.1. - EXCELLENT SCIENCE - European Research Council (ERC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
ERC-COG - Consolidator Grant
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) ERC-2019-COG
See all projects funded under this callHost institution
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
0107 Oslo
Norway
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.