Follow us:
  • Follow us on Facebook
  • Follow us on Twitter
  • Follow us on Linked In
CEED
Student Login

  New Student Signup  |  Lost Password

Automation of Security Mutation Generation and Test Suite Evaluation for Java

Oracle Labs #1

Return to List

Open Posted: 11 May 17. Closes: 30 May 17 Available: Semester 2 (Jul - Nov)

Semester 2 2017 + summer vacation + Semester 1 2018 


Note: students must be able to enrol in thesis/project spread across Semester 2 + 1; as well available whole of summer vacation. These are requirements for this project.

This project will suit final year / Masters students in Software Engineering / Computer Science / IT - with strong programming skills (Java) and a very solid understanding of data structures and algorithms (Grade 6 or 7 in relevant subject/s).

The successful applicant will receive a $9,000 scholarship + academic credit (24cps - QUT; 4 units - UQ).  You must be available to work on the project onsite for 2 days/week during semester 2 + 1; plus 5 days/week over the entire summer vacation period.

APPLICANTS NOTE: you must include your academic transcript/s inside your resume (undergrad + Masters if applicable) - before Oracle Labs will consider your application. Also include your student number.

Location: Brisbane CBD QLD
Categories: Information Technology, Electrical Engineering

Project Background / Description

Security testing is a challenging activity as: 1) it is not possible to test all behaviors and 2) the attacker only needs to find one flaw to exploit the system.

It is therefore important to evaluate the quality of a test-suite with respect to security issues. A good test-suite must detect flaws that could potentially be exploited.

Mutation testing is a well known technique to evaluate test-suites. The purpose of a test is to distinguish good behavior from bad. Mutation testing defines mutation operators which modify an input program to generate variants. A good test suite will then be able to distinguish the original program from the variants. If there is a variant that cannot be distinguished then the test suite might require revision. The variants give insight into the changes required for the test suite.

The aim is be to take specific mutation operators and automatically generate mutants of a given Java program.  All these generated programs must be tested against a given test suite and the outputs compared against the output of the original program and calculate the mutation kill-ratio. It would also be desirable if system could help identify equivalent mutants.

The project could use any existing tool such as muJava (https://cs.gmu.edu/~offutt/mujava/),

Jumble (http://jumble.sourceforge.net/) or PIT (http://pitest.org/) as the starting point.

Company

Oracle offers a comprehensive and fully integrated stack of cloud applications, platform services, and engineered systems.  With more than 400,000 customers—including 100 of the Fortune 100—in more than 145 countries, Oracle provides a complete technology stack both in the cloud and in the data centre.

Oracle’s industry-leading cloud-based and on-premises solutions give customers complete deployment flexibility and unmatched benefits including application integration, advanced security, high availability, scalability, energy efficiency, powerful performance, and low total cost of ownership.

For more information about Oracle, visit oracle.com.

Oracle Labs

Oracle Labs is the research division of Oracle.  It focuses on applied research to produce new technologies of interest to the company.

Oracle Labs Australia (http://labs.oracle.com/locations/australia), based in Brisbane, specialises in Program Analysis in a variety of domains, including bug-checking, productivity tools, security analysis, testing, and more. The Brisbane team hit the headlines with its research on static code analysis that lead to scalable and precise bug-checking algorithms embedded in the Parfait tool.

How Oracle helps CEED students

We link you up with an experienced supervisor on the Brisbane team. They will work closely with you, helping you grow your skills-really practical skills you can put to work in real-world situations.

Objectives / Tasks / Project Outcomes

  • Scope the project based on the groups interests/strengths and the requirements of Oracle Labs.
  • Study the Java security model and understand where flaws could arise.
  • Study existing mutation operators for testing Java programs.
  • Study the existing mutation operators that are specific to security in Java.
  • Study the key features of existing mutation testing tools
  • Design and implement a mechanism to generate variants given a set of mutation operators.
  • Execute existing test suites against variants and compute relevant statistics
  • Write a detailed report on work undertaken
  • Given a presentation to the group on work done

 

At the end of the project the students would have developed an understanding of the state of the art use of mutation testing in security. They will also get an exposure to the research process necessary to tackle open ended problems.

Skills / Experience Required

  • Strong understanding of Java
  • Strong understanding of data-structures and algorithms
  • Excellent problem solving skills
  • Good understanding of software engineering principles
  • Experience with Unix-based systems
  • Ability to work independently as well as in small groups

Return to List

Subscribe to e-newsletter