Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Metamorphic Testing for Cybersecurity

Published

Author(s)

Tsong Yueh Chen, Fei-Ching Kuo, Wenjuan Ma, Willy Susilo, Dave Towey, Jeffrey M. Voas, Zhi Q. Zhou

Abstract

Testing is a major approach for the detection of software defects, including security vulnerabilities. This article introduces metamorphic testing (MT), a relatively new testing method, and discusses how the new perspective of MT can help to conduct negative testing as well as to alleviate the oracle problem in the testing of security-related functionality and behavior. As demonstrated by the effectiveness of MT in detecting previously unknown bugs in real-world critical applications such as compilers and code obfuscators, we conclude that software testing should be conducted from diverse perspectives in order to achieve greater cybersecurity.
Citation
Computer (IEEE Computer)
Volume
49
Issue
6

Keywords

cybersecurity, metamorphic testing, test oracles, fuzz testing, correctness
Created June 27, 2016, Updated November 10, 2018